Snort alerts

Snort-id	Signature	Classification
1002	WEB-IIS cmd.exe access	web-application-attack
1122	WEB-MISC /etc/passwd	attempted-recon
1214	WEB-MISC intranet access	attempted-recon
882	WEB-CGI calendar access	attempted-recon
119-4	http_inspect: BARE BYTE UNICODE ENCODING	unclassified
122-1	portscan: TCP Portscan	unclassified
122-27	portscan: Open Port	unclassified
122-3	portscan: TCP Portsweep	unclassified
119-2	http_inspect: DOUBLE DECODING ATTACK	unclassified
11687	WEB-MISC Apache SSI error page cross-site scripting	web-application-attack
486	ICMP Destination Unreachable Communication Administratively Prohibited	misc-activity
1852	WEB-MISC robots.txt access	web-application-activity
254	DNS SPOOF query response with TTL of 1 min. and no authority	bad-unknown
2229	WEB-PHP viewtopic.php access	web-application-attack
1042	WEB-IIS view source via translate header	web-application-activity
119-7	http_inspect: IIS UNICODE CODEPOINT ENCODING	unclassified
2566	WEB-PHP PHPBB viewforum.php access	web-application-activity
1254	WEB-PHP PHPLIB remote command attempt	attempted-user
2050	MS-SQL version overflow attempt	attempted-admin
2003	MS-SQL Worm propagation attempt	misc-attack
119-15	http_inspect: OVERSIZE REQUEST-URI DIRECTORY	unclassified
1301	WEB-PHP admin.php access	attempted-recon
2077	WEB-PHP Mambo upload.php access	web-application-activity
119-16	http_inspect: OVERSIZE CHUNK ENCODING	unclassified
477	ICMP Source Quench	bad-unknown
2281	WEB-PHP Setup.php access	web-application-activity
1288	WEB-FRONTPAGE /_vti_bin/ access	web-application-activity
1201	ATTACK-RESPONSES 403 Forbidden	attempted-recon
15472	WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt	attempted-user
-	ftp_pp: FTP command channel encrypted	protocol-command-decode
3463	WEB-CGI awstats access	web-application-activity
895	WEB-CGI redirect access	attempted-recon
486	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited	misc-activity
1893	SNMP missing community string attempt	misc-attack
-	ftp_pp: Telnet command on FTP command channel	protocol-command-decode
125-2	ftp_pp: Invalid FTP command	protocol-command-decode
125-7	ftp_telnet: FTP traffic encrypted
-	tag: Tagged Packet	unclassified
122:2	portscan: TCP Decoy Portscan	unclassified
2002	WEB-PHP remote include path	web-application-attack
116-55	snort_decoder: Truncated Tcp Options	non-standard-protocol
116-54	snort_decoder: Tcp Options found with bad lengths	non-standard-protocol
839	WEB-CGI finger access	attempted-recon
1156	WEB-MISC apache directory disclosure attempt	attempted-dos
119-3	http_inspect: U ENCODING	unclassified
853	WEB-CGI wrap access	attempted-recon
1668	WEB-CGI /cgi-bin/ access	web-application-attack
1391	WEB-MISC Phorecast remote code execution attempt	web-application-attack
122-25	portscan: ICMP Sweep	unclassified
939	WEB-FRONTPAGE posting	web-application-activity
1147	WEB-MISC cat%20 access	attempted-recon
122-4	portscan: TCP Distributed Portscan	unclassified
119-18	http_inspect: WEBROOT DIRECTORY TRAVERSAL	unclassified
2435	WEB-CLIENT Microsoft emf metafile access	attempted-user
969	WEB-IIS WebDAV file lock attempt	web-application-activity
2329	MS-SQL probe response overflow attempt	attempted-user
128-4	ssh: Protocol mismatch	unclassified
-	telnet_pp: Telnet data encrypted	protocol-command-decode
116-58	snort_decoder: Experimental TCP options	non-standard-protocol
123-8	frag3: Fragmentation overlap	unclassified
1599	WEB-CGI search.cgi access	web-application-activity
1418	SNMP request tcp	attempted-recon
1421	SNMP AgentX/tcp request	attempted-recon
8709	DNS Windows NAT helper components tcp denial of service attempt	misc-attack
106-4	spp_rpc_decode: Incomplete RPC segment	non-standard-protocol
1413	SNMP private access udp	attempted-recon
-	spp_rpc_decode: Multiple Records in one packet	non-standard-protocol
1070	WEB-MISC WebDAV search access	web-application-activity
1118	WEB-MISC ls%20-l	attempted-recon
11264	MS-SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt	attempted-admin
2144	WEB-PHP b2 cafelog gm-2-b2.php access	web-application-activity
2143	WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt	web-application-attack
15436	EXPLOIT IBM Tivoli Storage Manager Express Backup counter heap corruption attempt	attempted-admin
1142	WEB-MISC /.... access	attempted-recon
14602	EXPLOIT Borland Interbase open_marker_file overflow attempt	attempted-user
3813	WEB-CGI awstats.pl configdir command execution attempt	attempted-user
13711	MYSQL yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt	attempted-user
13713	MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt	attempted-user
13712	MYSQL yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt	attempted-user
3672	MYSQL client overflow attempt	misc-attack
-	ftp_pp: FTP parameter length overflow	attempted-admin
16291	WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt	attempted-user
-	ftp_pp: FTP malformed parameter	protocol-command-decode
579	RPC portmap mountd request UDP	rpc-portmap-decode
990	WEB-FRONTPAGE _vti_inf.html access	web-application-activity
2394	WEB-MISC Compaq web-based management agent denial of service attempt	web-application-attack
1199	WEB-MISC Compaq Insight directory traversal	web-application-attack
13519	EXPLOIT Citrix MetaFrame IMA buffer overflow attempt	attempted-admin
12610	WEB-PHP phpBB viewtopic double URL encoding attempt	web-application-attack

Récupérée de « http://www.aldeid.com/index.php/Snort-alerts »

Snort-alerts

Affichages

Snort alerts

Sécurité

Divers

Rechercher

Boîte à outils

Outils personnels