WatchGuard® Made Simple

This site is for common setup practices as well as tips and tricks for WatchGuard® Firewall products and contain editorial content.  While every effort is made to ensure all information is correct and concise, no warranty of any kind is expressed or implied, and all information is provided on an "as is" basis.

WatchGuard® is not affiliated with this site and all trademarks and graphics referenced are the property of WatchGuard Technologies Inc. or their respective owners.  All other content is the property of Fireboxsupport.com and may not be reproduced without permission.
 

                                       PLEASE REFRESH THE  PAGES IF YOU HAVE VISITED PREVIOUSLY! - NEW CONTENT ADDED!  01/02/2007

Common Practices

Fireware Pro

Configurations and examples

Firebox SSL VPN

Firebox Core SSL VPN

Firebox X Core/Edge

Setup -

Branch Office VPN (IPSec) - Firebox/Soho

Proxy Configuration

Webblocker Configuration

Remote User configuration using MUVPN & PPTP

Spamscreen®

High Availability

Troubleshooting -

Firebox X Resetting

Rebuilding your configuration

Backing Up/Restoring your Firebox Image.

 

WatchGuard Support Programs

Top

                                                 

MoneyCentral Stock Quote
Enter (WGRD) 

 

 

 

 

 

IPS Signature Database

Dec 12, 2006

Most recent signature list with ID, name, and category:

 

Intrusion Prevention Service Signature Identification (IPS/SID)

Contributed by Charles Cooper 

 

SID       Message

103        "BACKDOOR subseven 22(CAN-1999-0660,Nessus-10409)"

104        "BACKDOOR - Dagger_1.4.0_client_connect(Arachnids-483,CAN-1999-0660)"

105        "BACKDOOR - Dagger_1.4.0(Arachnids-484,CAN-1999-0660)"

107        "BACKDOOR subseven DEFCON8 2.1 access(CAN-1999-0660,Nessus-10409,Arachnids-500)"

108        BACKDOOR QAZ Worm Client Login access(CAN-1999-0660)

109        "BACKDOOR netbus active(Arachnids-401,CAN-1999-0660,Nessus-10151,Nessus-10152,Bugtraq-7538)"

110        "BACKDOOR netbus getinfo(Arachnids-403,CAN-1999-0660,Nessus-10151,Nessus-10152,Bugtraq-7538)"

112         "BACKDOOR BackOrifice active(Arachnids-400,Nessus-10024,CAN-1999-0660)"

115         "BACKDOOR netbus active(Arachnids-401,CAN-1999-0660,Nessus-10151,Nessus-10152,Bugtraq-7538)"

117        "BACKDOOR Infector.1.x active(Arachnids-315,CAN-1999-0660)"

118         "BACKDOOR SatansBackdoor.2.0.Beta active(Arachnids-316,CAN-1999-0660)"

119         "BACKDOOR Doly 2.0 active(Arachnids-312,CAN-1999-0660)"

120        "BACKDOOR Infector 1.6 Server to Client(Arachnids-315,CAN-1999-0660)"

121         "BACKDOOR Infector 1.6 Client to Server Connection Request(Arachnids-503,CAN-1999-0660)"

141         BACKDOOR Hack'A'tack 1.20 Connect(CAN-1999-0660)

144        FTP ADMw0rm ftp login attempt(Arachnids-1)

145        "BACKDOOR GirlFriend access(Arachnids-98,CAN-1999-0660,Nessus-10094)"

146        "BACKDOOR NetSphere access(Arachnids-76,CAN-1999-0660,Nessus-10005)"

147        "BACKDOOR GateCrasher active(Arachnids-99,CAN-1999-0660,Nessus-10093)"

152        "BACKDOOR BackConstruction 2.1 Connection active(Arachnids-505,CAN-1999-0660)"

153        "BACKDOOR DonaldDick 1.53 Traffic(Arachnids-506,CAN-1999-0660)"

155        "BACKDOOR NetSphere 1.31.337 access(Arachnids-76,CAN-1999-0660,Nessus-10005)"

157        "BACKDOOR BackConstruction 2.1 Client FTP Open Request(Arachnids-507,CAN-1999-0660)"

158        "BACKDOOR BackConstruction 2.1 Server FTP Open Reply(Arachnids-508,CAN-1999-0660)"

159        "BACKDOOR NetMetro File List(Arachnids-79,CAN-1999-0660)"

185        "BACKDOOR CDK(Arachnids-263,CAN-1999-0660)"

208        "BACKDOOR PhaseZero Server Active on Network(Arachnids-509,CAN-1999-0660)"

209        Telnet BACKDOOR w00w00 attempt(Arachnids-510)

210        Telnet BACKDOOR attempt

211         Telnet BACKDOOR MISC r00t attempt(Arachnids-511)

212        Telnet BACKDOOR MISC rewt attempt(Arachnids-512)

213        Telnet BACKDOOR MISC Linux rootkit attempt(Arachnids-513)

214        Telnet BACKDOOR MISC Linux rootkit attempt lrkr0x(Arachnids-514)

215        Telnet BACKDOOR MISC Linux rootkit attempt(Arachnids-515)

216        Telnet BACKDOOR MISC Linux rootkit satori attempt(Arachnids-516)

217        Telnet BACKDOOR MISC sm4ck rootkit hax0r attempt(Arachnids-520)

218        Telnet BACKDOOR MISC Solaris 2.5 attempt

219        Telnet BACKDOOR HidePak Solaris rootkit StoogR attempt(Arachnids-526)

252        "DNS named Inverse-Query probe(Arachnids-277,CVE-1999-0009,Bugtraq-134)"

253        DNS SPOOF query response PTR with TTL of 1 min. and no authority

254        DNS SPOOF query response with TTL of 1 min. and no authority

256        "DNS BIND verion 9 named authors.bind probe(Nessus-10728,Arachnids-480)"

257        "DNS BIND named version.bind probe(Nessus-10028,Arachnids-278)"

259        "DNS EXPLOIT named NXT overflow (ADM)(CVE-1999-0833,Bugtraq-788,Nessus-10029)"

260        "DNS EXPLOIT named NXT overflow (ADM)(CVE-1999-0833,Bugtraq-788,Nessus-10029)"

261        "DNS EXPLOIT Inverse-Query named overflow attempt(Bugtraq-134,CVE-1999-0009)"

262        "DNS EXPLOIT Inverse-Query x86 Linux overflow attempt(Bugtraq-134,CVE-1999-0009)"

264        DNS EXPLOIT x86 Linux overflow attempt

265        DNS EXPLOIT x86 Linux overflow attempt (ADMv2)

266        DNS EXPLOIT x86 FreeBSD overflow attempt

267        DNS EXPLOIT sparc overflow attempt

303        "DNS EXPLOIT Internal Memory disclosure attempt(CVE-2001-0012,Bugtraq-2321,Arachnids-482,Nessus-10605)"

310        "EXPLOIT x86 windows MailMax server overflow attempt(Bugtraq-2312,CVE-1999-0404)"

314        "DNS EXPLOIT named tsig overflow attempt(CVE-2001-0010,Bugtraq-2302,Nessus-10605)"

334        "FTP .forward(Arachnids-319,CAN-1999-0527,Nessus-10332,Nessus-10088)"

335        "FTP .rhosts(Arachnids-328,CAN-1999-0527,Nessus-10332,Nessus-10088)"

336        "FTP CWD ~root attempt(CVE-1999-0082,Arachnids-318,Nessus-10083)"

339        FTP EXPLOIT OpenBSD x86 ftpd single byte buffer overflow exploit(Arachnids-446)

340        FTP EXPLOIT overflow

341        FTP EXPLOIT overflow

342        FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8(Arachnids-451)

353        FTP ADMhack scan(Arachnids-332)

354        FTP ISS scan(Arachnids-331)

355        FTP pass wh00t backdoor access attempt(Arachnids-324)

356        FTP passwd retrieval attempt(Arachnids-213)

357        FTP piss scan

358        FTP SAINT scan(Arachnids-330)

359        FTP SATAN scan(Arachnids-329)

362        "Wu-Ftpd FTP remote command execution attempt using tar parameters(Arachnids-134,CVE-1999-0202)"

489        INFO FTP no password logging attempt(Arachnids-322)

494        ATTACK-RESPONSES command completed

495        ATTACK-RESPONSES command error

497        ATTACK-RESPONSES file copied ok

540        MSN Messenger message

541        ICQ Messenger access

542        CHAT IRC nick change

543        "POLICY FTP 'STOR 1MB' possible warez site(Nessus-10332,Nessus-10088)"

544        "POLICY FTP 'RETR 1MB' possible warez site(Nessus-10332,Nessus-10088)"

545        "POLICY FTP 'CWD / ' possible warez site(Nessus-10332,Nessus-10088)"

546        "POLICY FTP 'CWD  ' possible warez site(Nessus-10332,Nessus-10088)"

547        "POLICY FTP 'MKD  ' possible warez site(Nessus-10332,Nessus-10088)"

548        "POLICY FTP 'MKD .' possible warez site(Nessus-10332,Nessus-10088)"

549        P2P napster login

550        P2P napster new user login

551        P2P napster download attempt

552        P2P napster upload request

554        "POLICY FTP 'MKD / ' possible warez site(Nessus-10332,Nessus-10088)"

556        P2P Outbound GNUTella client request

557        P2P GNUTella client request

561        P2P Napster Client Data

562        P2P Napster Client Data

563        P2P Napster Client Data

564        P2P Napster Client Data

565        P2P Napster Server Login

658        SMTP exchange mime DOS

661        "SMTP Majordomo IFS remote command execeution attempt(Bugtraq-2310,CVE-1999-0207,Arachnids-143)"

668        "SMTP sendmail 8.6.10ha remote access exploit(Arachnids-124,CVE-1999-0203,Bugtraq-2308,Nessus-10258)"

807       "WEB-CGI /wwwboard/passwd.txt access(Arachnids-463,CVE-1999-0953,Nessus-10321,Bugtraq-649)"

811         "WEB-CGI websitepro path access(CAN-2000-0066,Bugtraq-932,Arachnids-468,Nessus-10303)"

815        "WEB-CGI websendmail access(CVE-1999-0196,Arachnids-469,Bugtraq-2077,Nessus-10301)"

820        "WEB-CGI anaconda directory transversal attempt(CVE-2000-0975,Bugtraq-2338,Nessus-10536)"

821        "WEB-CGI imagemap.exe overflow attempt(Arachnids-412,CVE-1999-0951,Bugtraq-739,Nessus-10122)"

824        "WEB-CGI php.cgi access(CAN-1999-0238,Bugtraq-2250,Arachnids-232,Nessus-10177)"

832        "WEB-CGI perl.exe access(CAN-1999-0509,Arachnids-219,Nessus-10173)"

833        "WEB-CGI rguest.exe access(CAN-1999-0467,Bugtraq-2024)"

837        "WEB-CGI uploader.exe access(CVE-1999-0177,Bugtraq-1611,Nessus-10291)"

838        "WEB-CGI webgais access(Arachnids-472,Bugtraq-2058,CVE-1999-0176,Nessus-10300)"

839        "WEB-CGI finger access(Arachnids-221,CVE-1999-0612,Nessus-10071)"

840        WEB-CGI perlshop.cgi access(CAN-1999-1374)

844        "WEB-CGI args.bat access(CAN-1999-1180,Nessus-11465)"

845        "WEB-CGI AT-admin.cgi access(CAN-1999-1072,Nessus-11748)"

848        WEB-CGI view-source directory traversal(Bugtraq-8883)

850        WEB-CGI wais.pl access(Bugtraq-5127)

852        "WEB-CGI wguest.exe access(CAN-1999-0467,Bugtraq-2024)"

854        "WEB-CGI classifieds.cgi access(Bugtraq-2020,CVE-1999-0934)"

858        WEB-CGI Filemail access(CAN-1999-1154)

859        "WEB-CGI man.sh access(CAN-1999-1179,Bugtraq-2276)"

860        "WEB-CGI snork.bat access(Bugtraq-1053,CVE-2000-0169,Arachnids-220,Nessus-10348)"

863        WEB-CGI day5datacopier.cgi access(CAN-1999-1232)

866        WEB-CGI post-query access(CAN-2001-0291)

869        "WEB-CGI dumpenv.pl access(CAN-1999-1178,Nessus-10060)"

875        "WEB-CGI win-c-sample.exe buffer overflow attempt(Bugtraq-2078,Arachnids-231,CVE-1999-0178,Nessus-10008)"

893        WEB-CGI MachineInfo access(CAN-1999-1067)

899        "WEB-CGI Amaya templates sendtemp.pl directory traversal attempt(Bugtraq-2504,CAN-2001-0272,Nessus-10614)"

900       "WEB-CGI webspirs.cgi directory traversal attempt(CAN-2001-0211,Bugtraq-2362,Nessus-10616)"

904        "WEB-COLDFUSION Exampleapp application.cfm arbitrary file access attempt(Bugtraq-3154,CAN-2001-0535)"

905        "WEB-COLDFUSION Exampleapp application.cfm arbitrary file access attempt(Bugtraq-3154,CAN-2001-0535)"

908        "WEB-COLDFUSION Denial of Service attempt(Bugtraq-1314,CVE-2000-0538)"

910        WEB-COLDFUSION fileexists.cfm confirmation of arbitrary files existence attempt(CAN-1999-0923)

925        "WEB-COLDFUSION HTTP Client mainframeset.cfm security check bypass attempt(Bugtraq-6765,CAN-1999-1124)"

931        "WEB-COLDFUSION Syntax Checker cfmlsyntaxcheck.cfm Denial of Service attempt(CAN-1999-0923,CVE-1999-0924)"

948        WEB-FRONTPAGE form_results access(CAN-1999-1052)

951        "WEB-FRONTPAGE authors.pwd file access(CVE-1999-0386,Nessus-10078)"

953        WEB-FRONTPAGE administrators.pwd file access(Bugtraq-1205)

955        "WEB-FRONTPAGE access.cnf sensitive information disclosure attempt(Bugtraq-4078,Nessus-10575,Bugtraq-4084)"

958        "WEB-FRONTPAGE service.cnf sensitive information disclosure attempt(Bugtraq-4078,Nessus-10575,Bugtraq-4084)"

959        WEB-FRONTPAGE services.pwd file access(Bugtraq-1205)

961        "WEB-FRONTPAGE services.cnf sensitive information disclosure attempt(Bugtraq-4078,Nessus-10575,Bugtraq-4084)"

963        "WEB-FRONTPAGE svcacl.cnf sensitive information disclosure attempt(Bugtraq-4078,Nessus-10575,Bugtraq-4084)"

964        WEB-FRONTPAGE users.pwd file access

965        "WEB-FRONTPAGE writeto.cnf sensitive information disclosure attempt(Bugtraq-4078,Nessus-10575,Bugtraq-4084)"

967        "WEB-FRONTPAGE dvwssr.dll remote asp source retrieval attempt(Bugtraq-1108,Nessus-10369,Arachnids-271)"

974        "WEB-IIS DoS attempt(Bugtraq-2218,CAN-1999-0229,Nessus-10117)"

976        "WEB-IIS .bat? remote command execution attempt(Bugtraq-2024,CVE-1999-0233)"

979        "WEB-IIS .htw Cross-Site Scripting(Bugtraq-1861,CVE-2000-0942)"

980        "WEB-IIS Stalkerlab Mailers CGImail.exe access(CAN-2000-0726,Bugtraq-1623,Nessus-11721)"

988        WEB-IIS SAM Attempt

991        "WEB-IIS MS /iisadmpwd/achg.htr proxied password attack attempt(CVE-1999-0407,Bugtraq-2110,Nessus-10371)"

992        WEB-IIS adctest.asp access(Nessus-10370)

995        "WEB-IIS ism.dll remote information access attempt(CAN-1999-1538,Bugtraq-189,Nessus-10358)"

996        "WEB-IIS MS /iisadmpwd/anot.htr proxied password attack attempt(Bugtraq-2110,CVE-1999-0407,Nessus-10371)"

999        "WEB-IIS bdir directory traversal attempt(Bugtraq-2280,Nessus-10577)"

1001     "WEB-MISC iCat Carbo Server carbo.dll remote file access attempt(CAN-1999-1069,Bugtraq-2126,Nessus-10112)"

1002     WEB-IIS cmd.exe access

1003     "WEB-IIS cmd? remote command execution attempt(Bugtraq-2024,CVE-1999-0233)"

1007     WEB-IIS cross-site scripting attempt(Nessus-10572)

1009     WEB-IIS directory listing

1012      "WEB-IIS fpcount attempt(Bugtraq-2252,CAN-1999-1376,Nessus-11370)"

1017     "WEB-IIS idc-srch attempt(CVE-1999-0874,Bugtraq-0307,Nessus-10116)"

1018      "WEB-IIS MS /iisadmpwd/aexp.htr proxied password attack attempt(Bugtraq-2110,CVE-2000-0407,Nessus-10371)"

1019      WEB-IIS index server file source code attempt

1023     "WEB-IIS MDAC RDS msadcs.dll access(CVE-1999-1011,Bugtraq-529,Nessus-10357)"

1024     "WEB-IIS newdsn.exe access(Bugtraq-1818,CVE-1999-0191)"

1028     "WEB-IIS ExAir query.asp DoS attempt(Bugtraq-193,CVE-1999-0449,Nessus-10003)"

1031      "WEB-IIS /SiteServer/Publishing/viewcode.asp access(Nessus-10576,CAN-1999-0737)"

1032     "WEB-IIS viewcode access(Nessus-10576,CAN-1999-0737)"

1033     "WEB-IIS viewcode access(Nessus-10576,CAN-1999-0737)"

1034     "WEB-IIS viewcode access(Nessus-10576,CAN-1999-0737)"

1035     "WEB-IIS viewcode access(Nessus-10576,CAN-1999-0737)"

1036     "WEB-IIS viewcode access(Nessus-10576,CAN-1999-0737)"

1038     "WEB-IIS site server config access(Bugtraq-256,CAN-1999-1520)"

1041      "WEB-IIS MS Site Server uploadn.asp malicious file upload attempt(Bugtraq-1811,CAN-1999-0360,Nessus-10372)"

1042     "WEB-IIS view source via translate header(Arachnids-305,Bugtraq-1578,CVE-2000-0778,Nessus-10491)"

1043     "WEB-IIS viewcode.asp file access attempt(Nessus-10576,CAN-1999-0737)"

1045     WEB-IIS Unauthorized IP Access Attempt

1047     "WEB-MISC Netscape Enterprise DOS(CAN-2001-0251,Bugtraq-2294)"

1048     "WEB-MISC Netscape Enterprise directory listing attempt(CAN-2001-0250,Bugtraq-2285,Nessus-10691)"

1051      "WEB-CGI technote main.cgi file directory traversal attempt(CVE-2001-0075,Bugtraq-2156,Nessus-10584)"

1052     "WEB-CGI technote print.cgi directory traversal attempt(CAN-2001-0074,Bugtraq-2155)"

1053     "WEB-CGI ads.cgi command execution attempt(CAN-2001-0025,Bugtraq-2103,Nessus-11464)"

1069     WEB-MISC xp_regread attempt

1072     "WEB-MISC Lotus Domino directory traversal(CVE-2001-0009,Bugtraq-2173,Nessus-11344)"

1075     "WEB-IIS MS Site Server postinfo.asp malicious file upload attempt(Bugtraq-1811,CAN-1999-0360,Nessus-10372)"

1078     "WEB-MISC counter.exe DoS attempt(Bugtraq-267,CAN-1999-1030,Nessus-11725)"

1080     "WEB-MISC unify eWave ServletExec upload(Bugtraq-1876,Nessus-10570,CVE-2000-1024)"

1081      WEB-MISC Netscape Servers suite search DOS(Bugtraq-1867)

1082     "WEB-MISC amazon 1-click cookie theft(Bugtraq-1194,CVE-2000-0439)"

1089     "WEB-CGI shopping cart directory traversal(Bugtraq-1777,CVE-2000-0921)"

1090     "WEB-CGI Allaire Pro Web Shell attempt(Bugtraq-1784,CVE-2000-0923,Nessus-11748)"

1092     "WEB-CGI Armada Style Master Index directory traversal(CVE-2000-0924,Bugtraq-1772,Nessus-10562)"

1097     WEB-CGI Talentsoft Web+ script file disclosure attempt(Bugtraq-1725)

1098     "WEB-MISC SmartWin CyberOffice Shopping Cart access(Bugtraq-1734,CVE-2000-0925)"

1100     WEB-MISC L3retriever HTTP Probe(Arachnids-310)

1101      WEB-MISC Webtrends HTTP probe(Arachnids-309)

1102      WEB-MISC Nessus 404 probe(Arachnids-301)

1103      WEB-MISC Netscape SuiteSpot admin passwd(Bugtraq-1579)

1106      "WEB-CGI Poll-it Internal Variable Override attempt(CAN-2000-0590,Bugtraq-1431)"

1108      "WEB-MISC Tomcat server snoop access(CAN-2000-0760,Bugtraq-1532,Nessus-10478)"

1111       "WEB-MISC Tomcat server default admin access(Bugtraq-1548,CVE-2000-0672,Nessus-10477)"

1112      WEB-MISC http directory traversal(Arachnids-298)

1113      WEB-MISC http directory traversal(Arachnids-297)

1128      "WEB-MISC MS Site Server cpshost.dll malicious file upload attempt(Bugtraq-1811,CAN-1999-0360,Nessus-10372)"

1146      "WEB-MISC Ecommerce import.txt access(Nessus-10298,CAN-1999-0610,Bugtraq-2281)"

1148      "WEB-MISC Ecommerce import.txt access(Nessus-10298,CAN-1999-0610,Bugtraq-2281)"

1155      "WEB-MISC Ecommerce checks.txt access(Nessus-10298,CAN-1999-0610,Bugtraq-2281)"

1157      "WEB-MISC Netscape PublishingXpert file disclosure attempt(CAN-2000-1196,Nessus-10364)"

1158      "WEB-MISC windmail.exe file access attempt(CAN-2000-0242,Bugtraq-1073,Arachnids-465,Nessus-10365)"

1165      "WEB-MISC Novell Groupwise gwweb.exe directory traversal attempt(Bugtraq-879,CAN-1999-1005,Nessus-10877)"

1166      "WEB-MISC ws_ftp.ini access(CAN-1999-1078,Bugtraq-547)"

1167      "WEB-MISC Caldera OpenLinux rpm_query access(CVE-2000-0192,Bugtraq-1036,Nessus-10340)"

1168      WEB-MISC mall log order access(CAN-1999-0604)

1172      "WEB-CGI bigconf.cgi file access attempt(Nessus-10027,Bugtraq-778,CVE-1999-1550)"

1177     "WEB-MISC Netscape Enterprise Server wp-verify-link directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1178      WEB-PHP Phorum read.php3 SQL injection attempt(Arachnids-208)

1179      "WEB-PHP Phorum violation.php3 arbitrary email relay attempt(Bugtraq-2272,Arachnids-209)"

1180      "WEB-MISC Alibaba get32.exe remote command execution attempt(CAN-1999-0885,Bugtraq-770,Arachnids-258,Nessus-10011)"

1181      "WEB-MISC Annex Terminal DOS attempt(CAN-1999-1070,Arachnids-260,Nessus-10017)"

1182      "WEB-MISC cgitest.exe DoS attempt(Nessus-10623,Nessus-10040,CVE-2000-0521,Bugtraq-3885,Arachnids-265)"

1183      "WEB-MISC Netscape Enterprise Server wp-cs-dump directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1184      "WEB-MISC Netscape Enterprise Server wp-ver-info directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1186      "WEB-MISC Netscape Enterprise Server wp-ver-diff directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1187      "WEB-MISC SalesLogix Eviewer DoS attempt(Bugtraq-1089,CVE-2000-0289,Nessus-10361)"

1188      "WEB-MISC Netscape Enterprise Server wp-start-ver directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1189      "WEB-MISC Netscape Enterprise Server wp-stop-ver directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1190      "WEB-MISC Netscape Enterprise Server wp-uncheckout directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1191      "WEB-MISC Netscape Enterprise Server wp-html-rend directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1193      "WEB-MISC oracle web arbitrary command execution attempt(CVE-2000-0169,Bugtraq-1053,Nessus-10348)"

1197      WEB-PHP Phorum code.php3 access(file disclosure vulnerability)(Arachnids-207)

1198      "WEB-MISC Netscape Enterprise Server wp-usr-prop directory view(Bugtraq-1063,CVE-2000-0236,Arachnids-270)"

1201      ATTACK-RESPONSES 403 Forbidden

1208     WEB-CGI responder.cgi Denial of Service attempt(Bugtraq-3155)

1217      "WEB-MISC PowerScripts PlusMail poor authentication exploit(CAN-2000-0074,Bugtraq-2653,Nessus-10181)"

1220     "WEB-MISC UltraBoard DoS attempt(Bugtraq-1175,CVE-2000-0426)"

1229      "FTP CWD ... DoS attempt(Bugtraq-9237,CAN-2001-0758)"

1230     "WEB-MISC VirusWall FtpSave access(remote reconfiguration vulnerability)(Bugtraq-2808,CAN-2001-0791,Nessus-10733)"

1234      WEB-MISC VirusWall FtpSaveCSP buffer overflow attempt(Bugtraq-2870)

1235      WEB-MISC VirusWall FtpSaveCVP buffer overflow attempt(Bugtraq-2870)

1256      WEB-IIS CodeRed v2 root.exe access

1283      WEB-IIS Outlook Web Access DoS(Bugtraq-3223)

1284      WEB-CLIENT readme.eml download attempt(possible Nimda worm)(CAN-1999-0660)

1290     WEB-CLIENT readme.eml Nimda worm autoload attempt

1300     "WEB-PHP PHP-Nuke admin.php file upload attempt(Bugtraq-3361,CVE-2001-1032,Nessus-10772)"

1301      WEB-PHP MiniPortail admin.php authentication bypass attempt(Bugtraq-7532)

1302     "WEB-MISC console.exe authentication bypass attempt(Bugtraq-3375,CVE-2001-1252)"

1303     "WEB-MISC cs.exe authentication attempt(Bugtraq-3375,CVE-2001-1252)"

1331      WEB-ATTACKS uname -a command attempt

1332      WEB-ATTACKS /usr/bin/id command attempt

1336      WEB-ATTACKS chmod command attempt

1339      WEB-ATTACKS chsh command attempt

1341      WEB-ATTACKS /usr/bin/gcc command attempt

1343      WEB-ATTACKS /usr/bin/cc command attempt

1345      WEB-ATTACKS /usr/bin/cpp command attempt

1347     WEB-ATTACKS /usr/bin/g++ command attempt

1349      WEB-ATTACKS bin/python access attempt

1351      WEB-ATTACKS bin/tclsh execution attempt

1353      WEB-ATTACKS bin/nasm command attempt

1355      WEB-ATTACKS /usr/bin/perl execution attempt

1358      WEB-ATTACKS traceroute command attempt

1359      WEB-ATTACKS ping command attempt

1361      WEB-ATTACKS nmap command attempt

1362      WEB-ATTACKS xterm command attempt

1364      WEB-ATTACKS lsof command attempt

1366      WEB-ATTACKS mail command attempt

1370     WEB-ATTACKS /etc/inetd.conf access

1371      WEB-ATTACKS /etc/motd access

1372     WEB-ATTACKS /etc/shadow access

1373     WEB-ATTACKS conf/httpd.conf attempt

1376     "WEB-MISC Allaire JRun directory browse attempt(Bugtraq-3592,Nessus-10814)"

1379     "FTP STAT overflow attempt(CAN-2001-0325,Bugtraq-2342,Bugtraq-6478)"

1380     WEB-IIS cross-site scripting attempt(Nessus-10572)

1383      P2P Fastrack kazaa/morpheus GET request

1389      WEB-MISC viewcode.jse directory traversal attempt(Bugtraq-3715)

1392      "WEB-CGI lastlines.cgi directory traversal attempt(Bugtraq-3754,CAN-2001-1205)"

1395      "WEB-CGI zml.cgi attempt(CAN-2001-1209,Bugtraq-3759,Nessus-10830)"

1397     "WEB-CGI wayboard attempt(Bugtraq-2370,CAN-2001-0214,Nessus-10610)"

1399      "WEB-PHP PHP-Nuke remote file include and command execution attempt(Bugtraq-3889,CAN-2002-0206,Nessus-11236)"

1405     WEB-CGI AHG search.cgi access(Bugtraq-3985)

1406     "WEB-CGI agora.cgi path disclosure attempt(CAN-2002-0215,Bugtraq-3976)"

1407     "WEB-PHP PhpSmsSend smssend.php access(arbitrary command execution vulnerability)(Bugtraq-3982,CAN-2002-0220)"

1432      P2P GNUTella client request

1435      "DNS BIND version 9 named authors.bind probe(Nessus-10728,Arachnids-480)"

1445      "POLICY FTP file_id.diz access possible warez site(Nessus-10332,Nessus-10088)"

1451      "WEB-CGI NPH-maillist access(CAN-2001-0400,Bugtraq-2563,Nessus-10164)"

1452      "WEB-CGI args.cmd access(CAN-1999-1180,Nessus-11465)"

1453      "WEB-CGI AT-generated.cgi access(CAN-1999-1072,Nessus-11748)"

1454      "WEB-CGI wwwwais access(Nessus-10597,CAN-2001-0223,Bugtraq-2292)"

1463      CHAT IRC message

1468      "WEB-CGI Web Shopper shopper.cgi attempt(CVE-2000-0922,Bugtraq-1776,Nessus-10533)"

1470     "WEB-CGI listrec.pl access(CAN-2001-0997,Bugtraq-3328,Nessus-10769)"

1471      "WEB-CGI mailnews.cgi remote shell command execution attempt(CAN-2001-0271,Bugtraq-2391)"

1473     WEB-CGI newsdesk.cgi arbitrary command execution attempt(CAN-2001-0232)

1475     WEB-CGI mailit.pl access(Nessus-10417)

1481      WEB-CGI upload.cgi access(Nessus-10290)

1484      "WEB-IIS /isapi/tstisapi.dll access(CAN-2001-0302,CAN-2001-0303,Bugtraq-2381,Bugtraq-4261)"

1486      WEB-IIS ctss.idc SQL database access attempt(Nessus-10359)

1487     "WEB-IIS /iisadmpwd/aexp2.htr security policy bypass attempt(Bugtraq-4236,CAN-2002-0421,Nessus-10371)"

1489      WEB-MISC Apache web server /~nobody access(Nessus-10484)

1490     WEB-PHP Phorum /support/common.php attempt(Bugtraq-1997)

1491      "WEB-PHP Phorum /support/common.php access(Bugtraq-9361,CAN-2004-0034,Nessus-10593)"

1494      "WEB-CGI SIX webboard generate.cgi attempt(CAN-2001-1115,Bugtraq-3175,Nessus-10725)"

1496      WEB-CGI spin_client.cgi access(Nessus-10393)

1503     "WEB-CGI admentor admin.asp access(Nessus-10880,CAN-2002-0308,Bugtraq-4152)"

1505     "WEB-CGI alchemy http server PRN arbitrary command execution attempt(CAN-2001-0871,Bugtraq-3599,Nessus-10818)"

1506     "WEB-CGI alchemy http server NUL arbitrary command execution attempt(CAN-2001-0871,Bugtraq-3599,Nessus-10818)"

1507     "WEB-CGI Alibaba alibaba.pl arbitrary command execution attempt(CAN-1999-0885,Bugtraq-770,Nessus-10013)"

1520     WEB-MISC server-info access(Nessus-10678)

1521      WEB-MISC server-status access(Nessus-10677)

1522      "WEB-MISC ans.pl directory traversal attempt(CAN-2002-0307,CAN-2002-0306,Nessus-10875,Bugtraq-4147,Bugtraq-4149)"

1526      "WEB-MISC basilix unauthorized sendmail.inc access(Bugtraq-2198,Nessus-10601,CAN-2001-1044)"

1527     "WEB-MISC basilix unauthorized mysql.class access(Bugtraq-2198,Nessus-10601,CAN-2001-1044)"

1529      "FTP SITE overflow attempt(CAN-2001-0755,Bugtraq-2782,CVE-2001-0770)"

1532      "WEB-CGI bb-hostscv.sh attempt(Nessus-10460,CVE-2000-0638)"

1534      "WEB-CGI agora.cgi cross-site scripting attempt(Nessus-10836,CAN-2001-1199,Bugtraq-3702)"

1542      "WEB-CGI CGImail.exe spoofing attempt(CVE-2000-0726,Bugtraq-1623,Nessus-11721)"

1544      "WEB-MISC Cisco Catalyst command execution attempt(Bugtraq-1846,CAN-2000-0945,Nessus-10545)"

1551      WEB-MISC /CVS/Entries access(Nessus-10922)

1553      "WEB-CGI Dansie shopping cart arbitrary command execution attempt(CVE-2000-0252,Bugtraq-1115,Nessus-10368)"

1554      "WEB-CGI dbman db.cgi access(CVE-2000-0381,Bugtraq-1178,Nessus-10403)"

1556      "WEB-CGI DCShop orders.txt access(Bugtraq-2889,Nessus-10718,CAN-2001-0821)"

1557     "WEB-CGI DCShop auth_user_file.txt access(Bugtraq-2889,Nessus-10718,CAN-2001-0821)"

1559      "WEB-MISC SuSE /doc/packages package disclosure attempt(Bugtraq-1707,CVE-2000-1016,Nessus-10518)"

1561      WEB-MISC Lotus Domino ?open information disclosure attempt(Nessus-10057)

1565      "WEB-CGI eshop.pl arbitrary command execution attempt(CAN-2001-1014,Bugtraq-3340,Nessus-10775)"

1566      "WEB-CGI eshop.pl access(CAN-2001-1014,Bugtraq-3340,Nessus-10775)"

1572     "WEB-CGI commerce.cgi arbitrary file access attempt(Nessus-10612,Bugtraq-2361,CAN-2001-0210)"

1573     "WEB-CGI cgiforum.pl attempt(Nessus-10552,Bugtraq-1963,CVE-2000-1171)"

1574     "WEB-CGI directorypro.cgi attempt(Bugtraq-2793,CAN-2001-0780,Nessus-10679)"

1587     "WEB-MISC cgitest.exe DoS attempt(Nessus-10623,CVE-2000-0521,Nessus-10040,Bugtraq-3885,Arachnids-265)"

1589      "WEB-MISC Muscat Empower path disclosure attempt(Bugtraq-2374,CAN-2001-0224,Nessus-10609)"

1592      WEB-CGI FastCGI echo.exe Cross-site scripting attempt(Nessus-10838)

1593      "WEB-CGI FormHandler.cgi external site redirection attempt(Nessus-10075,CAN-1999-1050)"

1594      "WEB-CGI FormHandler.cgi access(Bugtraq-798,CAN-1999-1050)"

1597     "WEB-CGI guestbook.cgi access(Nessus-10098,CVE-1999-0237)"

1598      WEB-CGI Home Free search.cgi directory traversal attempt

1606     "WEB-CGI iCat Carbo Server File Disclosure attempt(CAN-1999-1069,Bugtraq-2126,Nessus-10112)"

1612      "WEB-MISC ftp.pl directory traversal attempt(CAN-2000-0674,Bugtraq-1471,Nessus-10467)"

1614      "WEB-MISC Novell Groupwise gwweb.exe path disclosure attempt(Bugtraq-879,CAN-1999-1006,Nessus-10877)"

1615      "WEB-MISC htgrep file access attempt(CAN-2000-0832,Nessus-10495)"

1616      "DNS BIND named version.bind probe(Nessus-10028,Arachnids-278)"

1621      FTP CMD overflow attempt

1622      FTP RNFR ././ attempt

1623      FTP invalid MODE

1624      FTP large PWD command

1625      FTP large SYST command

1628      "WEB-CGI FormHandler.cgi directory traversal attempt attempt(Bugtraq-799,Nessus-10075,CAN-1999-1051)"

1631      AIM/ICQ login

1632      AIM/ICQ send message

1633      AIM/ICQ receive message

1639      CHAT IRC DCC file transfer request

1640     CHAT IRC DCC chat request

1642      "WEB-CGI IBM Net.Data document.d2w path disclosure attempt(CAN-2000-1110,Bugtraq-2017)"

1644      "WEB-CGI test-cgi attempt(Nessus-10282,CVE-1999-0070,Bugtraq-2003,Arachnids-218)"

1645      "WEB-CGI testcgi cross-site scripting attempt(Nessus-11610,Bugtraq-7214)"

1650     "WEB-CGI Alibaba tst.bat remote command execution attempt(CAN-1999-0885,Bugtraq-770,Nessus-10014)"

1651      "WEB-CGI Sambar Server environ.pl information disclosure attempt(Bugtraq-7207,Bugtraq-7208,Nessus-11491)"

1654      "WEB-CGI cart32 hidden form field manipulation attempt(Bugtraq-6178,CAN-2000-0136)"

1655      "WEB-CGI pfdispaly.cgi arbitrary command execution attempt(CVE-1999-0270,Nessus-10174)"

1657     "WEB-CGI pagelog.cgi directory traversal attempt(Nessus-10591,CAN-2000-0940,Bugtraq-1864)"

1661      WEB-IIS cmd32.exe access

1666      ATTACK-RESPONSES index of /cgi-bin/ response(Nessus-10039)

1668      WEB-CGI /cgi-bin/ access

1669      WEB-CGI /cgi-dos/ access

1699      P2P Fastrack kazaa/morpheus request traffic

1703     "WEB-CGI auktion.cgi directory traversal attempt(Nessus-10638,Bugtraq-2367,CAN-2001-0212)"

1705     "WEB-CGI echo.bat arbitrary command execution attempt(Nessus-10246,Bugtraq-1002,CAN-2000-0213)"

1706     "WEB-CGI echo.bat access(Nessus-10246,Bugtraq-1002,CAN-2000-0213)"

1707     "WEB-CGI hello.bat arbitrary command execution attempt(Nessus-10246,Bugtraq-1002,CAN-2000-0213)"

1708     "WEB-CGI hello.bat access(Nessus-10246,Bugtraq-1002,CAN-2000-0213)"

1709     "WEB-CGI ad.cgi access(Bugtraq-2103,CAN-2001-0025,Nessus-11464)"

1711      "WEB-CGI bsguest.cgi remote command execution attempt(Bugtraq-2159,CVE-2001-0099)"

1712      "WEB-CGI bslist.cgi remote command execution attempt(Bugtraq-2160,CVE-2001-0100)"

1717     "WEB-CGI simplestguest.cgi remote command execution attempt(bugtraq-2106,CAN-2001-0022)"

1723     "WEB-CGI emumail.cgi NULL attempt(CAN-2002-1526,Bugtraq-5824)"

1729     CHAT IRC channel join

1730     "WEB-CGI ustorekeeper.pl directory traversal attempt(Bugtraq-2536,CAN-2001-0466,Nessus-10645)"

1734     "FTP USER overflow attempt(Bugtraq-1352,CAN-2000-0479,CAN-2000-0480,Nessus-10450)"

1735     "WEB-CLIENT XMLHttpRequest attempt(CAN-2002-0354,Bugtraq-4628)"

1738     "WEB-MISC PHP-Survey global.inc information disclosure attempt(Bugtraq-4612,CAN-2002-0614)"

1742     "WEB-PHP Blahz-DNS dostuff.php modify user attempt(Bugtraq-4618,CVE-2002-0599)"

1744     WEB-MISC SecureSite authentication bypass attempt(Bugtraq-4621)

1745     WEB-PHP Messagerie supp_membre.php user removal attempt(Bugtraq-4635)

1762     "WEB-CGI phf arbitrar