IDS Signatures Grouped by Software Release Version
For configuration management purposes, the following list of signatures is grouped by the software release version from which it was publicly released. For more information regarding these signatures refer to the signature descriptions above or go to www.cisco.com.
-
Release version S49
3327-Windows RPC DCOM Overflow
3328-Windows SMB/RPC NoOp Sled
-
Release version S48
1109-Cisco IOS Interface DoS
5380-phpBB SQL injection:
5382- Xpressions SQL Admin Bypass
5383-Cyberstrong eShop SQL Injection
6256- HTTP Authorization Failure
-
Release version S47
5375-Apache mod_dav Overflow
5376-iisPROTECT Admin SQL Injection
5377-xp_cmdshell in HTTP args
5378-Vignette TCL Injection Command Exec
5379-Windows Media Services Logging ISAPI Overflow
11204-Jabber Activity
-
Release version S46
3124-Sendmail prescan Memory Corruption
3176-Cisco ONS FTP DoS
3326-Windows Startup Folder Remote Access
5369-Win32 Apache Batch File CmdExec
5370-HTDig File Disclosure
5371-bdir.htr Access
5372-ASP %20 source disclosure
5373-IIS 5 Translate: f Source Disclosure
5374-IIS Executable File Command Exec
9025-Back Door Probe (TCP 20168)
9026-Back Door Probe (TCP 1092)
9027-Back Door Probe (TCP 2018)
9028-Back Door Probe (TCP 2019)
9029-Back Door Probe (TCP 2020)
9030-Back Door Probe (TCP 2021)
9225-Back Door Response (TCP 20168)
9226-Back Door Response (TCP 1092)
9227-Back Door Response (TCP 2018)
9228-Back Door Response (TCP 2019)
9229-Back Door Response (TCP 2020)
9230-Back Door Response (TCP 2021)
11014-Hotline Client Login
11015-Hotline File Transfer
11016-Hotline Tracker Login
11200-Yahoo Messenger Activity
11201-MSN Messenger Activity
-
Release version S44
3325-Samba call_trans2open Overflow
3732-MSSQL xp_cmdshell Usage
5367-Apache CR / LF DoS
5368-Cisco ACS Windows CSAdmin Overflow
9024-Back Door Probe (TCP 10168)
9224-Back Door Response (TCP 10168)
11001-Gnutella Client Request
11002-Gnutella Server Reply
11003-Qtella File Request
11004-Bearshare file request
11005-KaZaA GET Request
11006-Gnucleus file request
11007-Limewire File Request
11008-Morpheus File Request
11009-Phex File Request
11010-Swapper File Request
11011-XoloX File Request
11012-GTK-Gnutella File Request
-
Release version S43
3311-SMB: remote SAM service access attempt
3312-SMB .eml e-mail file remote access
3313-SMB suspicous password usage
3320-SMB: ADMIN$ hidden share access attempt
3321-SMB: User Enumeration
3322-SMB: Windows Share Enumeration
3323-SMB: RFPoison Attack
3324-SMB NIMDA infected file transfer
4003-Nmap UDP Port Sweep
5360-Frontpage htimage.exe Buffer Overflow
5363-Frontpage imagemap.exe Buffer Overflow
5364-IIS WebDAV Overflow
5365-Long WebDAV Request
5366-Shell Code in HTTP URL / Args
6188-statd dot dot
6189-statd automount attack
-
Release version S42
5362-FrontPage dvwssr.dll Buffer Overflow
-
Release version S41
3115-Sendmail Data Header Overflow
5351-MS IE Help Overflow
5352-H-Sphere Webshell Buffer Overflow
5353-H-Sphere Webshell 'mode' URI exec
5354-H-Sphere Webshell zipfile' URI exec
5355-DotBr exec.php3 exec
5356-DotBr system.php3 exec
5357-IMP SQL Injection
5358-Psunami.CGI Remote Command Execution
5359-Office Scan CGI Scripts Access
-
Release version S40
3314-Windows Locator Service Overflow
4614-DHCP request overflow
9200-Back Door Response (TCP 12345)
9201-Back Door Response (TCP 31337)
9202-Back Door Response (TCP 1524)
9203-Back Door Response (TCP 2773)
9204-Back Door Response (TCP 2774)
9205-Back Door Response (TCP 20034)
9206-Back Door Response (TCP 27374)
9207-Back Door Response (TCP 1234)
9208-Back Door Response (TCP 1999)
9209-Back Door Response (TCP 6711)
9210-Back Door Response (TCP 6712)
9211-Back Door Response (TCP 6713)
9212-Back Door Response (TCP 6776)
9213-Back Door Response (TCP 16959)
9214-Back Door Response (TCP 27573)
9215-Back Door Response (TCP 23432)
9216-Back Door Response (TCP 5400)
9217-Back Door Response (TCP 5401)
9218-Back Door Response (TCP 2115)
9223-Back Door Response (TCP 36794)
-
Release version S39
4701-MS-SQL Control Overflow
-
Release version S38
5349-Polycom ViewStation Admin Password
5350-PHPnuke e-mail attachment access
6064-BIND Large OPT Record DoS
-
Release version S37
3174-SuperStack 3 NBX FTP DOS
3175-ProFTPD STAT DoS
4508-Non SNMP Traffic
4613-TFTP Filename Buffer Overflow
5343-Apache Host Header Cross Site Scripting
5345-HTTPBench Information Disclosure
5346-BadBlue Information Disclosure
5347-Xoops WebChat SQL Injection
5348-Cobalt RaQ Server overflow.cgi Cmd Exec
7101-ARP Source Broadcast
7102-ARP Reply-to-Broadcast
7104-ARP MacAddress-Flip-Flop-Response
7105-ARP Inbalance-of-Requests
11000-KaZaA v2 UDP Client Probe
-
Release version S36
5344-IIS MDAC RDS Buffer Overflow
-
Release version S35
4611-D-Link DWL-900AP+ TFTP Config Retrieve
4612-Cisco IP Phone TFTP Config Retrieve
5294-BearShare File Disclosure
5339-SunONE Directory Traversal
5340-Killer Protection Credential File Access
5341-HP Procurve 4000M Switch DoS
5342-Invision Board phpinfo.php Recon
-
Release version S34
3173-Long FTP Command
3465-Finger Activity
3502-rlogin Activity
5337-Dot Dot Slash in HTTP Arguments
5338-Front Page Admin password retrival
-
Release version S33
5331-Image Javascript insertion
5333-FUDForum File Disclosure
5334- DB4Web File Disclosure
5335-DB4WEB Proxy Scan
5336- Abyss Web Server File Disclosure
9023-Back Door Probe (TCP 36794)
-
Release version S32
5330-Apache/mod_ssl Worm Buffer Overflow
9021-Back Door (UDP 2001)
9022-Back Door (UDP 2002)
-
Release version S31
3121-Vintra MailServer EXPN DoS
3122-SMTP EXPN root Recon
3165-FTP SITE EXEC
3168-FTP SITE EXEC Directory Traversal
3169-FTP SITE EXEC tar
3170-WS_FTP SITE CPWD Buffer Overflow
3171-Ftp Priviledged Login
3172-Ftp Cwd Overflow
3310-Netbios Enum Share DoS
3406-Solaris TTYPROMPT /bin/login Overflow
3457-Finger root shell
3461-Finger probe
3463-Finger root
3464-File access in finger
3551-POP User Root
3711-Informer FW1 auth replay DoS
4061-Chargen Echo DoS
4509-HP Openview SNMP Hidden Community Name
4510-Solaris SNMP Hidden Community Name
4511-Avaya SNMP Hidden Community Name
4609-Orinoco SNMP Info Leak
4610-Kerberos 4 User Recon
5321-Guest Book CGI access
5322-Long HTTP Request
5323-midicart.mdb File Access
5327-Tilde in URI
5328- Cisco IP phone DoS
6277-Show Mount Recon
-
Release version S30
2155-Modem DoS
3730-Trinoo (TCP)
3731-IMail HTTP Get Buffer Overflow
4606-Cisco TFTP Long Filename Buffer Overflow
4607-Deep Throat Response
4608-Trinoo (UDP)
5310-INDEX / directory access
5311-8.3 file name access
5323-Cisco Router http exec command
5325-Contivity cgiproc DoS
5326-Root.exe access
6275-SGI fam Attempt
6276-TooltalkDB overflow
-
Release version S29
3728-Long pop username
3729-Long pop password
4603-DHCP Discover
4604-DHCP Request
4605-DHCP Offer
5305-.bash_history File Access
5305:1-.sh_history File Access
5305:2-.history File Access
5305:3-.zhistory File Access
5306-SoftCart storemgr.pw File Access
5308-rpc-nlog.pl Command Execution
5309- handler CGI Command Execution
5312-*.jsp/*.jhtml Java Execution
5313-order.log File Access
5316-BadBlue Admin Command Exec
5317-Tivoli Endpoint Buffer Overflow
5318-Tivoli ManagedNode Buffer Overflow
5319-SoftCart orders Directory Access
5320-ColdFusion administrator Directory Access
-
Release version S28
3167-Format String in FTP username
3708-AnalogX Proxy Socks4a DNS Overflow
3709-AnalogX Proxy Web Proxy Overflow
3710-Cisco Secure ACS Directory Traversal
5282-IIS ExAir advsearch.asp Access
5282:1-IIS ExAir search.asp Access
5282:2-IIS ExAir query.asp Access
5287-SiteServer AdSamples SITE.CSC File Access
5288-Verity search97 Directory Traversal
5289-SQLXML ISAPI Buffer Overflow
5291-WEB-INF Dot File Disclosure
5292-SalesCart shop.mdb File Access
5293-robots.txt File Access
5295-finger CGI Recon
5296-Netscape Server PageServices Directory Access
5297-order_log.dat File Access
5298-shopper.conf File Access
5299-quikstore.cfg File Access
5300-reg_echo.cgi Recon
5301-/consolehelp/ CGI File Access
5302-/file/ WebLogic File Access
5303-pfdispaly.cgi Command Execution
5304-files.pl File Access
5314- windmail.exe Command Execution