sid-msg.map

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

519 || TFTP parent directory || arachnids,137 || cve,1999-0183 || cve,2002-1209
520 || TFTP root directory || arachnids,138 || cve,1999-0183
521 || MISC Large UDP Packet || arachnids,247
522 || MISC Tiny Fragments
523 || BAD-TRAFFIC ip reserved bit set
524 || BAD-TRAFFIC tcp port 0 traffic
525 || BAD-TRAFFIC udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074
526 || BAD-TRAFFIC data in TCP SYN packet || url,www.cert.org/incident_notes/IN-99-07.html
527 || BAD-TRAFFIC same SRC/DST || bugtraq,2666 || cve,1999-0016 || url,www.cert.org/advisories/CA-1997-28.html
528 || BAD-TRAFFIC loopback traffic || url,rr.sans.org/firewall/egress.php
529 || NETBIOS DOS RFPoison || arachnids,454
530 || NETBIOS NT NULL session || arachnids,204 || bugtraq,1163 || cve,2000-0347
532 || NETBIOS SMB ADMIN$ share access
533 || NETBIOS SMB C$ share access
534 || NETBIOS SMB CD.. || arachnids,338
535 || NETBIOS SMB CD... || arachnids,337
536 || NETBIOS SMB D$ share access
537 || NETBIOS SMB IPC$ share access
538 || NETBIOS SMB IPC$ unicode share access
539 || NETBIOS Samba clientaccess || arachnids,341
540 || CHAT MSN message
541 || CHAT ICQ access
542 || CHAT IRC nick change
543 || POLICY FTP 'STOR 1MB' possible warez site
544 || POLICY FTP 'RETR 1MB' possible warez site
545 || POLICY FTP 'CWD / ' possible warez site
546 || POLICY FTP 'CWD  ' possible warez site
547 || POLICY FTP 'MKD  ' possible warez site
548 || POLICY FTP 'MKD .' possible warez site
549 || P2P napster login
550 || P2P napster new user login
551 || P2P napster download attempt
552 || P2P napster upload request
553 || POLICY FTP anonymous login attempt
554 || POLICY FTP 'MKD / ' possible warez site
555 || POLICY WinGate telnet server response || arachnids,366 || cve,1999-0657
556 || P2P Outbound GNUTella client request
557 || P2P GNUTella client request
558 || INFO Outbound GNUTella client request
559 || P2P Inbound GNUTella client request
560 || POLICY VNC server response
561 || P2P Napster Client Data
562 || P2P Napster Client Data
563 || P2P Napster Client Data
564 || P2P Napster Client Data
565 || P2P Napster Server Login
566 || POLICY PCAnywhere server response || arachnids,239
567 || POLICY SMTP relaying denied || arachnids,249 || url,mail-abuse.org/tsi/ar-fix.html
568 || POLICY HP JetDirect LCD modification attempt || arachnids,302 || bugtraq,2245
569 || RPC snmpXdmi overflow attempt TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html
570 || RPC EXPLOIT ttdbserv solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html
571 || RPC EXPLOIT ttdbserv Solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html
572 || RPC DOS ttdbserv Solaris || arachnids,241 || bugtraq,122 || cve,1999-0003
573 || RPC AMD Overflow || arachnids,217 || cve,1999-0704
574 || RPC mountd TCP export request || arachnids,26
575 || RPC portmap admind request UDP || arachnids,18
576 || RPC portmap amountd request UDP || arachnids,19
577 || RPC portmap bootparam request UDP || arachnids,16 || cve,1999-0647
578 || RPC portmap cmsd request UDP || arachnids,17
579 || RPC portmap mountd request UDP || arachnids,13
580 || RPC portmap nisd request UDP || arachnids,21
581 || RPC portmap pcnfsd request UDP || arachnids,22
582 || RPC portmap rexd request UDP || arachnids,23
583 || RPC portmap rstatd request UDP || arachnids,10
584 || RPC portmap rusers request UDP || arachnids,133 || cve,1999-0626
585 || RPC portmap sadmind request UDP || arachnids,20
586 || RPC portmap selection_svc request UDP || arachnids,25
587 || RPC portmap status request UDP || arachnids,15
588 || RPC portmap ttdbserv request UDP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
589 || RPC portmap yppasswd request UDP || arachnids,14
590 || RPC portmap ypserv request UDP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
591 || RPC portmap ypupdated request TCP || arachnids,125
592 || RPC rstatd query || arachnids,9
593 || RPC portmap snmpXdmi request TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html
595 || RPC portmap espd request TCP || bugtraq,2714 || cve,2001-0331
596 || RPC portmap listing || arachnids,429
597 || RPC portmap listing || arachnids,429
598 || RPC portmap listing TCP 111 || arachnids,428
599 || RPC portmap listing TCP 32771 || arachnids,429
600 || RPC EXPLOIT statdx || arachnids,442
601 || RSERVICES rlogin LinuxNIS
602 || RSERVICES rlogin bin || arachnids,384
603 || RSERVICES rlogin echo++ || arachnids,385
604 || RSERVICES rsh froot || arachnids,387
605 || RSERVICES rlogin login failure || arachnids,393
606 || RSERVICES rlogin root || arachnids,389
607 || RSERVICES rsh bin || arachnids,390
608 || RSERVICES rsh echo + + || arachnids,388
609 || RSERVICES rsh froot || arachnids,387
610 || RSERVICES rsh root || arachnids,391
611 || RSERVICES rlogin login failure || arachnids,392
612 || RPC rusers query UDP || cve,1999-0626
613 || SCAN myscan || arachnids,439
614 || BACKDOOR hack-a-tack attempt || arachnids,314
615 || SCAN SOCKS Proxy attempt || url,help.undernet.org/proxyscan/
616 || SCAN ident version request || arachnids,303
617 || SCAN ssh-research-scanner
618 || SCAN Squid Proxy attempt
619 || SCAN cybercop os probe || arachnids,146
620 || SCAN Proxy Port 8080 attempt
621 || SCAN FIN || arachnids,27
622 || SCAN ipEye SYN scan || arachnids,236
623 || SCAN NULL || arachnids,4
624 || SCAN SYN FIN || arachnids,198
625 || SCAN XMAS || arachnids,144
626 || SCAN cybercop os PA12 attempt || arachnids,149
627 || SCAN cybercop os SFU12 probe || arachnids,150
628 || SCAN nmap TCP || arachnids,28
629 || SCAN nmap fingerprint attempt || arachnids,05
630 || SCAN synscan portscan || arachnids,441
631 || SMTP ehlo cybercop attempt || arachnids,372
632 || SMTP expn cybercop attempt || arachnids,371
634 || SCAN Amanda client version request
635 || SCAN XTACACS logout || arachnids,408
636 || SCAN cybercop udp bomb || arachnids,363
637 || SCAN Webtrends Scanner UDP Probe || arachnids,308
638 || SHELLCODE SGI NOOP || arachnids,356
639 || SHELLCODE SGI NOOP || arachnids,357
640 || SHELLCODE AIX NOOP
641 || SHELLCODE Digital UNIX NOOP || arachnids,352
642 || SHELLCODE HP-UX NOOP || arachnids,358
643 || SHELLCODE HP-UX NOOP || arachnids,359
644 || SHELLCODE sparc NOOP || arachnids,345
645 || SHELLCODE sparc NOOP || arachnids,353
646 || SHELLCODE sparc NOOP || arachnids,355
647 || SHELLCODE sparc setuid 0 || arachnids,282
648 || SHELLCODE x86 NOOP || arachnids,181
649 || SHELLCODE x86 setgid 0 || arachnids,284
650 || SHELLCODE x86 setuid 0 || arachnids,436
651 || SHELLCODE x86 stealth NOOP || arachnids,291
652 || SHELLCODE Linux shellcode || arachnids,343
653 || SHELLCODE x86 0x90 unicode NOOP
654 || SMTP RCPT TO overflow || bugtraq,2283 || bugtraq,9696 || cve,2001-0260
655 || SMTP sendmail 8.6.9 exploit || arachnids,140 || bugtraq,2311 || cve,1999-0204
656 || SMTP EXPLOIT x86 windows CSMMail overflow || bugtraq,895 || cve,2000-0042
657 || SMTP chameleon overflow || arachnids,266 || bugtraq,2387 || cve,1999-0261
658 || SMTP exchange mime DOS || bugtraq,1869 || cve,2000-1006 || nessus,10558 || url,www.microsoft.com/technet/security/bulletin/MS00-082.mspx
659 || SMTP expn decode || arachnids,32 || cve,1999-0096 || nessus,10248
660 || SMTP expn root || arachnids,31 || cve,1999-0531 || nessus,10249
661 || SMTP majordomo ifs || arachnids,143 || bugtraq,2310 || cve,1999-0207
662 || SMTP sendmail 5.5.5 exploit || arachnids,119 || cve,1999-0203 || nessus,10258
663 || SMTP rcpt to command attempt || arachnids,172 || bugtraq,1 || cve,1999-0095
664 || SMTP RCPT TO decode attempt || arachnids,121 || bugtraq,2308 || cve,1999-0203
665 || SMTP sendmail 5.6.5 exploit || arachnids,122 || bugtraq,2308 || cve,1999-0203
666 || SMTP sendmail 8.4.1 exploit || arachnids,120
667 || SMTP sendmail 8.6.10 exploit || arachnids,123 || bugtraq,2311 || cve,1999-0204
668 || SMTP sendmail 8.6.10 exploit || arachnids,124 || bugtraq,2311 || cve,1999-0204
669 || SMTP sendmail 8.6.9 exploit || arachnids,142 || bugtraq,2311 || cve,1999-0204
670 || SMTP sendmail 8.6.9 exploit || arachnids,139 || bugtraq,2311 || cve,1999-0204
671 || SMTP sendmail 8.6.9c exploit || arachnids,141 || bugtraq,2311 || cve,1999-0204
672 || SMTP vrfy decode || arachnids,373 || bugtraq,10248 || cve,1999-0096
673 || MS-SQL sp_start_job - program execution
674 || MS-SQL xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
675 || MS-SQL xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
676 || MS-SQL/SMB sp_start_job - program execution
677 || MS-SQL/SMB sp_password password change
678 || MS-SQL/SMB sp_delete_alert log file deletion
679 || MS-SQL/SMB sp_adduser database user creation
680 || MS-SQL/SMB sa login failed || bugtraq,4797 || cve,2000-1209
681 || MS-SQL/SMB xp_cmdshell program execution
682 || MS-SQL xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
683 || MS-SQL sp_password - password change
684 || MS-SQL sp_delete_alert log file deletion
685 || MS-SQL sp_adduser - database user creation
686 || MS-SQL xp_reg* - registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034
687 || MS-SQL xp_cmdshell - program execution
688 || MS-SQL sa login failed || bugtraq,4797 || cve,2000-1209 || nessus,10673
689 || MS-SQL/SMB xp_reg* registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034
690 || MS-SQL/SMB xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
691 || MS-SQL shellcode attempt
692 || MS-SQL/SMB shellcode attempt
693 || MS-SQL shellcode attempt
694 || MS-SQL/SMB shellcode attempt
695 || MS-SQL/SMB xp_sprintf possible buffer overflow || bugtraq,1204 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx
696 || MS-SQL/SMB xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
697 || MS-SQL/SMB xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
698 || MS-SQL/SMB xp_proxiedmetadata possible buffer overflow || bugtraq,2042 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
699 || MS-SQL xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
700 || MS-SQL/SMB xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
701 || MS-SQL xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
702 || MS-SQL/SMB xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
703 || MS-SQL/SMB xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
704 || MS-SQL xp_sprintf possible buffer overflow || bugtraq,1204 || cve,2001-0542 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx
705 || MS-SQL xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
706 || MS-SQL xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
707 || MS-SQL xp_proxiedmetadata possible buffer overflow || bugtraq,2024 || cve,1999-0287 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
708 || MS-SQL/SMB xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
709 || TELNET 4Dgifts SGI account attempt || cve,1999-0501 || nessus,11243
710 || TELNET EZsetup account attempt || cve,1999-0501 || nessus,11244
711 || TELNET SGI telnetd format bug || arachnids,304 || bugtraq,1572 || cve,2000-0733
712 || TELNET ld_library_path || arachnids,367 || bugtraq,459 || cve,1999-0073
713 || TELNET livingston DOS || arachnids,370 || bugtraq,2225 || cve,1999-0218
714 || TELNET resolv_host_conf || arachnids,369 || bugtraq,2181 || cve,2001-0170
715 || TELNET Attempted SU from wrong group
716 || INFO TELNET access || arachnids,08 || cve,1999-0619 || nessus,10280
717 || TELNET not on console || arachnids,365
718 || INFO TELNET login incorrect || arachnids,127
719 || TELNET root login