| Signature Name | Signature Description | Signature Status | Signature Priority | Response Summary | Log | Drop | DynamicBlock |
| 6in4_Tunnel | An IPv6 over IPv4 6in4 tunnel has been detected | Disabled |  LOW |   | LogWithoutRaw
|
Disabled |
Disabled |
| AIX_Pdnsd_Overflow | AIX pdnsd buffer overflow | Enabled |  HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_AddExternalApp_Overflow | AOL Instant Messenger AddExternalApp Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_File_Xfer | AOL Instant Messenger file transfer | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_GameRequest_Overflow | AOL Instant Messenger game request overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_Login | AOL Instant Messenger login | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_Message | AOL Instant Messenger message | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_Password_Change | AOL Instant Messenger password change | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| AOLIM_Trillian_Encrypt_Handshake | Trillian encrypted messaging handshake | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| AOL_Instant_Messenger_Overflow | AOL Instant Messenger overflow | Enabled |  MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| ASP_Chunked_Overflow | IIS ASP Chunked Encoding Overflow | Enabled | HIGH |  | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| AUDIT_DNS_Version_Request | Bind Version Information Requested | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Allaire_JRun_JSP_Execute | Allaire JRun JSP execution | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Allaire_JRun_SSIFilter | Allaire JRun SSIFilter servlet | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Allaire_JRun_Sample_Files | Allaire JRun sample files | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Allaire_JRun_WebInf_DotSlash | Allaire JRun WEB-INF /./ exploit | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Allaire_JRun_WebInf_SlashSlash | Allaire JRun WEB-INF double slash allows remote file access | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Alvgus_Request | Alvgus Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Alvgus_Response | Alvgus Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Alvgus_TCP_Request | Alvgus Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Alvgus_TCP_Response | Alvgus Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Amanda_TCP_Response | Amanda trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| AntiSniff_ARP_Test | Anti-Sniff ARP packet test detection | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| AntiSniff_DNS_Test | Anti-Sniff DNS packet test detection | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| AolAdmin_Response | AolAdmin Backdoor | Enabled | HIGH |  | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Ascend_Kill | Ascend kill denial of service attack | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Ascend_Kill_II | Ascend Attack | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Asylum_Response | Asylum Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Audit_TFTP_Get_Filename | TFTP Get Filename | Disabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Avaya_Cajun_Default_SNMP | Avaya SNMP agent back door community string | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BDDT_TCP_Response | BDDT trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BGP_Illegal_Size | Illegal size BGP message or parameter | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| BGP_New_Route | BGP new route advertisement | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| BGP_Notify_Msg | BGP notification message | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| BGP_Route_Unreachable | BGP route has become unreachable | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| BOOTP_Remote_Overflow | BOOTP File Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackConstruction_Response | BackConstruction backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| BackDoor_TCP_Response | BackDoor trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| BackOrifice2K_TCP_Auth_Request | Back Orifice 2000 ping | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_TCP_Auth_Response | Back Orifice 2000 auth | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_TCP_Request | Back Orifice 2000 command | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_TCP_Response | Back Orifice 2000 response | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_UDP_Auth_Request | BackOrifice 2000 command decodes | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_UDP_Auth_Response | BackOrifice 2000 command decodes | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_UDP_Request | BackOrifice 2000 command decodes | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice2K_UDP_Response | BackOrifice 2000 command decodes | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice_Ping | Back Orifice ping | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice_Request | Back Orifice scan | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BackOrifice_Response | Back Orifice response | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Backage_TCP_Request | Backage Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Balistix_Request | Balistix Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Balistix_Response | Balistix Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BasicHell_TCP_Response | Basic Hell trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Beast_TCP_Response | Beast trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BigGluck_Response | BigGluck Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Bigorna_TCP_Response | Bigorna trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BioNet_Response | Bionet trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| BitTorrent_Get_Request | BitTorrent Get Request Detected | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| BitTorrent_Response | BitTorrent peer-to-peer activity | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Bla_Request | Bla Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BlackAngel_TCP_Response | Black Angel trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BladeRunner_TCP_Request | BladeRunner trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| BladeRunner_TCP_Response | BladeRunner trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Blazer5_Response | Blazer5 Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| BloodFestEvolution_TCP_Response | Blood Fest Evolution trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Boink | Boink DoS | Enabled | HIGH | | LogWithoutRaw
|
Packet
|
Disabled |
| Bonk | Bonk DoS | Enabled | HIGH | | LogWithoutRaw
|
Packet
|
Disabled |
| Bootparam | rpc.bootparam whoami mismatch | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Bugs_Response | Bugs Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Buschtrommel_TCP_Response | Buschtrommel trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Buttman_TCP_Request | Buttman trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Buttman_TCP_Response | Buttman trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Argumentx_Double_Free | CVS Argumentx Double Free | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Auth_User_Failure | CVS user login failed | Disabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Auth_User_Success | CVS user login success detected | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Directory_Double_Free | CVS Directory Request Double Free | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Notify_Underflow | CVS Notify Underflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Request_Argument_Overflow | CVS Request Argument Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Request_EntryLine_Overflow | CVS Request Entry Line Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Request_Option_Overflow | CVS Request Option Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Request_Path_Overflow | CVS Request Path Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CVS_Request_Tag_Overflow | CVS Request Tag Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Cafeini_TCP_Response | Cafeini trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Celine_TCP_Response | Celine trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cerebus_Scanner | Cerebus Scan | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cero_TCP_Response | Cero trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Chargen_Denial_of_Service | Chargen denial of service attack | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Chupacabra_Request | Chupacabra Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_CR_DoS | Cisco Carriage Return Denial of Service | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_Cable_Docsis_SNMP_Community | Cisco IOS cable-docsis hidden SNMP community string | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_H323_Overflow | H225.0v4 illegal length field overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_ILMI_SNMP_Community | Cisco IOS "ILMI" hidden SNMP community string | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_IOS_IPV4_DoS | Cisco IOS IPV4 DoS | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_IOS_OSPF_BO | Cisco OSPF IOS Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cisco_Ident | Cisco identification port activity | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Coma_Response | Coma Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| ConnectionBackdoor_Response | Connection Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Corrupt_IP_Options | Corrupt IP options | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| CrackDown_TCP_Response | CrackDown trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CrazzyNet_Response | CrazzyNet Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| CyberCop_Scanner_HTTP | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CyberCop_Scanner_ICMP | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CyberCop_Scanner_RPC | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CyberCop_Scanner_Radius | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CyberCop_Scanner_SMTP | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| CyberCop_Scanner_TFTP | CyberCop Scanner decode | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cyn_Request | Cyn trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cyn_Response | Cyn trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cyn_TCP_Request | Cyn trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Cyn_TCP_Response | Cyn trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DCOM_Large_Body_Extension | COM+ Large Body Extension | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DCOM_RemoteActivate | DCOM/COM+ Remote Activation request | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DCOM_RemoteGetClassObject_DoS | DCOM RemoteClassObject Denial-of-Service | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DCOM_Scada_Opc_Bind | DCOM SCADA OPC bind | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DCOM_Scada_Opc_Bo | DCOM SCADA OPC Buffer Overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DCOM_SystemActivation | COM+ ISystemActivation request | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DFchGrisch_TCP_Response | DFch Grisch trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Ack | DHCP Ack | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Discover | DHCP Discover | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Domain_Metachar | DHCP Domain Metachar | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Format_String_BO | DHCP printf style Format String | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Hostname_Overflow | DHCP Hostname overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Long_Discover_Message | DHCP Hostname overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Minires_Format_Overflow | DHCP Minires library format string overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DHCP_Request | DHCP Request | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Address_Length | DNS Internet not 4 bytes | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Antisniff_Overflow | AntiSniff DNS exploit | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Bind_OPT_DoS | DNS BIND OPT large UDP payload size | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Bind_SIG_Overflow | DNS BIND SIG response buffer overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DNS_Chaos_Request | DNS Chaos lookup | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Crack_Success | DNS crack successful | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Excessive_Requests | Excessive DNS requests | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Format_String | DNS name overflow contains % | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Generic_Intel_Overflow | DNS Generic Intel Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_HInfo | DNS HINFO query | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Hostname_Overflow | DNS name overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Hostname_Overflow_Verylong | DNS name overflow very long | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_IQuery | DNS IQUERY | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_IQuery_bo | DNS I-Query exploit | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Malformed | DNS malformed | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Malformed_CompressedName | DNS | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_NULL_Query | DNS null | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_NXT_Overflow | DNS NXT record overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DNS_NonInternet | DNS non-Internet lookup | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Poison | DNS cache poison | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Query_All | DNS dump All requests | Disabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Spoof_Failed | DNS spoof attempt | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Spoof_Success | DNS spoof successful | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_TSIG_Overflow | DNS TSIG name overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DNS_Version_Request | DNS BIND version request | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_VirusScanTrojan | DNS VirusScanTrojan | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_WINS_DoS | DNS/WINS DoS | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Windows_SMTP_Overflow | DNS Windows Server 2003 SMTP service overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| DNS_Zero_Size_UDP | Argent Office denial of service attack | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Zone_Transfer | DNS Zone transfers | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| DNS_Zonexfer_High | DNS Zone Xfer from high port number | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| DRat_TCP_Response | DRat trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DTr_TCP_Response | DTr trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Dameware_Detected | Dameware Detected | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Dameware_Obtain_Info | Dameware Obtain Info | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Dameware_Spoof_Overflow | DameWare spoofed packet buffer overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Danton_TCP_Response | Danton trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DarkConnectionInside_TCP_Request | Dark Connection Inside trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DarkConnectionInside_TCP_Response | Dark Connection Inside trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DeepThroat_Response | DeepThroat Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Packet
|
Disabled |
| DeltaSource_Response | DeltaSource Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Devil_Request | Devil Backdoor | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DigitalRootBeer_TCP_Request | Digital RootBeer trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| DirectConnect_Connect | Direct Connect connection | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Doly_Response | Doly Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| DonaldDick_Response | Donald Dick Backdoor | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| Dtspcd_Overflow | Dtspcd Overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| Duddie_TCP_Request | Duddie trojan horse activity | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| EMail_Generic_Intel_Overflow | EMAIL Generic Intel Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| EPolicy_Orchestrator_Format_String | EPolicy Orchestrator Format String | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| EPolicy_Orchestrator_Vulnerable_Server | EPolicy Orchestrator Vulnerable Server | Disabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Echo_Denial_of_Service | Echo_Denial_of_Service_With_Src_and_Dst_of_7 | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Echo_Reply_Without_Request | Echo reply without request | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Edonkey_Connect | Edonkey connection | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Edonkey_Download | Edonkey File Transfer | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Almail_Overflow | E-Mail ALMail pop3 overflow in smtp processing code | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Amavis_Exec | AMaViS EMail Command Execute | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Auth_Failed | SMTP login failed | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Auth_Overflow | SMTP Auth Overflow | Enabled | MEDIUM | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| Email_BioNet | BioNet backdoor email alert | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Command_Overflow | SMTP command overflow | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Data | Report SMTP e-mail message body | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Debug | E-mail debug attack | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Decode | SMTP mail to decode alias | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Ehlo | E-mail SMTP Ehlo info leak | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Encap_Exch_Relay | STMP encapsulated Exchange relay | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Encap_Relay | SMTP encapsulated relay | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Envid_Overflow | SMTP ENVID overflow | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Error | E-Mail too many errors | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_ExchangeStore_DoS | Microsoft Exchange Server DoS | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Executable_Extension | Email attachment has an executable extension | Enabled | MEDIUM |  | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Expn | Decode SMTP Expn: line | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Expn_Overflow | SMTP Expn Overflow | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| Email_False_Attachment | E-Mail false attachment | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_From | Decode SMTP From: line | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_From_Overflow | E-Mail FROM: field overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Helo_Overflow | SMTP login name overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_IE_HRAlign_Overflow | Internet Explorer HR Align buffer overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_IE_ObjectType_Overflow | Internet Explorer Object Type Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Invalid_Command | SMTP corrupted MAIL command | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Listserv_Overflow | SMTP Listserv Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Lotus_Domino | Lotus_Domino_SMTP_Overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Filename | SMTP MIME filename | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Filename_Blanks | SMTP MIME filename repeated blanks | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Filename_Chars | SMTP MIME filename repeated chars | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Filename_Overflow | E-Mail MIME file name overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Name_Overflow | E-Mail MIME name overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Mime_Null | E-Mail MIME null character set | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Name_Overflow | SMTP email name overflow | Enabled | MEDIUM | | LogWithoutRaw
|
ConnectionWithReset
|
Disabled |
| Email_Outlook_Date_Overflow | E-Mail Outlook Date overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Outlook_URL_Spoof | MS Outlook URL spoofing | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Pipe | SMTP pipe in mail address | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Potential_BO_Attachment | Potential buffer overflow in email attachment | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Qmail_Length | SMTP Qmail length denial of service attack | Enabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Qmail_Rcpt | SMTP Qmail RCPT denial of service attack | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Rcpt_TooManyQuotes | Netscape Directory Server buffer overflow | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Recipient_Dot | SMTP Recipient with trailing dot | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Recipient_Overflow | SMTP Too many recipients | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Relay_Attempt | SMTP relay attempt | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Relay_Spam | Decode SMTP Relay % SPAM | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_ReplyTo_Executable | E-Mail "Reply-To:" is an executable | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Rpmmail_Alias | SMTP mail to rpmmail alias | Enabled | HIGH | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_ServerID | SMTP Server ID | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_SubSeven | SubSeven backdoor email alert | Enabled | HIGH | | LogWithoutRaw
|
ConnectionWithReset
|
IsolateTrojan
|
| Email_Subject | Decode E-Mail Subject: line | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_To | Decode SMTP To: line | Disabled | LOW | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_To_Dot_Dot | aVirt create directory vulnerability | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
Disabled |
| Email_Turn | E-mail SMTP Turn attack | Enabled | MEDIUM | | LogWithoutRaw
|
Disabled |
EMAIL | 
SNMP | 
OPSEC | 
LOGEVIDENCE |