From aldeid
Jump to navigation Jump to search

Snort-id Signature Classification
1002 WEB-IIS cmd.exe access web-application-attack
1122 WEB-MISC /etc/passwd attempted-recon
1214 WEB-MISC intranet access attempted-recon
882 WEB-CGI calendar access attempted-recon
119-4 http_inspect: BARE BYTE UNICODE ENCODING unclassified
122-1 portscan: TCP Portscan unclassified
122-27 portscan: Open Port unclassified
122-3 portscan: TCP Portsweep unclassified
119-2 http_inspect: DOUBLE DECODING ATTACK unclassified
11687 WEB-MISC Apache SSI error page cross-site scripting web-application-attack
486 ICMP Destination Unreachable Communication Administratively Prohibited misc-activity
1852 WEB-MISC robots.txt access web-application-activity
254 DNS SPOOF query response with TTL of 1 min. and no authority bad-unknown
2229 WEB-PHP viewtopic.php access web-application-attack
1042 WEB-IIS view source via translate header web-application-activity
119-7 http_inspect: IIS UNICODE CODEPOINT ENCODING unclassified
2566 WEB-PHP PHPBB viewforum.php access web-application-activity
1254 WEB-PHP PHPLIB remote command attempt attempted-user
2050 MS-SQL version overflow attempt attempted-admin
2003 MS-SQL Worm propagation attempt misc-attack
119-15 http_inspect: OVERSIZE REQUEST-URI DIRECTORY unclassified
1301 WEB-PHP admin.php access attempted-recon
2077 WEB-PHP Mambo upload.php access web-application-activity
119-16 http_inspect: OVERSIZE CHUNK ENCODING unclassified
477 ICMP Source Quench bad-unknown
2281 WEB-PHP Setup.php access web-application-activity
1288 WEB-FRONTPAGE /_vti_bin/ access web-application-activity
1201 ATTACK-RESPONSES 403 Forbidden attempted-recon
15472 WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt attempted-user
- ftp_pp: FTP command channel encrypted protocol-command-decode
3463 WEB-CGI awstats access web-application-activity
895 WEB-CGI redirect access attempted-recon
486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited misc-activity
1893 SNMP missing community string attempt misc-attack
- ftp_pp: Telnet command on FTP command channel protocol-command-decode
125-2 ftp_pp: Invalid FTP command protocol-command-decode
125-7 ftp_telnet: FTP traffic encrypted
- tag: Tagged Packet unclassified
122:2 portscan: TCP Decoy Portscan unclassified
2002 WEB-PHP remote include path web-application-attack
116-55 snort_decoder: Truncated Tcp Options non-standard-protocol
116-54 snort_decoder: Tcp Options found with bad lengths non-standard-protocol
839 WEB-CGI finger access attempted-recon
1156 WEB-MISC apache directory disclosure attempt attempted-dos
119-3 http_inspect: U ENCODING unclassified
853 WEB-CGI wrap access attempted-recon
1668 WEB-CGI /cgi-bin/ access web-application-attack
1391 WEB-MISC Phorecast remote code execution attempt web-application-attack
122-25 portscan: ICMP Sweep unclassified
939 WEB-FRONTPAGE posting web-application-activity
1147 WEB-MISC cat%20 access attempted-recon
122-4 portscan: TCP Distributed Portscan unclassified
119-18 http_inspect: WEBROOT DIRECTORY TRAVERSAL unclassified
2435 WEB-CLIENT Microsoft emf metafile access attempted-user
969 WEB-IIS WebDAV file lock attempt web-application-activity
2329 MS-SQL probe response overflow attempt attempted-user
128-4 ssh: Protocol mismatch unclassified
- telnet_pp: Telnet data encrypted protocol-command-decode
116-58 snort_decoder: Experimental TCP options non-standard-protocol
123-8 frag3: Fragmentation overlap unclassified
1599 WEB-CGI search.cgi access web-application-activity
1418 SNMP request tcp attempted-recon
1421 SNMP AgentX/tcp request attempted-recon
8709 DNS Windows NAT helper components tcp denial of service attempt misc-attack
106-4 spp_rpc_decode: Incomplete RPC segment non-standard-protocol
1413 SNMP private access udp attempted-recon
- spp_rpc_decode: Multiple Records in one packet non-standard-protocol
1070 WEB-MISC WebDAV search access web-application-activity
1118 WEB-MISC ls%20-l attempted-recon
11264 MS-SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt attempted-admin
2144 WEB-PHP b2 cafelog gm-2-b2.php access web-application-activity
2143 WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt web-application-attack
15436 EXPLOIT IBM Tivoli Storage Manager Express Backup counter heap corruption attempt attempted-admin
1142 WEB-MISC /.... access attempted-recon
14602 EXPLOIT Borland Interbase open_marker_file overflow attempt attempted-user
3813 WEB-CGI configdir command execution attempt attempted-user
13711 MYSQL yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt attempted-user
13713 MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt attempted-user
13712 MYSQL yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt attempted-user
3672 MYSQL client overflow attempt misc-attack
- ftp_pp: FTP parameter length overflow attempted-admin
16291 WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt attempted-user
- ftp_pp: FTP malformed parameter protocol-command-decode
579 RPC portmap mountd request UDP rpc-portmap-decode
990 WEB-FRONTPAGE _vti_inf.html access web-application-activity
2394 WEB-MISC Compaq web-based management agent denial of service attempt web-application-attack
1199 WEB-MISC Compaq Insight directory traversal web-application-attack
13519 EXPLOIT Citrix MetaFrame IMA buffer overflow attempt attempted-admin
12610 WEB-PHP phpBB viewtopic double URL encoding attempt web-application-attack