snort = { # The name of the log format log.format.format_label = "Snort Log Format (syslog required)" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "network_device" # The log is in this format if any of the first ten lines match this regular expression # Added a second autodetect abecause sometimes it doesn't match the first. log.format.autodetect_regular_expression = "( \\[[0-9]+:[0-9]+:[0-9]+\\] [A-Z-]* [A-Z a-z.]* \\[Classification: [^]]*\\] \\[Priority: [^]]*\\]: \\{[A-Z]*\\} [0-9.:]* -> [0-9.:]*|\\[\\*\\*\\].*\\[\\*\\*\\])" statistics.miscellaneous.entry_name = "events" # Log fields log.fields = { classification = { label = "$lang_stats.field_labels.classification" type = "flat" index = 0 subindex = 0 } # classification snort_priority = { label = "$lang_stats.field_labels.snort_priority" type = "flat" index = 0 subindex = 0 } # snort_priority protocol = { label = "$lang_stats.field_labels.protocol" type = "flat" index = 0 subindex = 0 } # protocol source_ip = { label = "$lang_stats.field_labels.source_ip" type = "host" index = 0 subindex = 0 hierarchy_dividers = "." left_to_right = false leading_divider = "false" } # source_ip source_port = { label = "$lang_stats.field_labels.source_port" type = "flat" index = 0 subindex = 0 } # source_port destination_ip = { label = "$lang_stats.field_labels.destination_ip" type = "flat" index = 0 subindex = 0 } # destination_ip destination_port = { label = "$lang_stats.field_labels.destination_port" type = "flat" index = 0 subindex = 0 } # destination_port rule = { label = "$lang_stats.field_labels.rule" type = "flat" index = 0 subindex = 0 } # rule message = { label = "$lang_stats.field_labels.message" type = "flat" index = 0 subindex = 0 } # message } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse out rule 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('()\\\\[[0-9]+:([0-9]+):[0-9]+\\\\]', '*KEY*,rule')" } # 1 # Parse out classification,priority 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('()\\\\[Classification: ([^]]*)\\\\] \\\\[Priority: ([^]]*)\\\\]', '*KEY*,classification,snort_priority')" } # 2 # Parse out the protocol,source IP,source port,destintation IP,destination port 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('()\\\\{([A-Z]*)\\\\} ([0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+):([0-9]+) -> ([0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+):([0-9]+)', '*KEY*,protocol,source_ip,source_port,destination_ip,destination_port')" } # 3 # Parse out the protocol,source IP,destintation IP 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('()\\\\{([A-Z]*)\\\\} ([0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+) -> ([0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+)', '*KEY*,protocol,source_ip,destination_ip')" } # 4 # Parse out the message on PORTSCAN lines 5 = { label = "5" comment = "" value = "collect_fields_using_regexp('()Portscan detected from [0-9\\\\.]*: ([^[]*)', '*KEY*,message')" } # 5 # Accept this log entry 6 = { label = "6" comment = "" value = "accept_collected_entry_using_regexp('^()', false)" } # 6 } # log.parsing_filters # Database fields database.fields = { source_ip = { label = "$lang_stats.field_labels.source_ip" log_field = "source_ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # source_ip destination_ip = { label = "$lang_stats.field_labels.destination_ip" log_field = "destination_ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # destination_ip source_port = { label = "$lang_stats.field_labels.source_port" log_field = "source_port" type = "string" suppress_top = 0 suppress_bottom = 2 } # source_port destination_port = { label = "$lang_stats.field_labels.destination_port" log_field = "destination_port" type = "string" suppress_top = 0 suppress_bottom = 2 } # destination_port classification = { label = "$lang_stats.field_labels.classification" log_field = "classification" type = "string" suppress_top = 0 suppress_bottom = 2 } # classification snort_priority = { label = "$lang_stats.field_labels.snort_priority" log_field = "snort_priority" type = "string" suppress_top = 0 suppress_bottom = 2 } # snort_priority protocol = { label = "$lang_stats.field_labels.protocol" log_field = "protocol" type = "string" suppress_top = 0 suppress_bottom = 2 } # protocol rule = { label = "$lang_stats.field_labels.rule" log_field = "rule" type = "string" suppress_top = 0 suppress_bottom = 2 } # rule message = { label = "$lang_stats.field_labels.message" log_field = "message" type = "string" suppress_top = 0 suppress_bottom = 2 } # message } # database.fields # Log Filters log.filters = { # Convert the rule field to English 1 = "convert_field_map('rule', '1->spp_portscan2|113->BACKDOOR DeepThroat access|122->BACKDOOR DeepThroat 3.1 System Info Client Request|124->BACKDOOR DeepThroat 3.1 FTP Status Client Request|125->BACKDOOR DeepThroat 3.1 E-Mail Info From Server|126->BACKDOOR DeepThroat 3.1 E-Mail Info Client Request|127->BACKDOOR DeepThroat 3.1 Server Status From Server|128->BACKDOOR DeepThroat 3.1 Server Status Client Request|129->BACKDOOR DeepThroat 3.1 Drive Info From Server|130->BACKDOOR DeepThroat 3.1 System Info From Server|131->BACKDOOR DeepThroat 3.1 Drive Info Client Request|132->BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server|133->BACKDOOR DeepThroat 3.1 Cached Passwords Client Request|134->BACKDOOR DeepThroat 3.1 RAS Passwords Client Request|135->BACKDOOR DeepThroat 3.1 Server Password Change Client Request|136->BACKDOOR DeepThroat 3.1 Server Password Remove Client Request|137->BACKDOOR DeepThroat 3.1 Rehash Client Request|138->BACKDOOR DeepThroat 3.1 Server Rehash Client Request|140->BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request|142->BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request|143->BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request|148->BACKDOOR DeepThroat 3.1 Keylogger Active on Network|149->BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network|150->BACKDOOR DeepThroat 3.1 Server Active on Network|154->BACKDOOR DeepThroat 3.1 Wrong Password|156->BACKDOOR DeepThroat 3.1 Visible Window List Client Request|160->BACKDOOR NetMetro Incoming Traffic|164->BACKDOOR DeepThroat 3.1 Server Active on Network|165->BACKDOOR DeepThroat 3.1 Keylogger on Server ON|166->BACKDOOR DeepThroat 3.1 Show Picture Client Request|167->BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request|168->BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request|169->BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request|170->BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request|171->BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request|172->BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request|173->BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request|174->BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request|175->BACKDOOR DeepThroat 3.1 Resolution Change Client Request|177->BACKDOOR DeepThroat 3.1 Keylogger on Server OFF|179->BACKDOOR DeepThroat 3.1 FTP Server Port Client Request|180->BACKDOOR DeepThroat 3.1 Process List Client request|181->BACKDOOR DeepThroat 3.1 Close Port Scan Client Request|182->BACKDOOR DeepThroat 3.1 Registry Add Client Request|186->BACKDOOR DeepThroat 3.1 Monitor on/off Client Request|187->BACKDOOR DeepThroat 3.1 Delete File Client Request|188->BACKDOOR DeepThroat 3.1 Kill Window Client Request|189->BACKDOOR DeepThroat 3.1 Disable Window Client Request|190->BACKDOOR DeepThroat 3.1 Enable Window Client Request|191->BACKDOOR DeepThroat 3.1 Change Window Title Client Request|192->BACKDOOR DeepThroat 3.1 Hide Window Client Request|193->BACKDOOR DeepThroat 3.1 Show Window Client Request|194->BACKDOOR DeepThroat 3.1 Send Text to Window Client Request|196->BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request|197->BACKDOOR DeepThroat 3.1 Create Directory Client Request|198->BACKDOOR DeepThroat 3.1 All Window List Client Request|199->BACKDOOR DeepThroat 3.1 Play Sound Client Request|200->BACKDOOR DeepThroat 3.1 Run Program Normal Client Request|201->BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request|202->BACKDOOR DeepThroat 3.1 Get NET File Client Request|203->BACKDOOR DeepThroat 3.1 Find File Client Request|204->BACKDOOR DeepThroat 3.1 Find File Client Request|205->BACKDOOR DeepThroat 3.1 HUP Modem Client Request|206->BACKDOOR DeepThroat 3.1 CD ROM Open Client Request|207->BACKDOOR DeepThroat 3.1 CD ROM Close Client Request|293->IMAP EXPLOIT overflow|295->IMAP EXPLOIT x86 linux overflow|296->IMAP EXPLOIT x86 linux overflow|297->IMAP EXPLOIT x86 linux overflow|298->IMAP EXPLOIT x86 linux overflow|299->IMAP EXPLOIT x86 linux overflow|318->EXPLOIT bootp x86 bsd overfow|319->EXPLOIT bootp x86 linux overflow|338->FTP EXPLOIT format string|340->FTP EXPLOIT overflow|341->FTP EXPLOIT overflow|342->FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8|343->FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD|345->FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic|346->FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check|348->FTP EXPLOIT wu-ftpd 2.6.0|349->FTP EXPLOIT MKD overflow|350->FTP EXPLOIT x86 linux overflow|351->FTP EXPLOIT x86 linux overflow|352->FTP EXPLOIT x86 linux overflow|445->ICMP SKIP|446->ICMP SKIP (Undefined Code!|448->ICMP Source Quench (Undefined Code!)|449->ICMP Time-To-Live Exceeded in Transit|450->ICMP Time-To-Live Exceeded in Transit (Undefined Code!)|455->ICMP Traceroute ipopts|488->INFO Connection Closed MSG from Port 80|490->INFO battle-mail traffic|501->MISC source route lssre|508->MISC gopher proxy|513->MISC Cisco Catalyst Remote Access|516->MISC SNMP NT UserList|521->MISC Large UDP Packet|529->NETBIOS DOS RFPoison|534->NETBIOS SMB CD..|535->NETBIOS SMB CD...|536->NETBIOS SMB D$access|537->NETBIOS SMB IPC$access|538->NETBIOS SMB IPC$access|539->NETBIOS Samba clientaccess|556->P2P Outbound GNUTella client request|557->P2P GNUTella client request|558->INFO Outbound GNUTella client request|559->P2P Inbound GNUTella client request|560->POLICY VNC server response|561->P2P Napster Client Data|562->P2P Napster Client Data|563->P2P Napster Client Data|564->P2P Napster Client Data|565->P2P Napster Server Login|566->POLICY PCAnywhere server response|569->RPC snmpXdmi overflow attempt TCP|570->RPC EXPLOIT ttdbserv solaris overflow|571->RPC EXPLOIT ttdbserv Solaris overflow|572->RPC DOS ttdbserv Solaris|573->RPC AMD Overflow|588->RPC portmap ttdbserv request UDP|592->RPC rstatd query|596->RPC portmap listing|597->RPC portmap listing|600->RPC EXPLOIT statdx|601->RSERVICES rlogin LinuxNIS|612->RPC rusers query UDP|613->SCAN myscan|615->SCAN SOCKS Proxy attempt|616->SCAN ident version request|617->SCAN ssh-research-scanner|619->SCAN cybercop os probe|622->SCAN ipEye SYN scan|628->SCAN nmap TCP|635->SCAN XTACACS logout|636->SCAN cybercop udp bomb|637->SCAN Webtrends Scanner UDP Probe|647->SHELLCODE sparc setuid 0|652->SHELLCODE Linux shellcode|653->SHELLCODE x86 unicode NOOP|656->SMTP EXPLOIT x86 windows CSMMail overflow|666->SMTP sendmail 8.4.1 exploit|674->MS-SQL xp_displayparamstmt possible buffer overflow|675->MS-SQL xp_setsqlsecurity possible buffer overflow|690->MS-SQL/SMB xp_printstatements possible buffer overflow|695->MS-SQL/SMB xp_sprintf possible buffer overflow|696->MS-SQL/SMB xp_showcolv possible buffer overflow|697->MS-SQL/SMB xp_peekqueue possible buffer overflow|698->MS-SQL/SMB xp_proxiedmetadata possible buffer overflow|699->MS-SQL xp_printstatements possible buffer overflow|700->MS-SQL/SMB xp_updatecolvbm possible buffer overflow|701->MS-SQL xp_updatecolvbm possible buffer overflow|702->MS-SQL/SMB xp_displayparamstmt possible buffer overflow|703->MS-SQL/SMB xp_setsqlsecurity possible buffer overflow|704->MS-SQL xp_sprintf possible buffer overflow|705->MS-SQL xp_showcolv possible buffer overflow|707->MS-SQL xp_proxiedmetadata possible buffer overflow|709->TELNET 4Dgifts SGI account attempt|710->TELNET EZsetup account attempt|712->TELNET ld_library_path|713->TELNET livingston DOS|714->TELNET resolv_host_conf|721->Virus - Possible pif Worm|722->Virus - Possible NAVIDAD Worm|723->Virus - Possible MyRomeo Worm|729->Virus - Possible scr Worm|730->Virus - Possible shs Worm|732->Virus - Possible QAZ Worm Infection|736->Virus - Successful eurocalculator execution|737->Virus - Possible eurocalculator.exe file|738->Virus - Possible Pikachu Pokemon Virus|739->Virus - Possible Triplesix Worm|740->Virus - Possible Tune.vbs|741->Virus - Possible NAIL Worm|742->Virus - Possible NAIL Worm|743->Virus - Possible NAIL Worm|744->Virus - Possible NAIL Worm|745->Virus - Possible Papa Worm|746->Virus - Possible Freelink Worm|747->Virus - Possible Simbiosis Worm|748->Virus - Possible BADASS Worm|749->Virus - Possible ExploreZip.B Worm|751->Virus - Possible wscript.KakWorm|752->Virus Possible Suppl Worm|753->Virus - Possible NewApt.Worm - theobbq.exe|754->Virus - Possible Word Macro - VALE|755->Virus - Possible IROK Worm|756->Virus - Possible Fix2001 Worm|757->Virus - Possible Y2K Zelu Trojan|758->Virus - Possible The_Fly Trojan|759->Virus - Possible Word Macro - VALE|760->Virus - Possible Passion Worm|761->Virus - Possible NewApt.Worm - cooler3.exe|762->Virus - Possible NewApt.Worm - party.exe|763->Virus - Possible NewApt.Worm - hog.exe|764->Virus - Possible NewApt.Worm - goal1.exe|765->Virus - Possible NewApt.Worm - pirate.exe|766->Virus - Possible NewApt.Worm - video.exe|767->Virus - Possible NewApt.Worm - baby.exe|768->Virus - Possible NewApt.Worm - cooler1.exe|769->Virus - Possible NewApt.Worm - boss.exe|770->Virus - Possible NewApt.Worm - g-zilla.exe|771->Virus - Possible ToadieE-mail Trojan|773->Virus - Possible Happy99 Virus|774->Virus - Possible CheckThis Trojan|776->Virus - Possible NewApt.Worm - copier.exe|777->Virus - Possible MyPics Worm|778->Virus - Possible Babylonia - X-MAS.exe|779->Virus - Possible NewApt.Worm - gadget.exe|780->Virus - Possible NewApt.Worm - irnglant.exe|781->Virus - Possible NewApt.Worm - casper.exe|782->Virus - Possible NewApt.Worm - fborfw.exe|783->Virus - Possible NewApt.Worm - saddam.exe|784->Virus - Possible NewApt.Worm - bboy.exe|785->Virus - Possible NewApt.Worm - monica.exe|786->Virus - Possible NewApt.Worm - goal.exe|787->Virus - Possible NewApt.Worm - panther.exe|788->Virus - Possible NewApt.Worm - chestburst.exe|789->Virus - Possible NewApt.Worm - farter.exe|790->Virus - Possible Common Sense Worm|791->Virus - Possible NewApt.Worm - cupid2.exe|792->Virus - Possible Resume Worm|794->Virus - Possible Resume Worm|799->Virus - Possible Timofonica Worm|800->Virus - Possible Resume Worm|802->Virus - Possible Zipped Files Trojan|808->WEB-CGI webdriver access|809->WEB-CGI whois_raw.cgi arbitrary command execution attempt|810->WEB-CGI whois_raw.cgi access|811->WEB-CGI websitepro path access|812->WEB-CGI webplus version access|815->WEB-CGI websendmail access|818->WEB-CGI dcforum.cgi access|819->WEB-CGI mmstdod.cgi access|820->WEB-CGI anaconda directory transversal attempt|821->WEB-CGI imagemap.exe overflow attempt|823->WEB-CGI cvsweb.cgi access|825->WEB-CGI glimpse access|826->WEB-CGI htmlscript access|827->WEB-CGI info2www access|828->WEB-CGI maillist.pl access|829->WEB-CGI nph-test-cgi access|830->WEB-CGI NPH-publish access|832->WEB-CGI perl.exe access|833->WEB-CGI rguest.exe access|834->WEB-CGI rwwwshell.pl access|836->WEB-CGI textcounter.pl access|837->WEB-CGI uploader.exe access|838->WEB-CGI webgais access|839->WEB-CGI finger access|840->WEB-CGI perlshop.cgi access|841->WEB-CGI pfdisplay.cgi access|842->WEB-CGI aglimpse access|843->WEB-CGI anform2 access|844->WEB-CGI args.bat access|846->WEB-CGI bnbform.cgi access|847->WEB-CGI campas access|849->WEB-CGI view-source access|850->WEB-CGI wais.pl access|851->WEB-CGI files.pl access|852->WEB-CGI wguest.exe access|853->WEB-CGI wrap access|854->WEB-CGI classifieds.cgi access|855->WEB-CGI edit.pl access|856->WEB-CGI environ.cgi access|857->WEB-CGI faxsurvey access|858->WEB-CGI filemail access|859->WEB-CGI man.sh access|860->WEB-CGI snork.bat access|861->WEB-CGI w3-msql access|862->WEB-CGI csh access|863->WEB-CGI day5datacopier.cgi access|864->WEB-CGI day5datanotifier.cgi access|865->WEB-CGI ksh access|866->WEB-CGI post-query access|868->WEB-CGI rsh access|869->WEB-CGI dumpenv.pl access|870->WEB-CGI snorkerz.cmd access|871->WEB-CGI survey.cgi access|872->WEB-CGI tcsh access|873->WEB-CGI scriptalias access|874->WEB-CGI w3-msql solaris x86 access|875->WEB-CGI win-c-sample.exe access|877->WEB-CGI rksh access|878->WEB-CGI w3tvars.pm access|880->WEB-CGI LWGate access|881->WEB-CGI archie access|883->WEB-CGI flexform access|884->WEB-CGI formmail access|885->WEB-CGI bash access|886->WEB-CGI phf access|887->WEB-CGI www-sql access|889->WEB-CGI ppdscgi.exe access|890->WEB-CGI sendform.cgi access|891->WEB-CGI upload.pl access|892->WEB-CGI AnyForm2 access|893->WEB-CGI MachineInfo access|895->WEB-CGI redirect access|896->WEB-CGI way-board access|897->WEB-CGI pals-cgi access|898->WEB-CGI commerce.cgi access|901->WEB-CGI webspirs.cgi access|902->WEB-CGI tstisapi.dll access|903->WEB-COLDFUSION cfcache.map access|909->WEB-COLDFUSION datasource username attempt|910->WEB-COLDFUSION fileexists.cfm access|911->WEB-COLDFUSION exprcalc access|912->WEB-COLDFUSION parks access|913->WEB-COLDFUSION cfappman access|914->WEB-COLDFUSION beaninfo access|915->WEB-COLDFUSION evaluate.cfm access|916->WEB-COLDFUSION getodbcdsn access|917->WEB-COLDFUSION db connections flush attempt|918->WEB-COLDFUSION expeval access|919->WEB-COLDFUSION datasource passwordattempt|920->WEB-COLDFUSION datasource attempt|922->WEB-COLDFUSION displayfile access|923->WEB-COLDFUSION getodbcin attempt|925->WEB-COLDFUSION mainframeset access|926->WEB-COLDFUSION set odbc ini attempt|927->WEB-COLDFUSION settings refresh attempt|928->WEB-COLDFUSION exampleapp access|929->WEB-COLDFUSION CFUSION_VERIFYMAIL access|930->WEB-COLDFUSION snippets attempt|931->WEB-COLDFUSION cfmlsyntaxcheck.cfm access|932->WEB-COLDFUSION application.cfm access|933->WEB-COLDFUSION onrequestend.cfm access|936->WEB-COLDFUSION gettempdirectory.cfm access-|937->WEB-FRONTPAGE _vti_rpc access|940->WEB-FRONTPAGE shtml.dll access|941->WEB-FRONTPAGE contents.htm access|942->WEB-FRONTPAGE orders.htm access|943->WEB-FRONTPAGE fpsrvadm.exe access|944->WEB-FRONTPAGE fpremadm.exe access|946->WEB-FRONTPAGE fpadmcgi.exe access|947->WEB-FRONTPAGE orders.txt access|949->WEB-FRONTPAGE registrations.htm access|950->WEB-FRONTPAGE cfgwiz.exe access|954->WEB-FRONTPAGE form_results.htm access|955->WEB-FRONTPAGE access.cnf access|956->WEB-FRONTPAGE register.txt access|957->WEB-FRONTPAGE registrations.txt access|959->WEB-FRONTPAGE service.pwd|960->WEB-FRONTPAGE service.stp access|961->WEB-FRONTPAGE services.cnf access|962->WEB-FRONTPAGE shtml.exe access|963->WEB-FRONTPAGE svcacl.cnf access|964->WEB-FRONTPAGE users.pwd access|965->WEB-FRONTPAGE writeto.cnf access|966->WEB-FRONTPAGE fourdots request|968->WEB-FRONTPAGE register.htm access|984->WEB-IIS JET VBA access|985->WEB-IIS JET VBA access|1004->WEB-IIS codebrowser Exair access|1005->WEB-IIS codebrowser SDK access|1010->WEB-IIS encoding access|1012->WEB-IIS fpcount attempt|1013->WEB-IIS fpcount access|1028->WEB-IIS query.asp access|1031->WEB-IIS /SiteServer/Publishing/viewcode.asp access|1032->WEB-IIS showcode access|1033->WEB-IIS showcode access|1034->WEB-IIS showcode access|1035->WEB-IIS showcode access|1036->WEB-IIS showcode access|1047->WEB-MISC Netscape Enterprise DOS|1048->WEB-MISC Netscape Enterprise directory listing attempt|1049->WEB-MISC iPlanet ../../ DOS attempt|1053->WEB-CGI ads.cgi command execution attempt|1056->WEB-MISC Tomcat view source attempt|1057->WEB-MISC ftp attempt|1058->WEB-MISC xp_enumdsn attempt|1059->WEB-MISC xp_filelist attempt|1060->WEB-MISC xp_availablemedia attempt|1061->WEB-MISC xp_cmdshell attempt|1064->WEB-MISC wsh attempt|1065->WEB-MISC rcmd attempt|1068->WEB-MISC tftp attempt|1069->WEB-MISC xp_regread attempt|1077->WEB-MISC queryhit.htm access|1078->WEB-MISC counter.exe access|1081->WEB-MISC Netscape Servers suite DOS|1082->WEB-MISC amazon 1-click cookie theft|1083->WEB-MISC unify eWave ServletExec DOS|1084->WEB-MISC Allaire JRUN DOS attempt|1085->WEB-PHP strings overflow|1086->WEB-PHP strings overflow|1090->WEB-CGI Allaire Pro Web Shell attempt|1091->WEB-MISC ICQ Webfront HTTP DOS|1095->WEB-MISC Talentsoft Web+ Source Code view access|1096->WEB-MISC Talentsoft Web+ internal IP Address access|1097->WEB-CGI Talentsoft Web+ exploit attempt|1098->WEB-MISC SmartWin CyberOffice Shopping Cart access|1099->WEB-MISC cybercop scan|1100->WEB-MISC L3retriever HTTP Probe|1101->WEB-MISC Webtrends HTTP probe|1102->WEB-MISC Nessus 404 probe|1105->WEB-MISC BigBrother access|1106->WEB-CGI Poll-it access|1107->WEB-MISC ftp.pl access|1108->WEB-MISC Tomcat server snoop access|1109->WEB-MISC ROXEN directory list attempt|1110->WEB-MISC apache source.asp file access|1114->WEB-MISC prefix-get //|1115->WEB-MISC ICQ webserver DOS|1116->WEB-MISC Lotus DelDoc attempt|1117->WEB-MISC Lotus EditDoc attempt|1118->WEB-MISC ls -l|1119->WEB-MISC mlog.phtml access|1120->WEB-MISC mylog.phtml access|1121->WEB-MISC O\\'Reilly args.bat access|1123->WEB-MISC ?PageServices access|1124->WEB-MISC Ecommerce check.txt access|1125->WEB-MISC webcart access|1126->WEB-MISC AuthChangeUrl access|1127->WEB-MISC convert.bas access|1128->WEB-MISC cpshost.dll access|1130->WEB-MISC .wwwacl access|1131->WEB-MISC .wwwacl access|1132->WEB-MISC Netscape Unixware overflow|1136->WEB-MISC cd..|1138->WEB-MISC Cisco Web DOS attempt|1140->WEB-MISC guestbook.pl access|1141->WEB-MISC handler access|1142->WEB-MISC /.... access|1143->WEB-MISC ///cgi-bin access|1144->WEB-MISC /cgi-bin/// access|1145->WEB-MISC /~root access|1146->WEB-MISC Ecommerce import.txt access|1147->WEB-MISC cat access|1148->WEB-MISC Ecommerce import.txt access|1149->WEB-CGI count.cgi access|1150->WEB-MISC Domino catalog.nsf access|1151->WEB-MISC Domino domcfg.nsf access|1152->WEB-MISC Domino domlog.nsf access|1153->WEB-MISC Domino log.nsf access|1154->WEB-MISC Domino names.nsf access|1155->WEB-MISC Ecommerce checks.txt access|1156->WEB-MISC apache DOS attempt|1157->WEB-MISC Netscape PublishingXpert access|1160->WEB-MISC Netscape dir index wp|1161->WEB-PHP piranha passwd.php3 access|1164->WEB-MISC shopping cart access access|1165->WEB-MISC Novell Groupwise gwweb.exe access|1168->WEB-MISC mall log order access|1172->WEB-CGI bigconf.cgi access|1173->WEB-MISC architext_query.pl access|1174->WEB-CGI /cgi-bin/jj access|1177->WEB-MISC Netscape Enterprise Server directory view|1178->WEB-PHP Phorum read access|1179->WEB-PHP Phorum violation access|1180->WEB-MISC get32.exe access|1181->WEB-MISC Annex Terminal DOS attempt|1182->WEB-MISC cgitest.exe attempt|1183->WEB-MISC Netscape Enterprise Server directory view|1184->WEB-MISC Netscape Enterprise Server directory view|1185->WEB-CGI bizdbsearch attempt|1192->WEB-MISC Trend Micro OfficeScan access|1193->WEB-MISC oracle web arbitrary command execution attempt|1194->WEB-CGI sojourn.cgi File attempt|1195->WEB-CGI sojourn.cgi access|1197->WEB-PHP Phorum code access|1200->ATTACK-RESPONSES Invalid URL|1201->ATTACK-RESPONSES 403 Forbidden|1202->WEB-MISC search.vts access|1205->WEB-CGI axs.cgi access|1206->WEB-CGI cachemgr.cgi access|1207->WEB-MISC htgrep access|1208->WEB-CGI responder.cgi access|1209->WEB-MISC .nsconfig access|1211->WEB-CGI web-map.cgi access|1213->WEB-MISC backup access|1214->WEB-MISC intranet access|1216->WEB-MISC filemail access|1217->WEB-MISC plusmail access|1219->WEB-CGI dfire.cgi access|1220->WEB-MISC ultraboard access|1221->WEB-MISC musicat empower access|1222->WEB-CGI pals-cgi arbitrary file access attempt|1224->WEB-MISC ROADS search.pl attempt|1230->WEB-MISC VirusWall FtpSave access|1231->WEB-MISC VirusWall catinfo access|1232->WEB-MISC VirusWall catinfo access|1234->WEB-MISC VirusWall FtpSaveCSP access|1235->WEB-MISC VirusWall FtpSaveCVP access|1236->WEB-MISC Tomcat sourecode view|1237->WEB-MISC Tomcat sourecode view|1238->WEB-MISC Tomcat sourecode view|1239->NETBIOS RFParalyze Attempt|1246->WEB-FRONTPAGE rad overflow attempt|1247->WEB-FRONTPAGE rad overflow attempt|1248->WEB-FRONTPAGE rad fp30reg.dll access|1249->WEB-FRONTPAGE frontpage rad fp4areg.dll access|1252->TELNET bsd telnet exploit response|1253->TELNET bsd exploit client finishing|1254->WEB-PHP PHPLIB remote command attempt|1255->WEB-PHP PHPLIB remote command attempt|1258->WEB-MISC HP OpenView Manager DOS|1259->WEB-MISC SWEditServlet access|1274->RPC portmap ttdbserv request TCP|1276->RPC portmap ypserv request TCP|1277->RPC portmap ypupdated request UDP|1278->RPC rstatd query|1282->RPC EXPLOIT statdx|1288->WEB-FRONTPAGE /_vti_bin/ access|1291->WEB-MISC sml3com access|1293->NETBIOS nimda .eml|1294->NETBIOS nimda .nws|1295->NETBIOS nimda RICHED20.DLL|1296->RPC portmap request yppasswdd|1297->RPC portmap request yppasswdd|1302->WEB-MISC console.exe access|1303->WEB-MISC cs.exe access|1304->WEB-CGI txt2html.cgi access|1307->WEB-CGI store.cgi access|1308->WEB-CGI sendmessage.cgi access|1309->WEB-CGI zsh access|1361->WEB-ATTACKS nmap command attempt|1362->WEB-ATTACKS xterm command attempt|1371->WEB-ATTACKS /etc/motd access|1376->WEB-MISC jrun directory browse attempt|1381->WEB-MISC Trend Micro OfficeScan attempt|1384->MISC UPnP malformed advertisement|1386->MS-SQL/SMB raiserror possible buffer overflow|1388->MISC UPnP Location overflow|1390->SHELLCODE x86 inc ebx NOOP|1391->WEB-MISC Phorecast remote code execution attempt|1392->WEB-CGI lastlines.cgi access|1393->MISC AIM AddGame attempt|1395->WEB-CGI zml.cgi attempt|1396->WEB-CGI zml.cgi access|1403->WEB-MISC viewcode access|1404->WEB-MISC showcode access|1405->WEB-CGI AHG search.cgi access|1406->WEB-CGI agora.cgi access|1407->WEB-PHP smssend.php access|1409->SNMP community string buffer overflow attempt|1410->WEB-CGI dcboard.cgi access|1421->SNMP AgentX/tcp request|1423->WEB-PHP content-disposition memchr overflow|1424->SHELLCODE x86 EB OC NOOP|1425->WEB-PHP content-disposition|1426->SNMP PROTOS test-suite-req-app attempt|1427->SNMP PROTOS test-suite-trap-app attempt|1428->MULTIMEDIA audio galaxy keepalive|1429->POLICY poll.gotomypc.com access|1430->TELNET Solaris memory mismanagement exploit attempt|1433->WEB-MISC .history access|1434->WEB-MISC .bash_history access|1436->MULTIMEDIA Quicktime User Agent access|1437->MULTIMEDIA Windows Media audio download|1438->MULTIMEDIA Windows Media Video download|1439->MULTIMEDIA Shoutcast playlist redirection|1440->MULTIMEDIA Icecast playlist redirection|1447->MISC MS Terminal server request (RDP)|1448->MISC MS Terminal server request|1451->WEB-CGI NPH-publish access|1452->WEB-CGI args.cmd access|1453->WEB-CGI AT-generated.cgi access|1454->WEB-CGI wwwwais access|1455->WEB-CGI calender.pl access|1458->WEB-CGI user_update_passwd.pl access|1459->WEB-CGI bb-histlog.sh access|1460->WEB-CGI bb-histsvc.sh access|1461->WEB-CGI bb-rep.sh access|1462->WEB-CGI bb-replog.sh access|1464->ATTACK-RESPONSES oracle one hour install|1465->WEB-CGI auktion.cgi access|1466->WEB-CGI cgiforum.pl access|1467->WEB-CGI directorypro.cgi access|1468->WEB-CGI Web Shopper shopper.cgi attempt|1469->WEB-CGI Web Shopper shopper.cgi access|1470->WEB-CGI listrec.pl access|1471->WEB-CGI mailnews.cgi access|1472->WEB-CGI book.cgi access|1473->WEB-CGI newsdesk.cgi access|1474->WEB-CGI cal_make.pl access|1475->WEB-CGI mailit.pl access|1476->WEB-CGI sdbsearch.cgi access|1477->WEB-CGI swc attempt|1478->WEB-CGI swc access|1479->WEB-CGI ttawebtop.cgi arbitrary file attempt|1480->WEB-CGI ttawebtop.cgi access|1481->WEB-CGI upload.cgi access|1482->WEB-CGI view_source access|1483->WEB-CGI ustorekeeper.pl access|1489->WEB-MISC /~nobody access|1493->WEB-MISC RBS ISP /newuser access|1494->WEB-CGI SIX webboard generate.cgi attempt|1495->WEB-CGI SIX webboard generate.cgi access|1496->WEB-CGI spin_client.cgi access|1499->WEB-MISC SiteScope Service access|1500->WEB-MISC ExAir access|1502->WEB-CGI a1stats a1disp3.cgi access|1505->WEB-CGI alchemy http server PRN arbitrary command execution attempt|1506->WEB-CGI alchemy http server NUL arbitrary command execution attempt|1507->WEB-CGI alibaba.pl arbitrary command execution attempt|1508->WEB-CGI alibaba.pl access|1510->WEB-CGI test.bat arbitrary command execution attempt|1511->WEB-CGI test.bat access|1512->WEB-CGI input.bat arbitrary command execution attempt|1513->WEB-CGI input.bat access|1514->WEB-CGI input2.bat arbitrary command execution attempt|1515->WEB-CGI input2.bat access|1516->WEB-CGI envout.bat arbitrary command execution attempt|1517->WEB-CGI envout.bat access|1518->WEB-MISC nstelemetry.adp access|1521->WEB-MISC server-status access|1522->WEB-MISC ans.pl attempt|1523->WEB-MISC ans.pl access|1524->WEB-MISC AxisStorpoint CD attempt|1525->WEB-MISC Axis Storpoint CD access|1528->WEB-MISC BBoard access|1531->WEB-CGI bb-hist.sh attempt|1532->WEB-CGI bb-hostscv.sh attempt|1533->WEB-CGI bb-hostscv.sh access|1534->WEB-CGI agora.cgi attempt|1535->WEB-CGI bizdbsearch access|1538->NNTP AUTHINFO USER overflow attempt|1539->WEB-CGI /cgi-bin/ls access|1540->WEB-COLDFUSION ?Mode=debug attempt|1542->WEB-CGI cgimail access|1543->WEB-CGI cgiwrap access|1547->WEB-CGI csSearch.cgi arbitrary command execution attempt|1548->WEB-CGI csSearch.cgi access|1551->WEB-MISC /CVS/Entries access|1552->WEB-MISC cvsweb version access|1553->WEB-CGI /cart/cart.cgi access|1554->WEB-CGI dbman db.cgi access|1555->WEB-CGI DCShop access|1556->WEB-CGI DCShop orders.txt access|1557->WEB-CGI DCShop auth_user_file.txt access|1558->WEB-MISC Delegate whois overflow attempt|1559->WEB-MISC /doc/packages access|1560->WEB-MISC /doc/ access|1561->WEB-MISC ?open access|1563->WEB-MISC login.htm attempt|1564->WEB-MISC login.htm access|1565->WEB-CGI eshop.pl arbitrary commane execution attempt|1566->WEB-CGI eshop.pl access|1570->WEB-CGI loadpage.cgi access|1572->WEB-CGI commerce.cgi arbitrary file access attempt|1573->WEB-CGI cgiforum.pl attempt|1574->WEB-CGI directorypro.cgi attempt|1575->WEB-MISC Domino mab.nsf access|1576->WEB-MISC Domino cersvr.nsf access|1577->WEB-MISC Domino setup.nsf access|1578->WEB-MISC Domino statrep.nsf access|1580->WEB-MISC Domino events4.nsf access|1581->WEB-MISC Domino ntsync4.nsf access|1582->WEB-MISC Domino collect4.nsf access|1583->WEB-MISC Domino mailw46.nsf access|1584->WEB-MISC Domino bookmark.nsf access|1585->WEB-MISC Domino agentrunner.nsf access|1586->WEB-MISC Domino mail.box access|1587->WEB-MISC cgitest.exe access|1588->WEB-MISC SalesLogix Eviewer access|1589->WEB-MISC musicat empower attempt|1590->WEB-CGI faqmanager.cgi arbitrary file access attempt|1591->WEB-CGI faqmanager.cgi access|1592->WEB-CGI /fcgi-bin/echo.exe access|1593->WEB-CGI FormHandler.cgi external site redirection attempt|1594->WEB-CGI FormHandler.cgi access|1597->WEB-CGI guestbook.cgi access|1599->WEB-CGI search.cgi access|1603->WEB-MISC DELETE attempt|1606->WEB-CGI icat access|1608->WEB-CGI htmlscript attempt|1609->WEB-CGI faxsurvey arbitrary file read attempt|1611->WEB-CGI eXtropia webstore access|1612->WEB-MISC ftp.pl attempt|1613->WEB-MISC handler attempt|1614->WEB-MISC Novell Groupwise gwweb.exe attempt|1615->WEB-MISC htgrep attempt|1617->WEB-CGI Bugzilla doeditvotes.cgi access|1619->EXPERIMENTAL WEB-IIS .htr request|1620->BAD TRAFFIC Non-Standard IP protocol|1629->OTHER-IDS SecureNetPro traffic|1634->POP3 PASS overflow attempt|1635->POP3 APOP overflow attempt|1637->WEB-CGI yabb.cgi access|1642->WEB-CGI document.d2w access|1643->WEB-CGI db2www access|1644->WEB-CGI test-cgi attempt|1646->WEB-CGI test.cgi access|1647->WEB-CGI faxsurvey attempt (full path)|1648->WEB-CGI perl.exe command attempt|1649->WEB-CGI perl command attempt|1650->WEB-CGI tst.bat access|1651->WEB-CGI enivorn.pl access|1652->WEB-CGI campus attempt|1653->WEB-CGI campus access|1654->WEB-CGI cart32.exe access|1655->WEB-CGI pfdispaly.cgi arbitrary command execution attempt|1656->WEB-CGI pfdispaly.cgi access|1658->WEB-CGI pagelog.cgi access|1659->WEB-COLDFUSION sendmail.cfm access|1663->WEB-MISC * .pl access|1664->WEB-MISC mkplog.exe access|1665->WEB-MISC mkilog.exe access|1666->ATTACK-RESPONSES index of /cgi-bin/ response|1668->WEB-CGI /cgi-bin/ access|1669->WEB-CGI /cgi-dos/ access|1670->WEB-MISC /home/ftp access|1671->WEB-MISC /home/www access|1698->ORACLE execute_system attempt|1700->WEB-CGI imagemap.exe access|1702->WEB-CGI Amaya templates sendtemp.pl access|1705->WEB-CGI echo.bat arbitrary command execution attempt|1706->WEB-CGI echo.bat access|1707->WEB-CGI hello.bat arbitrary command execution attempt|1708->WEB-CGI hello.bat access|1709->WEB-CGI ad.cgi access|1710->WEB-CGI bbs_forum.cgi access|1711->WEB-CGI bsguest.cgi access|1712->WEB-CGI bslist.cgi access|1713->WEB-CGI cgforum.cgi access|1714->WEB-CGI newdesk access|1715->WEB-CGI register.cgi access|1716->WEB-CGI gbook.cgi access|1717->WEB-CGI simplestguest.cgi access|1718->WEB-CGI statusconfig.pl access|1720->WEB-CGI talkback.cgi access|1721->WEB-CGI adcycle access|1722->WEB-CGI MachineInfo access|1723->WEB-CGI emumail.cgi NULL attempt|1724->WEB-CGI emumail.cgi access|1727->WEB-CGI SGI InfoSearch fname access|1731->WEB-CGI a1stats access|1735->WEB-CLIENT XMLHttpRequest attempt|1736->WEB-PHP squirrel mail spell-check arbitrary command attempt|1737->WEB-PHP squirrel mail theme arbitrary command attempt|1738->WEB-MISC global.inc access|1740->WEB-PHP DNSTools authentication bypass attempt|1741->WEB-PHP DNSTools access|1742->WEB-PHP Blahz-DNS dostuff.php modify user attempt|1743->WEB-PHP Blahz-DNS dostuff.php access|1744->WEB-MISC SecureSite authentication bypass attempt|1745->WEB-PHP Messagerie supp_membre.php access|1749->EXPERIMENTAL WEB-IIS .NET trace.axd access|1752->MISC AIM AddExternalApp attempt|1757->WEB-MISC b2 arbitrary command execution attempt|1758->WEB-MISC b2 access|1760->OTHER-IDS ISS RealSecure 6 event collector connection attempt|1761->OTHER-IDS ISS RealSecure 6 daemon connection attempt|1762->WEB-CGI phf arbitrary command execution attempt|1763->WEB-CGI Nortel Contivity cgiproc DOS attempt|1764->WEB-CGI Nortel Contivity cgiproc DOS attempt|1765->WEB-CGI Nortel Contivity cgiproc access|1766->WEB-MISC search.dll directory listing attempt|1767->WEB-MISC search.dll access|1769->WEB-MISC .DS_Store access|1770->WEB-MISC .FBCIndex access|1771->POLICY IPSec PGPNet connection attempt|1774->WEB-PHP bb_smilies.php access|1780->IMAP EXPLOIT partial body overflow attempt|1787->WEB-CGI csPassword.cgi access|1788->WEB-CGI csPassword password.cgi.tmp access|1792->NNTP return code buffer overflow attempt|1801->WEB-IIS .asp HTTP header buffer overflow attempt|1802->WEB-IIS .asa HTTP header buffer overflow attempt|1803->WEB-IIS .cer HTTP header buffer overflow attempt|1804->WEB-IIS .cdx HTTP header buffer overflow attempt|1807->WEB-MISC Transfer-Encoding\\: chunked|1815->WEB-PHP directory.php arbitrary command attempt|1816->WEB-PHP directory.php access|1819->MISC Alcatel PABX 4400 connection attempt|1820->WEB-MISC IBM Net.Commerce orderdspc.d2w access|1824->WEB-CGI alienform.cgi access|1825->WEB-CGI AlienForm af.cgi access|1826->WEB-MISC WEB-INF access|1829->WEB-MISC Tomcat TroubleShooter servlet access|1830->WEB-MISC Tomcat SnoopServlet servlet access|1840->WEB-CLIENT Javascript document.domain attempt|1846->POLICY vncviewer Java applet download attempt|1847->WEB-MISC webalizer access|1848->WEB-MISC webcart-lite access|1849->WEB-MISC webfind.exe access|1850->WEB-CGI way-board.cgi access|1851->WEB-MISC active.log access|1865->WEB-CGI webdist.cgi arbitrary command attempt|1867->MISC xdmcp info query|1868->WEB-CGI story.pl arbitrary file read attempt|1869->WEB-CGI story.pl access|1870->WEB-CGI siteUserMod.cgi access|1872->WEB-MISC Oracle Dynamic Monitoring Services (dms) access|1873->WEB-MISC globals.jsa access|1874->WEB-MISC Oracle Java Process Manager access|1875->WEB-CGI cgicso access|1876->WEB-CGI nph-publish.cgi access|1877->WEB-CGI printenv access|1878->WEB-CGI sdbsearch.cgi access|1879->WEB-CGI book.cgi arbitrary command execution attempt|1880->WEB-MISC oracle web application server access|1881->WEB-MISC bad HTTP/1.1 request, Potentially worm attack|1887->MISC OpenSSL Worm traffic|1889->MISC slapper worm admin traffic|1893->SNMP missing community string attempt|1900->ATTACK-RESPONSES successful kadmind buffer overflow attempt|1901->ATTACK-RESPONSES successful kadmind buffer overflow attempt|1931->WEB-CGI rpc-nlog.pl access|1932->WEB-CGI rpc-smb.pl access|1933->WEB-CGI cart.cgi access|1934->POP2 FOLD overflow attempt|1935->POP2 FOLD arbitrary file attempt|1936->POP3 AUTH overflow attempt|1937->POP3 LIST overflow attempt|1938->POP3 XTND overflow attempt|1939->MISC bootp hardware address length overflow|1940->MISC bootp invalid hardware type|1943->WEB-MISC /Carello/add.exe access|1944->WEB-MISC /ecscripts/ecware.exe access|1947->WEB-MISC answerbook2 arbitrary command execution attempt|1957->RPC sadmind UDP PING|1958->RPC sadmind TCP PING|1959->RPC portmap NFS request UDP|1960->RPC portmap NFS request TCP|1961->RPC portmap RQUOTA request UDP|1962->RPC portmap RQUOTA request TCP|1966->MISC GlobalSunTech Access Point Information Disclosure attempt|1967->WEB-PHP phpbb quick-reply.php arbitrary command attempt|1968->WEB-PHP phpbb quick-reply.php access|1969->WEB-MISC ion-p access|1975->FTP DELE overflow attempt|1977->WEB-MISC xp_regwrite attempt|1978->WEB-MISC xp_regdeletekey attempt|1979->WEB-MISC perl post attempt|1994->WEB-CGI vpasswd.cgi access|1995->WEB-CGI alya.cgi access|1996->WEB-CGI viralator.cgi access|1997->WEB-PHP read_body.php access attempt|1998->WEB-PHP calendar.php access|1999->WEB-PHP edit_image.php access|2251->NETBIOS DCERPC Remote Activation bind attempt|2252->NETBIOS SMB DCERPC Remote Activation bind attempt|103->BACKDOOR subseven 22|104->BACKDOOR - Dagger_1.4.0_client_connect|105->BACKDOOR - Dagger_1.4.0|106->BACKDOOR ACKcmdC trojan scan|107->BACKDOOR subseven DEFCON8 2.1 access|108->BACKDOOR QAZ Worm Client Login access|109->BACKDOOR netbus active|110->BACKDOOR netbus getinfo|111->BACKDOOR netbus getinfo|112->BACKDOOR BackOrifice access|114->BACKDOOR netbus active|115->BACKDOOR netbus active|116->BACKDOOR BackOrifice access|117->BACKDOOR Infector.1.x|118->BACKDOOR SatansBackdoor.2.0.Beta|119->BACKDOOR Doly 2.0 access|120->BACKDOOR Infector 1.6 Server to Client|121->BACKDOOR Infector 1.6 Client to Server Connection Request|141->BACKDOOR HackAttack 1.20 Connect|144->FTP ADMw0rm ftp login attempt|145->BACKDOOR GirlFriendaccess|146->BACKDOOR NetSphere access|147->BACKDOOR GateCrasher|151->BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network|152->BACKDOOR BackConstruction 2.1 Connection|153->BACKDOOR DonaldDick 1.53 Traffic|155->BACKDOOR NetSphere 1.31.337 access|157->BACKDOOR BackConstruction 2.1 Client FTP Open Request|158->BACKDOOR BackConstruction 2.1 Server FTP Open Reply|159->BACKDOOR NetMetro File List|161->BACKDOOR Matrix 2.0 Client connect|162->BACKDOOR Matrix 2.0 Server access|163->BACKDOOR WinCrash 1.0 Server Active|176->BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request|183->BACKDOOR SIGNATURE - Q ICMP|184->BACKDOOR Q access|185->BACKDOOR CDK|195->BACKDOOR DeepThroat 3.1 Server Response|208->BACKDOOR PhaseZero Server Active on Network|209->BACKDOOR w00w00 attempt|210->BACKDOOR attempt|211->BACKDOOR MISC r00t attempt|212->BACKDOOR MISC rewt attempt|213->BACKDOOR MISC Linux rootkit attempt|214->BACKDOOR MISC Linux rootkit attempt lrkr0x|215->BACKDOOR MISC Linux rootkit attempt|216->BACKDOOR MISC Linux rootkit satori attempt|217->BACKDOOR MISC sm4ck attempt|218->BACKDOOR MISC Solaris 2.5 attempt|219->BACKDOOR HidePak backdoor attempt|220->BACKDOOR HideSource backdoor attempt|221->DDOS TFN Probe|222->DDOS tfn2k icmp possible communication|223->DDOS Trin00\\:DaemontoMaster(PONGdetected)|224->DDOS Stacheldraht server spoof|225->DDOS Stacheldraht gag server response|226->DDOS Stacheldraht server response|227->DDOS Stacheldraht client spoofworks|228->DDOS TFN client command BE|229->DDOS Stacheldraht client check skillz|230->DDOS shaft client to handler|231->DDOS Trin00\\:DaemontoMaster(messagedetected)|232->DDOS Trin00\\:DaemontoMaster(*HELLO*detected)|233->DDOS Trin00\\:Attacker to Master default startup password|234->DDOS Trin00 Attacker to Master default password|235->DDOS Trin00 Attacker to Master default mdie password|236->DDOS Stacheldraht client check gag|237->DDOS Trin00\\:MastertoDaemon(defaultpassdetected!)|238->DDOS TFN server response|239->DDOS shaft handler to agent|240->DDOS shaft agent to handler|241->DDOS shaft synflood|243->DDOS mstream agent to handler|244->DDOS mstream handler to agent|245->DDOS mstream handler ping to agent|246->DDOS mstream agent pong to handler|247->DDOS mstream client to handler|248->DDOS mstream handler to client|249->DDOS mstream client to handler|250->DDOS mstream handler to client|251->DDOS - TFN client command LE|252->DNS named iquery attempt|253->DNS SPOOF query response PTR with TTL\\: 1 min. and no authority|254->DNS SPOOF query response with ttl\\: 1 min. and no authority|255->DNS zone transfer TCP|256->DNS named authors attempt|257->DNS named version attempt|258->DNS EXPLOIT named 8.2->8.2.1|259->DNS EXPLOIT named overflow (ADM)|260->DNS EXPLOIT named overflow (ADMROCKS)|261->DNS EXPLOIT named overflow attempt|262->DNS EXPLOIT x86 Linux overflow attempt|264->DNS EXPLOIT x86 Linux overflow attempt|265->DNS EXPLOIT x86 Linux overflow attempt (ADMv2)|266->DNS EXPLOIT x86 FreeBSD overflow attempt|267->DNS EXPLOIT sparc overflow attempt|268->DOS Jolt attack|269->DOS Land attack|270->DOS Teardrop attack|271->DOS UDP echo+chargen bomb|272->DOS IGMP dos attack|273->DOS IGMP dos attack|274->DOS ath|275->DOS NAPTHA|276->DOS Real Audio Server|277->DOS Real Server template.html|278->DOS Real Server template.html|279->DOS Bay/Nortel Nautica Marlin|281->DOS Ascend Route|282->DOS arkiea backup|283->EXPLOIT Netscape 4.7 client overflow|284->POP2 x86 Linux overflow|285->POP2 x86 Linux overflow|286->POP3 EXPLOIT x86 BSD overflow|287->POP3 EXPLOIT x86 BSD overflow|288->POP3 EXPLOIT x86 Linux overflow|289->POP3 EXPLOIT x86 SCO overflow|290->POP3 EXPLOIT qpopper overflow|291->NNTP Cassandra Overflow|292->EXPLOIT x86 Linux samba overflow|300->EXPLOIT nlps x86 Solaris overflow|301->EXPLOIT LPRng overflow|302->EXPLOIT Redhat 7.0 lprd overflow|303->DNS EXPLOIT named tsig overflow attempt|304->EXPLOIT SCO calserver overflow|305->EXPLOIT delegate proxy overflow|306->EXPLOIT VQServer admin|307->EXPLOIT CHAT IRC topic overflow|308->EXPLOIT NextFTP client overflow|309->EXPLOIT sniffit overflow|310->EXPLOIT x86 windows MailMax overflow|311->EXPLOIT Netscape 4.7 unsucessful overflow|312->EXPLOIT ntpdx overflow attempt|313->EXPLOIT ntalkd x86 Linux overflow|314->DNS EXPLOIT named tsig overflow attempt|315->EXPLOIT x86 Linux mountd overflow|316->EXPLOIT x86 Linux mountd overflow|317->EXPLOIT x86 Linux mountd overflow|320->FINGER cmd_rootsh backdoor attempt|321->FINGER account enumeration attempt|322->FINGER search query|323->FINGER root query|324->FINGER null request|325->FINGER probe 0 attempt|326->FINGER remote command \\; execution attempt|327->FINGER remote command pipe execution attempt|328->FINGER bomb attempt|329->FINGER cybercop redirection|330->FINGER redirection attempt|331->FINGER cybercop query|332->FINGER 0 query|333->FINGER . query|334->FTP .forward|335->FTP .rhosts|336->FTP CWD ~root attempt|337->FTP CEL overflow attempt|339->FTP EXPLOIT OpenBSD x86 ftpd|344->FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux|353->FTP adm scan|354->FTP iss scan|355->FTP pass wh00t|356->FTP passwd retrieval attempt|357->FTP piss scan|358->FTP saint scan|359->FTP satan scan|360->FTP serv-u directory transversal|361->FTP site exec|362->FTP tar parameters|363->ICMP IRDP router advertisement|364->ICMP IRDP router selection|365->ICMP PING (Undefined Code!)|366->ICMP PING *NIX|368->ICMP PING BSDtype|369->ICMP PING BayRS Router|370->ICMP PING BeOS4.x|371->ICMP PING Cisco Type.x|372->ICMP PING Delphi-Piette Windows|373->ICMP PING Flowpoint2200 or Network Management Software|374->ICMP PING IP NetMonitor Macintosh|375->ICMP PING LINUX/*BSD|376->ICMP PING Microsoft Windows|377->ICMP PING Network Toolbox 3 Windows|378->ICMP PING Ping-O-MeterWindows|379->ICMP PING Pinger Windows|380->ICMP PING Seer Windows|381->ICMP PING Sun Solaris|382->ICMP PING Windows|384->ICMP PING|385->ICMP traceroute-|386->ICMP Address Mask Reply|387->ICMP Address Mask Reply (Undefined Code!)|388->ICMP Address Mask Request|389->ICMP Address Mask Request (Undefined Code!)|390->ICMP Alternate Host Address|391->ICMP Alternate Host Address (Undefined Code!)|392->ICMP Datagram Conversion Error|393->ICMP Datagram Conversion Error (Undefined Code!)|394->ICMP Destination Unreachable (Destination Host Unknown)|395->ICMP Destination Unreachable (Destination Network Unknown)|396->ICMP Destination Unreachable (Fragmentation Needed and DF bit was set)|397->ICMP Destination Unreachable (Host Precedence Violation)|398->ICMP Destination Unreachable (Host Unreachable for Type of Service)|399->ICMP Destination Unreachable (Host Unreachable)|400->ICMP Destination Unreachable (Network Unreachable for Type of Service)|401->ICMP Destination Unreachable (Network Unreachable)|402->ICMP Destination Unreachable (Port Unreachable)|403->ICMP Destination Unreachable (Precedence Cutoff in effect)|404->ICMP Destination Unreachable (Protocol Unreachable)|405->ICMP Destination Unreachable (Source Host Isolated)|406->ICMP Destination Unreachable (Source Route Failed)|407->ICMP Destination Unreachable (Undefined Code!)|408->ICMP Echo Reply|409->ICMP Echo Reply (Undefined Code!)|410->ICMP Fragment Reassembly Time Exceeded|411->ICMP IPV6 I-Am-Here|412->ICMP IPV6 I-Am-Here (Undefined Code!|413->ICMP IPV6 Where-Are-You|414->ICMP IPV6 Where-Are-You (Undefined Code!)|415->ICMP Information Reply|416->ICMP Information Reply (Undefined Code!)|417->ICMP Information Request|418->ICMP Information Request (Undefined Code!)|419->ICMP Mobile Host Redirect|420->ICMP Mobile Host Redirect (Undefined Code!)|421->ICMP Mobile Registration Reply|422->ICMP Mobile Registration Reply (Undefined Code!)|423->ICMP Mobile Registration Request|424->ICMP Mobile Registration Request (Undefined Code!|425->ICMP Parameter Problem (Bad Length)|426->ICMP Parameter Problem (Missing a Required Option)|427->ICMP Parameter Problem (Unspecified Error)|428->ICMP Parameter Problem (Undefined Code!)|429->ICMP Photuris (Reserved)|430->ICMP Photuris (Unknown Security Parameters Index)|431->ICMP Photuris (Valid Security Parameters, But Authentication Failed)|432->ICMP Photuris (Valid Security Parameters, But Decryption Failed)|433->ICMP Photuris (Undefined Code!)|436->ICMP Redirect (for TOS and Host)|437->ICMP Redirect (for TOS and Network)|438->ICMP Redirect (Undefined Code!)|439->ICMP Reserved for Security (Type 19)|440->ICMP Reserved for Security (Type 19) (Undefined Code!)|441->ICMP Router Advertisement|443->ICMP Router Selection|451->ICMP Timestamp Reply|452->ICMP Timestamp Reply (Undefined Code!)|453->ICMP Timestamp Request|454->ICMP Timestamp Request (Undefined Code!)|456->ICMP Traceroute|457->ICMP Traceroute (Undefined Code!)|458->ICMP Unassigned! (Type 1)|459->ICMP Unassigned! (Type 1) (Undefined Code)|460->ICMP Unassigned! (Type 2)|461->ICMP Unassigned! (Type 2) (Undefined Code)|462->ICMP Unassigned! (Type 7)|463->ICMP Unassigned! (Type 7) (Undefined Code!)|465->ICMP ISS Pinger|466->ICMP L3retriever Ping|467->ICMP Nemesis v1.1 Echo|469->ICMP PING NMAP|471->ICMP icmpenum v1.1.1|472->ICMP redirect host|473->ICMP redirect net|474->ICMP superscan echo|475->ICMP traceroute ipopts|476->ICMP webtrends scanner|477->ICMP Source Quench|478->ICMP Broadscan Smurf Scanner|480->ICMP PING speedera|481->ICMP TJPingPro1.1Build 2 Windows|482->ICMP PING WhatsupGold Windows|483->ICMP PING CyberKit 2.2 Windows|484->ICMP PING Sniffer Pro/NetXRay network scan|485->ICMP Destination Unreachable (Communication Administratively Prohibited)|486->ICMP Destination Unreachable (Communication with Destination Host is Administratively Prohibited)|487->ICMP Destination Unreachable (Communication with Destination Network is Administratively Prohibited)|489->INFO FTP No Password|491->INFO FTP Bad login|492->INFO TELNET Bad Login|493->INFO psyBNC access|494->ATTACK-RESPONSES command completed|495->ATTACK-RESPONSES command error|496->ATTACK RESPONSES directory listing|497->ATTACK-RESPONSES file copied ok|498->ATTACK-RESPONSES id check returned root|499->ICMP Large ICMP Packet|500->MISC source route lssr|502->MISC source route ssrr|503->MISC Source Port 20 to <1024|504->MISC source port 53 to <1024|505->MISC Insecure TIMBUKTU Password|506->MISC ramen worm incoming|507->MISC PCAnywhere Attempted Administrator Login|509->WEB-MISC PCCS mysql database admin tool access|510->POLICY HP JetDirect LCD modification attempt|511->MISC Invalid PCAnywhere Login|512->MISC PCAnywhere Failed Login|514->MISC ramen worm|517->MISC xdmcp query|518->TFTP Put|519->TFTP parent directory|520->TFTP root directory|522->MISC Tiny Fragments|523->BAD-TRAFFIC ip reserved bit set|524->BAD-TRAFFIC tcp port 0 traffic|525->BAD-TRAFFIC udp port 0 traffic|526->BAD-TRAFFIC data in TCP SYN packet|527->BAD-TRAFFIC same SRC/DST|528->BAD-TRAFFIC loopback traffic|530->NETBIOS NT NULL session|532->NETBIOS SMB ADMIN$access|533->NETBIOS SMB C$ access|540->CHAT MSN message|541->CHAT ICQ access|542->CHAT IRC nick change|543->POLICY FTP \\'STOR 1MB\\' possible warez site|544->POLICY FTP \\'RETR 1MB\\' possible warez site|545->POLICY FTP \\'CWD / \\' possible warez site|546->POLICY FTP \\'CWD \\' possible warez site|547->POLICY FTP \\'MKD \\' possible warez site|548->POLICY FTP \\'MKD .\\' possible warez site|549->P2P napster login|550->P2P napster new user login|551->P2P napster download attempt|552->P2P napster upload request|553->POLICY FTP anonymous login attempt|554->POLICY FTP \\'MKD / \\' possible warez site|555->POLICY WinGate telnet server response|567->POLICY SMTP relaying denied|568->POLICY HP JetDirect LCD modification attempt|574->RPC mountd TCP export request|575->RPC portmap admind request UDP|576->RPC portmap amountd request UDP|577->RPC portmap bootparam request UDP|578->RPC portmap cmsd request UDP|579->RPC portmap mountd request UDP|580->RPC portmap nisd request UDP|581->RPC portmap pcnfsd request UDP|582->RPC portmap rexd request UDP|583->RPC portmap rstatd request UDP|584->RPC portmap rusers request UDP|585->RPC portmap sadmind request UDP|586->RPC portmap selection_svc request UDP|587->RPC portmap status request UDP|589->RPC portmap yppasswd request UDP|590->RPC portmap ypserv request UDP|591->RPC portmap ypupdated request TCP|593->RPC portmap snmpXdmi request TCP|595->RPC portmap espd request TCP|598->RPC portmap listing TCP 111|599->RPC portmap listing TCP 32771|602->RSERVICES rlogin bin|603->RSERVICES rlogin echo++|604->RSERVICES rsh froot|605->RSERVICES rlogin login failure|606->RSERVICES rlogin root|607->RSERVICES rsh bin|608->RSERVICES rsh echo + +|609->RSERVICES rsh froot|610->RSERVICES rsh root|611->RSERVICES rlogin login failure|614->BACKDOOR hack-a-tack attempt|618->SCAN Squid Proxy attempt|620->SCAN Proxy \\(8080\\) attempt|621->SCAN FIN|623->SCAN NULL|624->SCAN SYN FIN|625->SCAN XMAS|626->SCAN cybercop os PA12 attempt|627->SCAN cybercop os SFU12 probe|629->SCAN nmap fingerprint attempt|630->SCAN synscan portscan|631->SMTP ehlo cybercop attempt|632->SMTP expn cybercop attempt|634->SCAN Amanda client version request|638->SHELLCODE SGI NOOP|639->SHELLCODE SGI NOOP|640->SHELLCODE AIX NOOP|641->SHELLCODE Digital UNIX NOOP|642->SHELLCODE HP-UX NOOP|643->SHELLCODE HP-UX NOOP|644->SHELLCODE sparc NOOP|645->SHELLCODE sparc NOOP|646->SHELLCODE sparc NOOP|648->SHELLCODE x86 NOOP|649->SHELLCODE x86 setgid 0|650->SHELLCODE x86 setuid 0|651->SHELLCODE x86 stealth NOOP|654->SMTP RCPT TO overflow|655->SMTP sendmail 8.6.9 exploit|657->SMTP chameleon overflow|658->SMTP exchange mime DOS|659->SMTP expn decode|660->SMTP expn root|661->SMTP majordomo ifs|662->SMTP sendmail 5.5.5 exploit|663->SMTP rcpt to sed command attempt|664->SMTP RCPT TO decode attempt|665->SMTP sendmail 5.6.5 exploit|667->SMTP sendmail 8.6.10 exploit|668->SMTP sendmail 8.6.10 exploit|669->SMTP sendmail 8.6.9 exploit|670->SMTP sendmail 8.6.9 exploit|671->SMTP sendmail 8.6.9c exploit|672->SMTP vrfy decode|673->MS-SQL sp_start_job - program execution|676->MS-SQL/SMB sp_start_job - program execution|677->MS-SQL/SMB sp_password password change|678->MS-SQL/SMB sp_delete_alert log file deletion|679->MS-SQL/SMB sp_adduser database user creation|680->MS-SQL/SMB sa login failed|681->MS-SQL/SMB xp_cmdshell program execution|682->MS-SQL xp_enumresultset possible buffer overflow|683->MS-SQL sp_password - password change|684->MS-SQL sp_delete_alert log file deletion|685->MS-SQL sp_adduser - database user creation|686->MS-SQL xp_reg* - registry access|687->MS-SQL xp_cmdshell - program execution|688->MS-SQL sa login failed|689->MS-SQL/SMB xp_reg* registry access|691->MS-SQL shellcode attempt|692->MS-SQL/SMB shellcode attempt|693->MS-SQL shellcode attempt|694->MS-SQL/SMB shellcode attempt|706->MS-SQL xp_peekqueue possible buffer overflow|708->MS-SQL/SMB xp_enumresultset possible buffer overflow|711->TELNET SGI telnetd format bug|715->TELNET Attempted SU from wrong group|716->TELNET access|717->TELNET not on console|718->TELNET login incorrect|719->TELNET root login|720->Virus - SnowWhite Trojan Incoming|724->Virus - Possible MyRomeo Worm|725->Virus - Possible MyRomeo Worm|726->Virus - Possible MyRomeo Worm|727->Virus - Possible MyRomeo Worm|728->Virus - Possible MyRomeo Worm|731->Virus - Possible QAZ Worm|733->Virus - Possible QAZ Worm Calling Home|734->Virus - Possible Matrix worm|735->Virus - Possible MyRomeo Worm|772->Virus - Possible PrettyPark Trojan|775->Virus - Possible Bubbleboy Worm|793->Virus - Mail .VBS|795->Virus - Possible Worm - txt.vbs file|796->Virus - Possible Worm - xls.vbs file|797->Virus - Possible Worm - jpg.vbs file|798->Virus - Possible Worm - gif.vbs file|801->Virus - Possible Worm - doc.vbs file|803->WEB-CGI HyperSeek hsx.cgi directory traversal attempt|804->WEB-CGI SWSoft ASPSeek Overflow attempt|805->WEB-CGI webspeed access|806->WEB-CGI yabb.cgi directory traversal attempt|807->WEB-CGI /wwwboard/passwd.txt access|813->WEB-CGI webplus directory traversal|817->WEB-CGI dcboard.cgi invalid user addition attempt|824->WEB-CGI php.cgi access|835->WEB-CGI test-cgi access|845->WEB-CGI AT-admin.cgi access|848->WEB-CGI view-source directory traversal|867->WEB-CGI visadmin.exe access|879->WEB-CGI admin.pl access|882->WEB-CGI calendar access|888->WEB-CGI wwwadmin.pl access|894->WEB-CGI bb-hist.sh access|899->WEB-CGI Amaya templates sendtemp.pl directory traversal attempt|900->WEB-CGI webspirs.cgi directory traversal attempt|904->WEB-COLDFUSION exampleapp application.cfm|905->WEB-COLDFUSION application.cfm access|906->WEB-COLDFUSION getfile.cfm access|907->WEB-COLDFUSION addcontent.cfm access|908->WEB-COLDFUSION administrator access|921->WEB-COLDFUSION admin encrypt attempt|924->WEB-COLDFUSION admin decrypt attempt|935->WEB-COLDFUSION startstop DOS access|939->WEB-FRONTPAGE posting|945->WEB-FRONTPAGE fpadmin.htm access|948->WEB-FRONTPAGE form_results access|951->WEB-FRONTPAGE authors.pwd access|952->WEB-FRONTPAGE author.exe access|953->WEB-FRONTPAGE administrators.pwd access|958->WEB-FRONTPAGE service.cnf access|967->WEB-FRONTPAGE dvwssr.dll access|969->WEB-IIS WebDAV file lock attempt|970->WEB-IIS multiple decode attempt|971->WEB-IIS ISAPI .printer access|972->WEB-IIS .-asp access|973->WEB-IIS *.idc attempt|974->WEB-IIS ..\\.. access|975->WEB-IIS .asp\\:\\:$DATA access|976->WEB-IIS .bat? access|977->WEB-IIS .cnf access|978->WEB-IIS ASP contents view|979->WEB-IIS ASP contents view|980->WEB-IIS CGImail.exe access|981->WEB-IIS unicode directory traversal attempt|982->WEB-IIS unicode directory traversal attempt|983->WEB-IIS unicode directory traversal attempt|986->WEB-IIS MSProxy access|987->WEB-IIS .htr access|988->WEB-IIS SAM Attempt|989->WEB-IIS Unicode2.pl script (File permission canonicalization)|990->WEB-IIS _vti_inf access|991->WEB-IIS achg.htr access|992->WEB-IIS adctest.asp access|993->WEB-IIS iisadmin access|994->WEB-IIS /scripts/iisadmin/default.htm access|995->WEB-IIS ism.dll access|996->WEB-IIS anot.htr access|997->WEB-IIS asp-dot attempt|998->WEB-IIS asp-srch attempt|999->WEB-IIS bdir access|1000->WEB-IIS bdir.htr access|1001->WEB-MISC carbo.dll access|1002->WEB-IIS cmd.exe access|1003->WEB-IIS cmd? access|1007->WEB-IIS cross-site scripting attempt|1008->WEB-IIS del attempt|1009->WEB-IIS directory listing|1011->WEB-IIS exec-src access|1015->WEB-IIS getdrvs.exe access|1016->WEB-IIS global.asa access|1017->WEB-IIS idc-srch attempt|1018->WEB-IIS iisadmpwd attempt|1019->WEB-IIS index server file source code attempt|1020->WEB-IIS isc$data attempt|1021->WEB-IIS ism.dll attempt|1022->WEB-IIS jet vba access|1023->WEB-IIS msadcs.dll access|1024->WEB-IIS newdsn.exe access|1025->WEB-IIS perl access|1026->WEB-IIS perl-browse0a attempt|1027->WEB-IIS perl-browse20 attempt|1029->WEB-IIS scripts-browse access|1030->WEB-IIS search97.vts access|1037->WEB-IIS showcode.asp access|1038->WEB-IIS site server config access|1039->WEB-IIS srch.htm access|1040->WEB-IIS srchadm access|1041->WEB-IIS uploadn.asp access|1042->WEB-IIS view source via translate header|1043->WEB-IIS viewcode.asp access|1044->WEB-IIS webhits access|1045->WEB-IIS Unauthorized IP Access Attempt|1046->WEB-IIS site/iisamples access|1050->WEB-MISC iPlanet GETPROPERTIES attempt|1051->WEB-CGI technote main.cgi file directory traversal attempt|1052->WEB-CGI technote print.cgi directory traversal attempt|1054->WEB-MISC weblogic view source attempt|1055->WEB-MISC Tomcat directory traversal attempt|1062->WEB-MISC nc.exe attempt|1066->WEB-MISC telnet attempt|1067->WEB-MISC net attempt|1070->WEB-MISC WebDAV search access|1071->WEB-MISC .htpasswd access|1072->WEB-MISC Lotus Domino directory traversal|1073->WEB-MISC webhits.exe access|1075->WEB-IIS postinfo.asp access|1076->WEB-IIS repost.asp access|1079->WEB-MISC WebDAV propfind access|1080->WEB-MISC unify eWave ServletExec upload|1087->WEB-MISC whisker tab splice attack|1088->WEB-CGI eXtropia webstore directory traversal|1089->WEB-CGI shopping cart directory traversal|1092->WEB-CGI Armada Style Master Index directory traversal|1093->WEB-CGI cached_feed.cgi moreover shopping cart directory traversal|1094->WEB-CGI webstore directory traversal|1103->WEB-MISC Netscape admin passwd|1104->WEB-MISC whisker space splice attack|1111->WEB-MISC Tomcat server exploit access|1112->WEB-MISC http directory traversal|1113->WEB-MISC http directory traversal|1122->WEB-MISC /etc/passwd|1129->WEB-MISC .htaccess access|1133->SCAN cybercop os probe|1134->WEB-PHP Phorum admin access|1137->WEB-PHP Phorum authentication access|1139->WEB-MISC whisker HEAD/./|1158->WEB-MISC windmail.exe access|1159->WEB-MISC webplus access|1162->WEB-MISC cart 32 AdminPwd access|1163->WEB-CGI webdist.cgi access|1166->WEB-MISC ws_ftp.ini access|1167->WEB-MISC rpm_query access|1171->WEB-MISC whisker HEAD with large datagram|1175->WEB-MISC wwwboard.pl access|1176->WEB-MISC order.log access|1186->WEB-MISC Netscape Enterprise Server directory view|1187->WEB-MISC SalesLogix Eviewer web command attempt|1188->WEB-MISC Netscape Enterprise Server directory view|1189->WEB-MISC Netscape Enterprise Server directory view|1190->WEB-MISC Netscape Enterprise Server directory view|1191->WEB-MISC Netscape Enterprise Server directory view|1196->WEB-CGI SGI InfoSearch fname attempt|1198->WEB-MISC Netscape Enterprise Server directory view|1199->WEB-MISC Compaq Insight directory traversal|1204->WEB-CGI ax-admin.cgi access|1212->WEB-MISC Admin_files access|1215->WEB-CGI ministats admin access|1218->WEB-MISC adminlogin access|1225->X11 MIT Magic Cookie detected|1226->X11 xopen|1227->X11 outbound client connection detected|1228->SCAN nmap XMAS|1229->FTP CWD ...|1233->WEB-CLIENT Outlook EML access|1240->EXPLOIT MDBMS overflow|1241->WEB-MISC SWEditServlet directory traversal attempt|1242->WEB-IIS ISAPI .ida access|1243->WEB-IIS ISAPI .ida attempt|1244->WEB-IIS ISAPI .idq attempt|1245->WEB-IIS ISAPI .idq access|1250->WEB-MISC Cisco IOS HTTP configuration attempt|1251->INFO TELNET Bad Login|1256->WEB-IIS CodeRed v2 root.exe access|1257->DOS Winnuke attack|1260->WEB-MISC long basic authorization string|1261->EXPLOIT AIX pdnsd overflow|1262->RPC portmap admind request TCP|1263->RPC portmap amountd request TCP|1264->RPC portmap bootparam request TCP|1265->RPC portmap cmsd request TCP|1266->RPC portmap mountd request TCP|1267->RPC portmap nisd request TCP|1268->RPC portmap pcnfsd request TCP|1269->RPC portmap rexd request TCP|1270->RPC portmap rstatd request TCP|1271->RPC portmap rusers request TCP|1272->RPC portmap sadmind request TCP|1273->RPC portmap selection_svc request TCP|1275->RPC portmap yppasswd request TCP|1279->RPC portmap snmpXdmi request UDP|1280->RPC portmap listing UDP 111|1281->RPC portmap listing UDP 32771|1283->WEB-IIS outlook web dos|1284->WEB-CLIENT readme.eml download attempt|1285->WEB-IIS msdac access|1286->WEB-IIS _mem_bin access|1287->WEB-IIS scripts access|1289->TFTP GET Admin.dll|1290->WEB-CLIENT readme.eml autoload attempt|1292->ATTACK-RESPONSES directory listing|1298->RPC portmap tooltalk request TCP|1299->RPC portmap tooltalk request UDP|1300->WEB-PHP admin.php file upload attempt|1301->WEB-PHP admin.php access|1305->WEB-CGI txt2html.cgi directory traversal attempt|1306->WEB-CGI store.cgi product directory traversal attempt|1310->PORN free XXX|1311->PORN hardcore anal|1312->PORN nude cheerleader|1313->PORN up skirt|1314->PORN young teen|1315->PORN hot young sex|1316->PORN fuck fuck fuck|1317->PORN anal sex|1318->PORN hardcore rape|1319->PORN real snuff|1320->PORN fuck movies|1321->BAD-TRAFFIC 0 ttl|1322->BAD-TRAFFIC bad frag bits|1323->EXPLOIT rwhoisd format string attempt|1324->EXPLOIT ssh CRC32 overflow /bin/sh|1325->EXPLOIT ssh CRC32 overflow filler|1326->EXPLOIT ssh CRC32 overflow NOOP|1327->EXPLOIT ssh CRC32 overflow|1328->WEB-ATTACKS ps command attempt|1329->WEB-ATTACKS /bin/ps command attempt|1330->WEB-ATTACKS wget command attempt|1331->WEB-ATTACKS uname -a command attempt|1332->WEB-ATTACKS /usr/bin/id command attempt|1333->WEB-ATTACKS id command attempt|1334->WEB-ATTACKS echo command attempt|1335->WEB-ATTACKS kill command attempt|1336->WEB-ATTACKS chmod command attempt|1337->WEB-ATTACKS chgrp command attempt|1338->WEB-ATTACKS chown command attempt|1339->WEB-ATTACKS chsh command attempt|1340->WEB-ATTACKS tftp command attempt|1341->WEB-ATTACKS /usr/bin/gcc command attempt|1342->WEB-ATTACKS gcc command attempt|1343->WEB-ATTACKS /usr/bin/cc command attempt|1344->WEB-ATTACKS cc command attempt|1345->WEB-ATTACKS /usr/bin/cpp command attempt|1346->WEB-ATTACKS cpp command attempt|1347->WEB-ATTACKS /usr/bin/g++ command attempt|1348->WEB-ATTACKS g++ command attempt|1349->WEB-ATTACKS bin/python access attempt|1350->WEB-ATTACKS python access attempt|1351->WEB-ATTACKS bin/tclsh execution attempt|1352->WEB-ATTACKS tclsh execution attempt|1353->WEB-ATTACKS bin/nasm command attempt|1354->WEB-ATTACKS nasm command attempt|1355->WEB-ATTACKS /usr/bin/perl execution attempt|1356->WEB-ATTACKS perl execution attempt|1357->WEB-ATTACKS nt admin addition attempt|1358->WEB-ATTACKS traceroute command attempt|1359->WEB-ATTACKS ping command attempt|1360->WEB-ATTACKS netcat command attempt|1363->WEB-ATTACKS X application to remote host attempt|1364->WEB-ATTACKS lsof command attempt|1365->WEB-ATTACKS rm command attempt|1366->WEB-ATTACKS mail command attempt|1367->WEB-ATTACKS mail command attempt|1368->WEB-ATTACKS /bin/ls|1369->WEB-ATTACKS /bin/ls command attempt|1370->WEB-ATTACKS /etc/inetd.conf access|1372->WEB-ATTACKS /etc/shadow access|1373->WEB-ATTACKS conf/httpd.conf attempt|1374->WEB-ATTACKS .htgroup access|1375->WEB-MISC sadmind worm access|1377->FTP wu-ftp bad file completion attempt (|1378->FTP wu-ftp bad file completion attempt (|1379->FTP STAT overflow attempt|1380->WEB-IIS cross-site scripting attempt|1382->EXPLOIT CHAT IRC Ettercap parse overflow attempt|1383->P2P Fastrack (kazaa/morpheus) GET request|1385->WEB-MISC mod-plsql administration access|1387->MS-SQL raiserror possible buffer overflow|1389->WEB-MISC viewcode.jse access|1394->SHELLCODE x86 NOOP|1397->WEB-CGI wayboard attempt|1398->EXPLOIT CDE dtspcd exploit attempt|1399->WEB-PHP PHP-Nuke remote file include attempt|1400->WEB-IIS /scripts/samples/ access|1401->WEB-IIS /msadc/samples/ access|1402->WEB-IIS iissamples access|1408->DOS MSDTC attempt|1411->SNMP public access udp|1412->SNMP public access tcp|1413->SNMP private access udp|1414->SNMP private access tcp|1415->SNMP Broadcast request|1416->SNMP broadcast trap|1417->SNMP request udp|1418->SNMP request tcp|1419->SNMP trap udp|1420->SNMP trap tcp|1422->SNMP community string buffer overflow attempt (with evasion)|1431->BAD-TRAFFIC syn to multicast address|1432->P2P GNUTella GET|1435->DNS named authors attempt|1441->TFTP GET nc.exe|1442->TFTP GET shadow|1443->TFTP GET passwd|1444->TFTP Get|1445->POLICY FTP file_id.diz access possible warez site|1446->SMTP vrfy root|1449->POLICY FTP anonymous (ftp) login attempt|1450->SMTP expn *@|1456->WEB-CGI calender_admin.pl access|1457->WEB-CGI user_update_admin.pl access|1463->CHAT IRC message|1484->WEB-IIS /isapi/tstisapi.dll access|1485->WEB-IIS mkilog.exe access|1486->WEB-IIS ctss.idc access|1487->WEB-IIS /iisadmpwd/aexp2.htr access|1488->WEB-CGI store.cgi directory traversal attempt|1490->WEB-PHP Phorum /support/common.php attempt|1491->WEB-PHP Phorum /support/common.php access|1492->WEB-MISC RBS ISP /newuser directory traversal attempt|1497->WEB-MISC cross site scripting attempt|1498->WEB-MISC PIX firewall manager directory traversal attempt|1501->WEB-CGI a1stats a1disp3.cgi directory traversal attempt|1503->WEB-CGI admentor admin.asp access|1504->MISC AFS access|1509->WEB-CGI AltaVista Intranet Search directory traversal attempt|1519->WEB-MISC apache ?M=D directory list attempt|1520->WEB-MISC server-info access|1526->WEB-MISC basilix sendmail.inc access|1527->WEB-MISC basilix mysql.class access|1529->FTP SITE overflow attempt|1530->FTP format string attempt|1536->WEB-CGI calendar_admin.pl arbitrary command execution attempt|1537->WEB-CGI calendar_admin.pl access|1541->FINGER version query|1544->WEB-MISC Cisco Catalyst command execution attempt|1545->DOS Cisco attempt|1546->WEB-MISC Cisco /%% DOS attempt|1549->SMTP HELO overflow attempt|1550->SMTP ETRN overflow attempt|1562->FTP SITE CHOWN overflow attempt|1567->WEB-IIS /exchange/root.asp attempt|1568->WEB-IIS /exchange/root.asp access|1569->WEB-CGI loadpage.cgi directory traversal attempt|1571->WEB-CGI dcforum.cgi directory traversal attempt|1579->WEB-MISC Domino webadmin.nsf access|1595->WEB-IIS htimage.exe access|1598->WEB-CGI Home Free search.cgi directory traversal attempt|1600->WEB-CGI htsearch arbitrary configuration file attempt|1601->WEB-CGI htsearch arbitrary file read attempt|1602->WEB-CGI htsearch access|1604->WEB-MISC iChat directory traversal attempt|1605->DOS iParty DOS attempt|1607->WEB-CGI HyperSeek hsx.cgi access|1610->WEB-CGI formmail arbitrary command execution attempt|1616->DNS named version attempt|1618->WEB-IIS .asp Transfer-Encoding\\: chunked|1621->FTP CMD overflow attempt|1622->FTP RNFR ././ attempt|1623->FTP invalid MODE|1624->FTP large PWD command|1625->FTP large SYST command|1626->WEB-IIS /StoreCSVS/InstantOrder.asmx request|1627->BAD-TRAFFIC Unassigned/Reserved IP protocol|1628->WEB-CGI FormHandler.cgi directory traversal attempt attempt|1631->CHAT AIM login|1632->CHAT AIM send message|1633->CHAT AIM receive message|1636->MISC Xtramail Username overflow attempt|1638->SCAN SSH Version map attempt|1639->CHAT IRC DCC file transfer request|1640->CHAT IRC DCC chat request|1641->DOS DB2 dos attempt|1645->WEB-CGI testcgi access|1657->WEB-CGI pagelog.cgi directory traversal attempt|1660->WEB-IIS trace.axd access|1661->WEB-IIS cmd32.exe access|1662->WEB-MISC /~ftp access|1667->WEB-MISC cross site scripting \\(img src=javascript\\) attempt|1672->FTP CWD ~ attempt|1673->ORACLE EXECUTE_SYSTEM attempt|1674->ORACLE connect_data\\(command=version\\) attempt|1675->ORACLE misparsed login response|1676->ORACLE select union attempt|1677->ORACLE select like \\'%\\' attempt|1678->ORACLE select like \\\\'%\\\\' attempt|1679->ORACLE describe attempt|1680->ORACLE all_constraints access|1681->ORACLE all_views access|1682->ORACLE all_source access|1683->ORACLE all_tables access|1684->ORACLE all_tab_columns access|1685->ORACLE all_tab_privs access|1686->ORACLE dba_tablespace access|1687->ORACLE dba_tables access|1688->ORACLE user_tablespace access|1689->ORACLE sys.all_users access|1690->ORACLE grant attempt|1691->ORACLE ALTER USER attempt|1692->ORACLE drop table attempt|1693->ORACLE create table attempt|1694->ORACLE alter table attempt|1695->ORACLE truncate table attempt|1696->ORACLE create database attempt|1697->ORACLE alter database attempt|1699->P2P Fastrack (kazaa/morpheus) traffic|1701->WEB-CGI calendar-admin.pl access|1703->WEB-CGI auktion.cgi directory traversal attempt|1704->WEB-CGI cal_make.pl directory traversal attempt|1719->WEB-CGI talkback.cgi directory traversal attempt|1725->WEB-IIS +.htr code fragment attempt|1726->WEB-IIS doctodep.btr access|1728->FTP CWD ~ attempt|1729->CHAT IRC channel join|1730->WEB-CGI ustorekeeper.pl directory traversal attempt|1732->RPC portmap rwalld request UDP|1733->RPC portmap rwalld request TCP|1734->FTP USER overflow attempt|1739->WEB-PHP DNSTools administrator authentication bypass attempt|1746->RPC portmap cachefsd request UDP|1747->RPC portmap cachefsd request TCP|1748->FTP command overflow attempt|1750->WEB-IIS users.xml access|1751->EXPLOIT cachefsd buffer overflow attempt|1753->WEB-IIS as_web.exe access|1754->WEB-IIS as_web4.exe access|1755->IMAP partial body buffer overflow attempt|1756->WEB-IIS NewsPro administration authentication attempt|1759->MS-SQL xp_cmdshell program execution (445)|1768->WEB-IIS header field buffer overflow attempt|1772->WEB-IIS pbserver access|1773->WEB-PHP php.exe access|1775->MYSQL root login attempt|1776->MYSQL show databases attempt|1777->FTP EXPLOIT STAT * dos attempt|1778->FTP EXPLOIT STAT ? dos attempt|1779->FTP CWD .... attempt|1781->PORN dildo|1782->PORN nipple clamp|1783->PORN oral sex|1784->PORN nude celeb|1785->PORN voyeur|1786->PORN raw sex|1789->CHAT IRC dns request|1790->CHAT IRC dns response|1791->BACKDOOR fragroute trojan connection attempt|1793->PORN fetish|1794->PORN masturbation|1795->PORN ejaculation|1796->PORN virgin|1797->PORN BDSM|1798->PORN erotica|1799->PORN fisting|1800->VIRUS Klez Incoming|1805->WEB-CGI Oracle reports CGI access|1806->WEB-IIS .htr Transfer-Encoding\\: chunked|1808->WEB-MISC apache chunked encoding memory corruption exploit attempt|1809->WEB-MISC Apache Chunked-Encoding worm attempt|1810->ATTACK-RESPONSES successful gobbles ssh exploit (GOBBLE)|1811->ATTACK-RESPONSES successful gobbles ssh exploit (uname)|1812->EXPLOIT gobbles SSH exploit attempt|1813->ICMP digital island bandwidth query|1814->WEB-MISC CISCO VoIP DOS ATTEMPT|1817->WEB-IIS MS Site Server default login attempt|1818->WEB-IIS MS Site Server admin attempt|1821->EXPLOIT LPD dvips remote command execution attempt|1822->WEB-CGI alienform.cgi directory traversal attempt|1823->WEB-CGI AlienForm af.cgi directory traversal attempt|1827->WEB-MISC Tomcat servlet mapping cross site scripting attempt|1828->WEB-MISC iPlanet Search directory traversal attempt|1831->WEB-MISC jigsaw dos attempt|1832->CHAT ICQ forced user addition|1833->PORN naked lesbians|1834->WEB-PHP PHP-Wiki cross site scripting attempt|1835->WEB-MISC Macromedia SiteSpring cross site scripting attempt|1836->PORN alt.binaries.pictures.erotica|1837->PORN alt.binaries.pictures.tinygirls|1838->EXPLOIT SSH server banner overflow|1839->WEB-MISC mailman cross site scripting attempt|1841->WEB-CLIENT Javascript URL host spoofing attempt|1842->IMAP login buffer overflow attempt|1843->BACKDOOR trinity connection attempt|1844->IMAP authenticate overflow attempt|1845->IMAP list literal overflow attempt|1852->WEB-MISC robots.txt access|1853->BACKDOOR win-trin00 connection attempt|1854->DDOS Stacheldraht handler->agent (niggahbitch)|1855->DDOS Stacheldraht agent->handler (skillz)|1856->DDOS Stacheldraht handler->agent (ficken)|1857->WEB-MISC robot.txt access|1858->WEB-MISC CISCO PIX Firewall Manager directory traversal attempt|1859->WEB-MISC Sun JavaServer default password login attempt|1860->WEB-MISC Linksys router default password login attempt \\(\\:admin\\)|1861->WEB-MISC Linksys router default password login attempt \\(admin\\:admin\\)|1862->WEB-CGI mrtg.cgi directory traversal attempt|1864->FTP SITE NEWER attempt|1866->POP3 USER overflow attempt|1871->WEB-MISC Oracle XSQLConfig.xml access|1882->ATTACK-RESPONSES id check returned userid|1883->ATTACK-RESPONSES id check returned nobody|1884->ATTACK-RESPONSES id check returned web|1885->ATTACK-RESPONSES id check returned http|1886->ATTACK-RESPONSES id check returned apache|1888->FTP SITE CPWD overflow attempt|1890->RPC status GHBN format string attack|1891->RPC status GHBN format string attack|1892->SNMP null community string attempt|1894->EXPLOIT kadmind buffer overflow attempt|1895->EXPLOIT kadmind buffer overflow attempt|1896->EXPLOIT kadmind buffer overflow attempt|1897->EXPLOIT kadmind buffer overflow attempt|1898->EXPLOIT kadmind buffer overflow attempt|1899->EXPLOIT kadmind buffer overflow attempt|1902->IMAP lsub literal overflow attempt|1903->IMAP rename overflow attempt|1904->IMAP find overflow attempt|1905->RPC AMD UDP amqproc_mount plog overflow attempt|1906->RPC AMD TCP amqproc_mount plog overflow attempt|1907->RPC CMSD UDP CMSD_CREATE buffer overflow attempt|1908->RPC CMSD TCP CMSD_CREATE buffer overflow attempt|1909->RPC CMSD TCP CMSD_INSERT buffer overflow attempt|1910->RPC CMSD udp CMSD_INSERT buffer overflow attempt|1911->RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt|1912->RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt|1913->RPC STATD UDP stat mon_name format string exploit attempt|1914->RPC STATD TCP stat mon_name format string exploit attempt|1915->RPC STATD UDP monitor mon_name format string exploit attempt|1916->RPC STATD TCP monitor mon_name format string exploit attempt|1917->SCAN UPnP service discover attempt|1918->SCAN SolarWinds IP scan attempt|1919->FTP CWD overflow attempt|1920->FTP SITE NEWER overflow attempt|1921->FTP SITE ZIPCHK attempt|1922->RPC portmap proxy attempt TCP|1923->RPC portmap proxy attempt UDP|1924->RPC mountd UDP export request|1925->RPC mountd TCP exportall request|1926->RPC mountd UDP exportall request|1927->FTP authorized_keys|1928->FTP shadow retrieval attempt|1929->BACKDOOR TCPDUMP/PCAP trojan traffic|1930->IMAP auth overflow attempt|1941->TFTP filename overflow attempt|1942->FTP RMDIR overflow attempt|1945->WEB-IIS unicode directory traversal attempt|1946->WEB-MISC answerbook2 admin attempt|1948->DNS zone transfer UDP|1949->RPC portmap SET attempt TCP 111|1950->RPC portmap SET attempt UDP 111|1951->RPC mountd TCP mount request|1952->RPC mountd UDP mount request|1953->RPC AMD TCP pid request|1954->RPC AMD UDP pid request|1955->RPC AMD TCP version request|1956->RPC AMD UDP version request|1963->RPC RQUOTA getquota overflow attempt UDP|1964->RPC tooltalk UDP overflow attempt|1965->RPC tooltalk TCP overflow attempt|1970->WEB-IIS MDAC Content-Type overflow attempt|1971->FTP SITE EXEC format string attempt|1972->FTP PASS overflow attempt|1973->FTP MKD overflow attempt|1974->FTP REST overflow attempt|1976->FTP RMD overflow attempt|1980->BACKDOOR DeepThroat 3.1 Connection attempt|1981->BACKDOOR DeepThroat 3.1 Connection attempt (3150)|1982->BACKDOOR DeepThroat 3.1 Server Response (3150)|1983->BACKDOOR DeepThroat 3.1 Connection attempt (4120)|1984->BACKDOOR DeepThroat 3.1 Server Response (4120)|1985->BACKDOOR Doly 1.5 server response|1986->CHAT MSN file transfer request|1987->MISC xfs overflow attempt|1988->CHAT MSN file transfer accept|1989->CHAT MSN file transfer reject|1990->CHAT MSN user search|1991->CHAT MSN login attempt|1992->FTP LIST directory traversal attempt|1993->IMAP login literal buffer overflow attempt|2000->WEB-PHP readmsg.php access|2001->WEB-CGI smartsearch.cgi access|2002->WEB-PHP external include path|2003->MS-SQL Worm propagation attempt|2004->MS-SQL Worm propagation attempt OUTBOUND|2005->RPC portmap kcms_server request UDP|2006->RPC portmap kcms_server request TCP|2007->RPC kcms_server directory traversal attempt|2008->MISC CVS invalid user authentication response|2009->MISC CVS invalid repository response|2010->MISC CVS double free exploit attempt response|2011->MISC CVS invalid directory response|2012->MISC CVS missing cvsroot response|2013->MISC CVS invalid module response|2014->RPC portmap UNSET attempt TCP 111|2015->RPC portmap UNSET attempt UDP 111|2016->RPC portmap status request TCP|2017->RPC portmap espd request UDP|2018->RPC mountd TCP dump request|2019->RPC mountd UDP dump request|2020->RPC mountd TCP unmount request|2021->RPC mountd UDP unmount request|2022->RPC mountd TCP unmountall request|2023->RPC mountd UDP unmountall request|2024->RPC RQUOTA getquota overflow attempt TCP|2025->RPC yppasswd username overflow attempt UDP|2026->RPC yppasswd username overflow attempt TCP|2027->RPC yppasswd old password overflow attempt UDP|2028->RPC yppasswd old password overflow attempt TCP|2029->RPC yppasswd new password overflow attempt UDP|2030->RPC yppasswd new password overflow attempt TCP|2031->RPC yppasswd user update UDP|2032->RPC yppasswd user update TCP|2033->RPC ypserv maplist request UDP|2034->RPC ypserv maplist request TCP|2035->RPC portmap network-status-monitor request UDP|2036->RPC portmap network-status-monitor request TCP|2037->RPC network-status-monitor mon-callback request UDP|2038->RPC network-status-monitor mon-callback request TCP|2039->MISC bootp hostname format string attempt|2040->POLICY xtacacs login attempt|2041->MISC xtacacs failed login response|2042->POLICY xtacacs accepted login response|2043->MISC isakmp login failed|2044->POLICY PPTP setup attempt|2045->RPC snmpXdmi overflow attempt UDP|2046->IMAP partial body.peek buffer overflow attempt|2047->MISC rsyncd module list access|2048->MISC rsyncd overflow attempt|2049->MS-SQL ping attempt|2050->MS-SQL version overflow attempt|2051->WEB-CGI cached_feed.cgi moreover shopping cart access|2052->WEB-CGI overflow.cgi access|2053->WEB-CGI process_bug.cgi access|2054->WEB-CGI enter_bug.cgi arbitrary command attempt|2055->WEB-CGI enter_bug.cgi access|2056->WEB-MISC TRACE attempt|2057->WEB-MISC helpout.exe access|2058->WEB-MISC MsmMask.exe attempt|2059->WEB-MISC MsmMask.exe access|2060->WEB-MISC DB4Web access|2061->WEB-MISC Tomcat null byte directory listing attempt|2062->WEB-MISC iPlanet .perf access|2063->WEB-MISC Demarc SQL injection attempt|2064->WEB-MISC Lotus Notes .csp script source download attempt|2065->WEB-MISC Lotus Notes .csp script source download attempt|2066->WEB-MISC Lotus Notes .pl script source download attempt|2067->WEB-MISC Lotus Notes .exe script source download attempt|2068->WEB-MISC BitKeeper arbitrary command attempt|2069->WEB-MISC chip.ini access|2070->WEB-MISC post32.exe arbitrary command attempt|2071->WEB-MISC post32.exe access|2072->WEB-MISC lyris.pl access|2073->WEB-MISC globals.pl access|2074->WEB-PHP Mambo uploadimage.php upload php file attempt|2075->WEB-PHP Mambo upload.php upload php file attempt|2076->WEB-PHP Mambo uploadimage.php access|2077->WEB-PHP Mambo upload.php access|2078->WEB-PHP phpBB privmsg.php access|2079->RPC portmap nlockmgr request UDP|2080->RPC portmap nlockmgr request TCP|2081->RPC portmap rpc.xfsmd request UDP|2082->RPC portmap rpc.xfsmd request TCP|2083->RPC rpc.xfsmd xfs_export attempt UDP|2084->RPC rpc.xfsmd xfs_export attempt TCP|2085->WEB-CGI parse_xml.cgi access|2086->WEB-CGI streaming server parse_xml.cgi access|2087->SMTP >From comment overflow attempt|2088->RPC ypupdated arbitrary command attempt UDP|2089->RPC ypupdated arbitrary command attempt TCP|2090->WEB-IIS WEBDAV exploit attempt|2091->WEB-IIS WEBDAV nessus safe scan attempt|2092->RPC portmap proxy integer overflow attempt UDP|2093->RPC portmap proxy integer overflow attempt TCP|2094->RPC CMSD UDP CMSD_CREATE array buffer overflow attempt|2095->RPC CMSD TCP CMSD_CREATE array buffer overflow attempt|2100->BACKDOOR SubSeven 2.1 Gold server connection response|2101->NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt|2102->NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt|2103->NETBIOS SMB trans2open buffer overflow attempt|2104->ATTACK-RESPONSES rexec username too long response|2105->IMAP authenticate literal overflow attempt|2106->IMAP lsub overflow attempt|2107->IMAP create buffer overflow attempt|2108->POP3 CAPA overflow attempt|2109->POP3 TOP overflow attempt|2110->POP3 STAT overflow attempt|2111->POP3 DELE overflow attempt|2112->POP3 RSET overflow attempt|2113->RSERVICES rexec username overflow attempt|2114->RSERVICES rexec password overflow attempt|2115->WEB-CGI album.pl access|2116->WEB-CGI chipcfg.cgi access|2117->WEB-IIS Battleaxe Forum login.asp access|2118->IMAP list overflow attempt|2119->IMAP rename literal overflow attempt|2120->IMAP create literal buffer overflow attempt|2121->POP3 DELE negative arguement attempt|2122->POP3 UIDL negative arguement attempt|2123->ATTACK-RESPONSES Microsoft cmd.exe banner|2124->BACKDOOR Remote PC Access connection attempt|2125->FTP CWD C:\\\\|2126->MISC Microsoft PPTP Start Control Request buffer overflow attempt|2127->WEB-CGI ikonboard.cgi access|2128->WEB-CGI swsrv.cgi access|2129->WEB-IIS nsiislog.dll access|2130->WEB-IIS IISProtect siteadmin.asp access|2131->WEB-IIS IISProtect access|2132->WEB-IIS Synchrologic Email Accelerator userid list access attempt|2133->WEB-IIS MS BizTalk server access|2134->WEB-IIS register.asp access|2135->WEB-MISC philboard.mdb access|2136->WEB-MISC philboard_admin.asp authentication bypass attempt|2137->WEB-MISC philboard_admin.asp access|2138->WEB-MISC logicworks.ini access|2139->WEB-MISC /*.shtml access|2140->WEB-PHP p-news.php access|2141->WEB-PHP shoutbox.php directory traversal attempt|2142->WEB-PHP shoutbox.php access|2143->WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt|2144->WEB-PHP b2 cafelog gm-2-b2.php access|2145->WEB-PHP TextPortal admin.php default password (admin) attempt|2146->WEB-PHP TextPortal admin.php default password (12345) attempt|2147->WEB-PHP BLNews objects.inc.php4 remote command execution attempt|2148->WEB-PHP BLNews objects.inc.php4 access|2149->WEB-PHP Turba status.php access|2150->WEB-PHP ttCMS header.php remote command execution attempt|2151->WEB-PHP ttCMS header.php access|2152->WEB-PHP test.php access|2153->WEB-PHP autohtml.php directory traversal attempt|2154->WEB-PHP autohtml.php access|2155->WEB-PHP ttforum remote command execution attempt|2156->WEB-MISC mod_gzip_status access|2157->WEB-IIS IISProtect GlobalAdmin.asp access|2158->MISC BGP invalid length|2159->MISC BGP invalid type (0)|2160->VIRUS OUTBOUND .exe file attachment|2161->VIRUS OUTBOUND .doc file attachment|2162->VIRUS OUTBOUND .hta file attachment|2163->VIRUS OUTBOUND .chm file attachment|2164->VIRUS OUTBOUND .reg file attachment|2165->VIRUS OUTBOUND .ini file attachment|2166->VIRUS OUTBOUND .bat file attachment|2167->VIRUS OUTBOUND .diz file attachment|2168->VIRUS OUTBOUND .cpp file attachment|2169->VIRUS OUTBOUND .dll file attachment|2170->VIRUS OUTBOUND .vxd file attachment|2171->VIRUS OUTBOUND .sys file attachment|2172->VIRUS OUTBOUND .com file attachment|2173->VIRUS OUTBOUND .hsq file attachment|2174->NETBIOS SMB winreg access|2175->NETBIOS SMB winreg access (unicode)|2176->NETBIOS SMB Startup Folder access attempt|2177->NETBIOS SMB Startup Folder access attempt (unicode)|2180->P2P BitTorrent announce request|2181->P2P BitTorrent transfer|2183->SMTP Content-Transfer-Encoding overflow attempt|2186->BAD-TRAFFIC IP Proto 53 (SWIPE)|2187->BAD-TRAFFIC IP Proto 55 (IP Mobility)|2188->BAD-TRAFFIC IP Proto 77 (Sun ND)|2189->BAD-TRAFFIC IP Proto 103 (PIM)|2190->NETBIOS DCERPC invalid bind attempt|2191->NETBIOS SMB DCERPC invalid bind attempt|2192->NETBIOS DCERPC ISystemActivator bind attempt|2193->NETBIOS SMB DCERPC ISystemActivator bind attempt'); '';" mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events } # database.numerical_fields create_profile_wizard_options = { host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" source_ip = true destination_ip = true source_port = true destination_port = true classification = true snort_priority = true protocol = true rule = true message = true } # report_groups } # create_profile_wizard_options not_supported = { sessions = true pageviews = true bandwidth = true visitors = true } # not_supported } # snort