ISS RealSecure Network Sensor Policy
[ issPolicy v1.01 | http://packet.sequenced.org/projects/isspolicy ]



POLICY INFORMATION

   Policy File: policies/AttackDetector.policy
   Policy Name: Attack Detector
   Policy Version: 7.0.2003.59
   Sensor Type: RealSecure Network Sensor (v7.0)


SIGNATURES POLICY

Response Summary Legend: DISPLAY | LOGDB | EMAIL | SNMP | RSKILL | OPSEC | LOGEVIDENCE | VIEWSESSION

Signature Name	Signature Description	Signature Status	Signature Priority	Response Summary	Log
AIX_Pdnsd_Overflow	AIX pdnsd buffer overflow	Enabled	HIGH		LogWithoutRaw
AOLIM_AddExternalApp_Overflow	AOL Instant Messenger AddExternalApp Overflow	Enabled	HIGH		LogWithoutRaw
AOLIM_File_Xfer	AOL Instant Messenger file transfer	Disabled	LOW		LogWithoutRaw
AOLIM_GameRequest_Overflow	AOL Instant Messenger game request overflow	Enabled	HIGH		LogWithoutRaw
AOLIM_Login	AOL Instant Messenger login	Disabled	LOW		LogWithoutRaw
AOLIM_Message	AOL Instant Messenger message	Disabled	LOW		LogWithoutRaw
AOLIM_Password_Change	AOL Instant Messenger password change	Disabled	LOW		LogWithoutRaw
AOLIM_Trillian_Encrypt_Handshake	Trillian encrypted messaging handshake	Disabled	LOW		LogWithoutRaw
AOL_Instant_Messenger_Overflow	AOL Instant Messenger overflow	Enabled	MEDIUM		LogWithoutRaw
AUDIT_DNS_Version_Request	Bind Version Information Requested	Disabled	LOW		LogWithoutRaw
Allaire_JRun_JSP_Execute	Allaire JRun JSP execution	Enabled	HIGH		LogWithoutRaw
Allaire_JRun_SSIFilter	Allaire JRun SSIFilter servlet	Enabled	HIGH		LogWithoutRaw
Allaire_JRun_Sample_Files	Allaire JRun sample files	Enabled	MEDIUM		LogWithoutRaw
Allaire_JRun_WebInf_DotSlash	Allaire JRun WEB-INF /./ exploit	Enabled	MEDIUM		LogWithoutRaw
Allaire_JRun_WebInf_SlashSlash	Allaire JRun WEB-INF double slash allows remote file access	Enabled	MEDIUM		LogWithoutRaw
AntiSniff_ARP_Test	Anti-Sniff ARP packet test detection	Enabled	MEDIUM		LogWithoutRaw
AntiSniff_DNS_Test	Anti-Sniff DNS packet test detection	Enabled	MEDIUM		LogWithoutRaw
AolAdmin_Response	AolAdmin Backdoor	Enabled	HIGH		LogWithoutRaw
Ascend_Kill	Ascend kill denial of service attack	Enabled	MEDIUM		LogWithoutRaw
Ascend_Kill_II	Ascend Attack	Enabled	MEDIUM		LogWithoutRaw
Asylum_Response	Asylum Backdoor	Enabled	HIGH		LogWithoutRaw
Audit_TFTP_Get_Filename	TFTP Get Filename	Disabled	MEDIUM		LogWithoutRaw
Avaya_Cajun_Default_SNMP	Avaya SNMP agent back door community string	Enabled	HIGH		LogWithoutRaw
BGP_Illegal_Size	Illegal size BGP message or parameter	Enabled	LOW		LogWithoutRaw
BGP_New_Route	BGP new route advertisement	Disabled	LOW		LogWithoutRaw
BGP_Notify_Msg	BGP notification message	Disabled	LOW		LogWithoutRaw
BGP_Route_Unreachable	BGP route has become unreachable	Disabled	LOW		LogWithoutRaw
BOOTP_Remote_Overflow	BOOTP File Overflow	Enabled	HIGH		LogWithoutRaw
BackConstruction_Response	BackConstruction backdoor	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Auth_Request	Back Orifice 2000 ping	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Auth_Response	Back Orifice 2000 auth	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Request	Back Orifice 2000 command	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_TCP_Response	Back Orifice 2000 response	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Auth_Request	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Auth_Response	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Request	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice2K_UDP_Response	BackOrifice 2000 command decodes	Enabled	HIGH		LogWithoutRaw
BackOrifice_Ping	Back Orifice ping	Enabled	HIGH		LogWithoutRaw
BackOrifice_Request	Back Orifice scan	Enabled	HIGH		LogWithoutRaw
BackOrifice_Response	Back Orifice response	Enabled	HIGH		LogWithoutRaw
Backdoor2_Response	Backdoor2 Backdoor	Enabled	HIGH		LogWithoutRaw
BigGluck_Response	BigGluck Backdoor	Enabled	HIGH		LogWithoutRaw
BioNet_Response	Bionet trojan horse activity	Enabled	HIGH		LogWithoutRaw
Blazer5_Response	Blazer5 Backdoor	Enabled	HIGH		LogWithoutRaw
Boink	Boink DoS	Enabled	HIGH		LogWithoutRaw
Bonk	Bonk DoS	Enabled	HIGH		LogWithoutRaw
Bootparam	rpc.bootparam whoami mismatch	Enabled	LOW		LogWithoutRaw
Bugs_Response	Bugs Backdoor	Enabled	HIGH		LogWithoutRaw
Cerebus_Scanner	Cerebus Scan	Enabled	HIGH		LogWithoutRaw
Chargen_Denial_of_Service	Chargen denial of service attack	Enabled	MEDIUM		LogWithoutRaw
Chupacabra_Request	Chupacabra Backdoor	Enabled	HIGH		LogWithoutRaw
Cisco_CR_DoS	Cisco Carriage Return Denial of Service	Enabled	MEDIUM		LogWithoutRaw
Cisco_Cable_Docsis_SNMP_Community	Cisco IOS cable-docsis hidden SNMP community string	Enabled	HIGH		LogWithoutRaw
Cisco_ILMI_SNMP_Community	Cisco IOS "ILMI" hidden SNMP community string	Enabled	HIGH		LogWithoutRaw
Cisco_Ident	Cisco identification port activity	Enabled	LOW		LogWithoutRaw
Coma_Response	Coma Backdoor	Enabled	HIGH		LogWithoutRaw
ConnectionBackdoor_Response	Connection Backdoor	Enabled	HIGH		LogWithoutRaw
Corrupt_IP_Options	Corrupt IP options	Enabled	MEDIUM		LogWithoutRaw
CrazzyNet_Response	CrazzyNet Backdoor	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_HTTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_ICMP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_RPC	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_Radius	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_SMTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
CyberCop_Scanner_TFTP	CyberCop Scanner decode	Enabled	HIGH		LogWithoutRaw
DHCP_Ack	DHCP Ack	Disabled	LOW		LogWithoutRaw
DHCP_Discover	DHCP Discover	Disabled	LOW		LogWithoutRaw
DHCP_Domain_Metachar	DHCP Domain Metachar	Enabled	HIGH		LogWithoutRaw
DHCP_Minires_Format_Overflow	DHCP Minires library format string overflow	Enabled	HIGH		LogWithoutRaw
DHCP_Request	DHCP Request	Disabled	LOW		LogWithoutRaw
DNS_Address_Length	DNS Internet not 4 bytes	Enabled	HIGH		LogWithoutRaw
DNS_Antisniff_Overflow	AntiSniff DNS exploit	Enabled	HIGH		LogWithoutRaw
DNS_Bind_OPT_DoS	DNS BIND OPT large UDP payload size	Enabled	LOW		LogWithoutRaw
DNS_Bind_SIG_Overflow	DNS BIND SIG response buffer overflow	Enabled	HIGH		LogWithoutRaw
DNS_Chaos_Request	DNS Chaos lookup	Enabled	LOW		LogWithoutRaw
DNS_Crack_Success	DNS crack successful	Enabled	HIGH		LogWithoutRaw
DNS_Excessive_Requests	Excessive DNS requests	Enabled	MEDIUM		LogWithoutRaw
DNS_Format_String	DNS name overflow contains %	Enabled	MEDIUM		LogWithoutRaw
DNS_Generic_Intel_Overflow	DNS Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
DNS_HInfo	DNS HINFO query	Enabled	LOW		LogWithoutRaw
DNS_Hostname_Overflow	DNS name overflow	Enabled	HIGH		LogWithoutRaw
DNS_Hostname_Overflow_Verylong	DNS name overflow very long	Enabled	HIGH		LogWithoutRaw
DNS_IQuery	DNS IQUERY	Enabled	MEDIUM		LogWithoutRaw
DNS_IQuery_bo	DNS I-Query exploit	Enabled	HIGH		LogWithoutRaw
DNS_Malformed	DNS malformed	Enabled	LOW		LogWithoutRaw
DNS_NULL_Query	DNS null	Enabled	LOW		LogWithoutRaw
DNS_NXT_Overflow	DNS NXT record overflow	Enabled	HIGH		LogWithoutRaw
DNS_NonInternet	DNS non-Internet lookup	Enabled	LOW		LogWithoutRaw
DNS_Poison	DNS cache poison	Enabled	MEDIUM		LogWithoutRaw
DNS_Query_All	DNS dump All requests	Disabled	MEDIUM		LogWithoutRaw
DNS_Spoof_Failed	DNS spoof attempt	Enabled	MEDIUM		LogWithoutRaw
DNS_Spoof_Success	DNS spoof successful	Enabled	MEDIUM		LogWithoutRaw
DNS_TSIG_Overflow	DNS TSIG name overflow	Enabled	HIGH		LogWithoutRaw
DNS_Version_Request	DNS BIND version request	Enabled	LOW		LogWithoutRaw
DNS_VirusScanTrojan	DNS VirusScanTrojan	Enabled	HIGH		LogWithoutRaw
DNS_Zero_Size_UDP	Argent Office denial of service attack	Enabled	LOW		LogWithoutRaw
DNS_Zone_Transfer	DNS Zone transfers	Enabled	MEDIUM		LogWithoutRaw
DNS_Zonexfer_High	DNS Zone Xfer from high port number	Enabled	LOW		LogWithoutRaw
DeepThroat_Response	DeepThroat Backdoor	Enabled	HIGH		LogWithoutRaw
DeltaSource_Response	DeltaSource Backdoor	Enabled	HIGH		LogWithoutRaw
Devil_Request	Devil Backdoor	Enabled	HIGH		LogWithoutRaw
Doly_Response	Doly Backdoor	Enabled	HIGH		LogWithoutRaw
DonaldDick_Response	Donald Dick Backdoor	Enabled	HIGH		LogWithoutRaw
Dtspcd_Overflow	Dtspcd Overflow	Enabled	HIGH		LogWithoutRaw
EMail_Generic_Intel_Overflow	EMAIL Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
Echo_Denial_of_Service	Echo_Denial_of_Service_With_Src_and_Dst_of_7	Enabled	MEDIUM		LogWithoutRaw
Echo_Reply_Without_Request	Echo reply without request	Enabled	LOW		LogWithoutRaw
Email_Almail_Overflow	E-Mail ALMail pop3 overflow in smtp processing code	Enabled	MEDIUM		LogWithoutRaw
Email_Amavis_Exec	AMaViS EMail Command Execute	Enabled	HIGH		LogWithoutRaw
Email_Auth_Failed	SMTP login failed	Enabled	LOW		LogWithoutRaw
Email_Auth_Overflow	SMTP Auth Overflow	Enabled	MEDIUM		LogWithoutRaw
Email_BioNet	BioNet backdoor email alert	Enabled	HIGH		LogWithoutRaw
Email_Command_Overflow	SMTP command overflow	Enabled	LOW		LogWithoutRaw
Email_Data	Report SMTP e-mail message body	Disabled	LOW		LogWithoutRaw
Email_Debug	E-mail debug attack	Enabled	HIGH		LogWithoutRaw
Email_Decode	SMTP mail to decode alias	Enabled	HIGH		LogWithoutRaw
Email_Ehlo	E-mail SMTP Ehlo info leak	Disabled	LOW		LogWithoutRaw
Email_Encap_Exch_Relay	STMP encapsulated Exchange relay	Enabled	LOW		LogWithoutRaw
Email_Encap_Relay	SMTP encapsulated relay	Enabled	LOW		LogWithoutRaw
Email_Envid_Overflow	SMTP ENVID overflow	Enabled	MEDIUM		LogWithoutRaw
Email_Error	E-Mail too many errors	Enabled	LOW		LogWithoutRaw
Email_ExchangeStore_DoS	Microsoft Exchange Server DoS	Enabled	MEDIUM		LogWithoutRaw
Email_Expn	Decode SMTP Expn: line	Enabled	MEDIUM		LogWithoutRaw
Email_Expn_Overflow	SMTP Expn Overflow	Enabled	HIGH		LogWithoutRaw
Email_False_Attachment	E-Mail false attachment	Enabled	MEDIUM		LogWithoutRaw
Email_From	Decode SMTP From: line	Disabled	LOW		LogWithoutRaw
Email_From_Overflow	E-Mail FROM: field overflow	Enabled	HIGH		LogWithoutRaw
Email_Helo_Overflow	SMTP login name overflow	Enabled	HIGH		LogWithoutRaw
Email_Invalid_Command	SMTP corrupted MAIL command	Enabled	LOW		LogWithoutRaw
Email_Listserv_Overflow	SMTP Listserv Overflow	Enabled	HIGH		LogWithoutRaw
Email_Lotus_Domino	Lotus_Domino_SMTP_Overflow	Enabled	HIGH		LogWithoutRaw
Email_Mime_Filename	SMTP MIME filename	Disabled	LOW		LogWithoutRaw
Email_Mime_Filename_Blanks	SMTP MIME filename repeated blanks	Enabled	MEDIUM		LogWithoutRaw
Email_Mime_Filename_Chars	SMTP MIME filename repeated chars	Enabled	MEDIUM		LogWithoutRaw
Email_Mime_Filename_Overflow	E-Mail MIME file name overflow	Enabled	HIGH		LogWithoutRaw
Email_Mime_Name_Overflow	E-Mail MIME name overflow	Enabled	HIGH		LogWithoutRaw
Email_Mime_Null	E-Mail MIME null character set	Enabled	MEDIUM		LogWithoutRaw
Email_Name_Overflow	SMTP email name overflow	Enabled	MEDIUM		LogWithoutRaw
Email_Outlook_Date_Overflow	E-Mail Outlook Date overflow	Enabled	HIGH		LogWithoutRaw
Email_Pipe	SMTP pipe in mail address	Enabled	HIGH		LogWithoutRaw
Email_Qmail_Length	SMTP Qmail length denial of service attack	Enabled	LOW		LogWithoutRaw
Email_Qmail_Rcpt	SMTP Qmail RCPT denial of service attack	Enabled	MEDIUM		LogWithoutRaw
Email_Rcpt_TooManyQuotes	Netscape Directory Server buffer overflow	Enabled	HIGH		LogWithoutRaw
Email_Recipient_Dot	SMTP Recipient with trailing dot	Enabled	MEDIUM		LogWithoutRaw
Email_Recipient_Overflow	SMTP Too many recipients	Enabled	MEDIUM		LogWithoutRaw
Email_Relay_Attempt	SMTP relay attempt	Enabled	MEDIUM		LogWithoutRaw
Email_Relay_Spam	Decode SMTP Relay % SPAM	Enabled	MEDIUM		LogWithoutRaw
Email_ReplyTo_Executable	E-Mail "Reply-To:" is an executable	Enabled	MEDIUM		LogWithoutRaw
Email_Rpmmail_Alias	SMTP mail to rpmmail alias	Enabled	HIGH		LogWithoutRaw
Email_ServerID	SMTP Server ID	Disabled	LOW		LogWithoutRaw
Email_SubSeven	SubSeven backdoor email alert	Enabled	HIGH		LogWithoutRaw
Email_Subject	Decode E-Mail Subject: line	Disabled	LOW		LogWithoutRaw
Email_To	Decode SMTP To: line	Disabled	LOW		LogWithoutRaw
Email_To_Dot_Dot	aVirt create directory vulnerability	Enabled	MEDIUM		LogWithoutRaw
Email_Turn	E-mail SMTP Turn attack	Enabled	MEDIUM		LogWithoutRaw
Email_UUDecode_Alias	SMTP mail to uudecode alias	Enabled	HIGH		LogWithoutRaw
Email_VCF_Overflow	VCF attachment overflow	Enabled	MEDIUM		LogWithoutRaw
Email_Virus_Double_Extension	Email attachment has double extension	Enabled	MEDIUM		LogWithoutRaw
Email_Virus_Iloveyou	ILOVEYOU worm	Enabled	HIGH		LogWithoutRaw
Email_Virus_Melissa	Melissa virus	Enabled	HIGH		LogWithoutRaw
Email_Virus_PICTURE_EXE	Email PICTURE.EXE virus	Enabled	MEDIUM		LogWithoutRaw
Email_Virus_Papa	Papa virus	Enabled	HIGH		LogWithoutRaw
Email_Virus_exploreZip	ExploreZip worm	Enabled	HIGH		LogWithoutRaw
Email_Virus_investigator	Keystrokes monitored	Enabled	HIGH		LogWithoutRaw
Email_Vrfy	SMTP VRFY command	Enabled	MEDIUM		LogWithoutRaw
Email_Vrfy_Overflow	Decode SMTP Vrfy Overflow attacks	Enabled	HIGH		LogWithoutRaw
Email_WIZ	E-mail WIZ attack	Enabled	HIGH		LogWithoutRaw
Email_Xchg_Auth	SMTP Xchg Auth	Disabled	HIGH		LogWithoutRaw
Email_Y3K	Y3K backdoor email alert	Enabled	HIGH		LogWithoutRaw
EventHorizon_Request	EventHorizon Backdoor	Enabled	HIGH		LogWithoutRaw
EvilFTP_Response	EvilFTP trojan horse activity	Enabled	HIGH		LogWithoutRaw
FSP_Delete_File	FSP protocol delete file	Disabled	MEDIUM		LogWithoutRaw
FSP_Detected	FSP protocol activity	Disabled	MEDIUM		LogWithoutRaw
FSP_Read_File	FSP protocol read file	Disabled	MEDIUM		LogWithoutRaw
FSP_Write_File	FSP protocol write file	Disabled	MEDIUM		LogWithoutRaw
FTP_AIX_Overflow	FTP AIX Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Args_Overflow	FTP command line overflow	Enabled	HIGH		LogWithoutRaw
FTP_Auth_Failed	FTP login failed	Enabled	MEDIUM		LogWithoutRaw
FTP_Command_Overflow	FTP command too long	Enabled	HIGH		LogWithoutRaw
FTP_Cwd_Overflow	FTP CWD directory overflow	Enabled	HIGH		LogWithoutRaw
FTP_Cwd_Root	FTP CWD ~root command	Enabled	HIGH		LogWithoutRaw
FTP_Cwd_Tilde	Solaris FTP server shadow file recovery	Enabled	MEDIUM		LogWithoutRaw
FTP_Cwd_concon	FTP server denial of service attack	Enabled	MEDIUM		LogWithoutRaw
FTP_Cwd_dotdot	FTP server traversal using CWD and dotdot	Enabled	MEDIUM		LogWithoutRaw
FTP_Cybercop_Scan	Cybercop FTP scan	Enabled	HIGH		LogWithoutRaw
FTP_Data_Overflow	FTP data too long	Enabled	MEDIUM		LogWithoutRaw
FTP_Delete_Very_Long	FTP DELE command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Delete_dotdot	FTP server traversal using DELE and dotdot	Enabled	MEDIUM		LogWithoutRaw
FTP_FileName_Bdl	FTP server traversal using .bdl file	Enabled	MEDIUM		LogWithoutRaw
FTP_File_Exec	FTP file exec exploit	Enabled	MEDIUM		LogWithoutRaw
FTP_Filename	FTP File Name	Disabled	LOW		LogWithoutRaw
FTP_Filename_Overflow	FTP file name overflow	Enabled	HIGH		LogWithoutRaw
FTP_Floppy_DoS	FTP server floppy drive denial of service attack	Enabled	MEDIUM		LogWithoutRaw
FTP_Fname_Eftp2	Encrypted FTP password disclosure	Enabled	MEDIUM		LogWithoutRaw
FTP_Fname_Lnk	FTP server traversal using .lnk file	Enabled	LOW		LogWithoutRaw
FTP_Format_String	FTP Site Exec Format Attack	Enabled	HIGH		LogWithoutRaw
FTP_Generic_Intel_Overflow	FTP Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Get	Decode FTP get file command	Disabled	LOW		LogWithoutRaw
FTP_Glob_Expansion	FTP Glob Expansion Characters	Enabled	HIGH		LogWithoutRaw
FTP_Glob_Implementation	FTP Glob Expansion Characters	Enabled	HIGH		LogWithoutRaw
FTP_Glob_TildeBrace_Vulns	FTP server vulnerable to args with ~ and {	Enabled	HIGH		LogWithoutRaw
FTP_Help_Overflow	FTP HELP Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Invalid_Port_Cmd	FTP invalid PORT command	Enabled	HIGH		LogWithoutRaw
FTP_List_dotdot	FTP server traversal using LIST and dotdot	Enabled	HIGH		LogWithoutRaw
FTP_Login_Overflow	FTP USER name overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mdtm_Very_Long	FTP MDTM command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mget_DotDot	FTP Mget DotDot	Enabled	MEDIUM		LogWithoutRaw
FTP_Mkd_Overflow	FTP MKD directory overflow	Enabled	HIGH		LogWithoutRaw
FTP_Mkdir	Decode FTP mkdir command	Disabled	LOW		LogWithoutRaw
FTP_Mlst_Very_Long	FTP MLST command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_NLST_Overflow	FTP NLST directory overflow	Enabled	MEDIUM		LogWithoutRaw
FTP_NetTerm_Dele_Overflow	FTP NetTerm Dele Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Dir_Overflow	FTP NetTerm Dir Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Ls_Overflow	FTP NetTerm Ls Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Mkd_Overflow	FTP NetTerm Mkd Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Pass_Overflow	FTP NetTerm Pass Overflow	Enabled	HIGH		LogWithoutRaw
FTP_NetTerm_Rmdir_Overflow	FTP NetTerm Rmdir Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Pass	Decode FTP password command	Disabled	MEDIUM		LogWithoutRaw
FTP_Passive_Very_Long	FTP PASV command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Password_Overflow	FTP password overflow	Enabled	HIGH		LogWithoutRaw
FTP_Pasv	FTP PASV command	Disabled	MEDIUM		LogWithoutRaw
FTP_Pasv_DOS	FTP Pasv DoS	Enabled	MEDIUM		LogWithoutRaw
FTP_Pipe	FTP pipe in filename	Enabled	HIGH		LogWithoutRaw
FTP_Port	FTP Port Command	Disabled	LOW		LogWithoutRaw
FTP_Port_Bounce	FTP PORT bounce to other system	Enabled	MEDIUM		LogWithoutRaw
FTP_Port_Very_Long	FTP PORT command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_PrivilegedBounce	FTP PrivilegedBounce	Enabled	MEDIUM		LogWithoutRaw
FTP_PrivilegedPort	FTP PORT restricted	Enabled	MEDIUM		LogWithoutRaw
FTP_ProFTPD	ProFTPD snprintf exploit	Enabled	HIGH		LogWithoutRaw
FTP_Put	Decode FTP put file command	Disabled	LOW		LogWithoutRaw
FTP_Restart_Very_Long	FTP REST command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Retr_Very_Long	FTP RETR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Retr_dotdot	FTP server traversal using RETR and dotdot	Enabled	MEDIUM		LogWithoutRaw
FTP_Rmd_Very_Long	FTP RMD command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Rnfr_Very_Long	FTP RNFR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Rnto_Very_Long	FTP RNTO command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Server_Identity	FTP Server Identity	Disabled	LOW		LogWithoutRaw
FTP_Site_Chown_Overflow	FTP Site Chown Overflow	Enabled	HIGH		LogWithoutRaw
FTP_Site_Cmd	FTP SITE EXEC command	Enabled	MEDIUM		LogWithoutRaw
FTP_Site_Cpwd	FTP Site Cpwd overflow attack	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec	FTP SITE EXEC exploit	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec_DotDot	FTP site exec .. attack	Enabled	HIGH		LogWithoutRaw
FTP_Site_Exec_Tar	FTP Site Exec Tar	Enabled	HIGH		LogWithoutRaw
FTP_Site_Pswd	FTP SITE PSWD exploit	Enabled	MEDIUM		LogWithoutRaw
FTP_Size_Very_Long	FTP SIZE command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Size_dotdot	FTP server traversal using SIZE and dotdot	Enabled	MEDIUM		LogWithoutRaw
FTP_Stat_Very_Long	FTP STAT command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Stor_Very_Long	FTP STOR command buffer overflow	Enabled	HIGH		LogWithoutRaw
FTP_Syst	FTP SYST command decode	Disabled	LOW		LogWithoutRaw
FTP_Tar_Exec	FTP compress exec exploit	Enabled	HIGH		LogWithoutRaw
FTP_Unix_Password_File	FTP passwd file	Enabled	HIGH		LogWithoutRaw
FTP_Unix_RemoteHost_File	FTP Remote Host File	Enabled	MEDIUM		LogWithoutRaw
FTP_User	Decode FTP username command	Disabled	LOW		LogWithoutRaw
FTP_Virus_Wm_Marker_A	W97M.Marker.a virus	Enabled	LOW		LogWithoutRaw
FTP_Windows_Drive_Path	FTP server traversal using windows drives	Enabled	LOW		LogWithoutRaw
FTP_Windows_INI_File	FTP win.ini file	Enabled	MEDIUM		LogWithoutRaw
FTP_Windows_PWL_File	FTP pwl file type	Enabled	HIGH		LogWithoutRaw
FTP_Windows_SAM_File	FTP sam file	Enabled	MEDIUM		LogWithoutRaw
FTP_ZIPCHK_Meta	FTP SITE ZIPCHK metacharacters	Enabled	MEDIUM		LogWithoutRaw
FTP_ZIPCHK_Overflow	FTP SITE ZIPCHK buffer overflow	Enabled	MEDIUM		LogWithoutRaw
FTP_dotdotdot	FTP server traversal using dotdotdot	Enabled	MEDIUM		LogWithoutRaw
FW1_Auth_As_Local	FireWall-1 misconfiguration allows manipulation of filter modules	Enabled	HIGH		LogWithoutRaw
FW1_Auth_Replay	FireWall-1 FWA1 authentication weakness	Enabled	LOW		LogWithoutRaw
FW1_GetTopology	FireWall-1 allows remote "get topology" requests without authentication	Enabled	LOW		LogWithoutRaw
FastTrack_Download	FastTrack Download	Disabled	LOW		LogWithoutRaw
Finger_Backdoor	Finger Backdoor	Enabled	MEDIUM		LogWithoutRaw
Finger_Command	Finger command	Enabled	HIGH		LogWithoutRaw
Finger_Enumeration	Finger Enumeration	Enabled	MEDIUM		LogWithoutRaw
Finger_Forwarding	Finger forwarding	Enabled	MEDIUM		LogWithoutRaw
Finger_Forwarding_DOS	Finger forwarding overflow	Enabled	MEDIUM		LogWithoutRaw
Finger_Generic_Intel_Overflow	Finger Generic Intel Overflow	Enabled	HIGH		LogWithoutRaw
Finger_List	Finger list	Enabled	LOW		LogWithoutRaw
Finger_Overflow	Finger overflow	Enabled	HIGH		LogWithoutRaw
Finger_Overflow_RTM	Finger RTM overflow	Enabled	MEDIUM		LogWithoutRaw
Finger_Scan	Finger Scan	Enabled	LOW		LogWithoutRaw
Finger_Search	Finger search	Enabled	LOW		LogWithoutRaw
Finger_User	Finger Attempt	Enabled	LOW		LogWithoutRaw
ForcedEntry_Response	ForcedEntry Backdoor	Enabled	HIGH		LogWithoutRaw
Fore_Response	Fore Backdoor	Enabled	HIGH		LogWithoutRaw
FragRoute_TCP_Chaff_PAWS	FragRoute tcp_chaff paws detected	Enabled	MEDIUM		LogWithoutRaw
Fraggle_Attack	Possible Fraggle attack initiated	Enabled	MEDIUM		LogWithoutRaw
Fragment_Differential_Overlap	IP fragment data changed	Enabled	MEDIUM		LogWithoutRaw
Fragment_Differential_Size	IP last fragment length changed	Enabled	LOW		LogWithoutRaw
Fragment_Resources_Exhausted	Too much IP fragmentation	Enabled	MEDIUM		LogWithoutRaw
Freak88_Response	Freak88 Backdoor	Enabled	HIGH		LogWithoutRaw
Frenzy_Response	Frenzy Backdoor	Enabled	HIGH		LogWithoutRaw
GateCrasher_Response	GateCrasher trojan horse activity	Enabled	HIGH		LogWithoutRaw
Gauntlet_CyberDaemon_Overflow	Gauntlet CyberDaemon proxy buffer overflow	Enabled	HIGH		LogWithoutRaw
Gauntlet_ICMP_DoS	ICMP Protocol Problem packet with encapsulated IP header with options	Enabled	HIGH		LogWithoutRaw
GayOL_Request	GayOL Backdoor	Enabled	HIGH		LogWithoutRaw
GirlFriend_Response	GirlFriend trojan horse activity	Enabled	HIGH		LogWithoutRaw
Glacier_Request	Glacier Backdoor	Enabled	HIGH		LogWithoutRaw
Glacier_Response	Glacier Backdoor	Enabled	HIGH		LogWithoutRaw
Gnutella_BearShare	Gnutella BearShare	Disabled	LOW		LogWithoutRaw
Gnutella_Connect	Gnutella connection	Disabled	LOW		LogWithoutRaw
Gnutella_Download	Gnutella file transfer	Disabled	LOW		LogWithoutRaw
Gnutella_LimeWire	Gnutella LimeWire	Disabled	LOW		LogWithoutRaw
Gnutella_Worm	Gnutella Worm	Enabled	HIGH		LogWithoutRaw
HPUX_RLPD_Overflow	HPUX RLPD buffer overflow	Enabled	HIGH		LogWithoutRaw
HP_OpenView_NNM_Overflow	HP OpenView Network Node Manager buffer overflow	Enabled	HIGH		LogWithoutRaw
HP_OpenView_SNMP_Backdoor	HP OpenView SNMP agent back door community string	Enabled	HIGH		LogWithoutRaw
HTTP_$DATA_Source_Disclosed	IIS source code disclosure	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_EasySetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_FilteringSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_FirmwareSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_ModemSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_RFSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SNMPSetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SecuritySetup	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw
HTTP_3com_AirConnect_SpecialFunctions	3com AirConnect configuration	Enabled	HIGH		LogWithoutRaw