Policy Violation signature series 10000 series

Policy Violation signature series 10000 series

The policy violation signatures apply to ACL violations. If you are not utilizing ACLs these alarms may or may not be utilized. Before you can use these the router(s) and sensor(s) need to be configured accordingly.

  • 10000:1000-IP-Spoof Interface 1: This signature fires on notification from the NetSentry device that an IP datagram has been received in which an IP address that is behind the router has been used as a source address in front of the router.

  • 10000:1001-IP-Spoof Interface 2: This signature fires on notification from the NetSentry device that an IP datagram has been received in which an IP address that is behind the router has been used as a source address in front of the router.

  • 11000-KaZaA v2 UDP Client Probe: Kazaa is a peer-to-peer (P2P) file sharing application distributed by Sharman Networks.

  • 11001-Gnutella Client Request: This signature fires when a peer-to-peer client program based on the gnutella protocol sending out a connection request.

  • 11002-Gnutella Server Reply: This signature fires when a peer-to-peer server program based on the gnutella protocol replying to a connection request.

  • 11003-Qtella File Request: This signature fires when the Qtella peer-to-peer file sharing client request a file from a sever.

  • 11004-Bearshare file request: This signature fires when the BearShare peer-to-peer file sharing client request a file from a sever.

  • 11005-KaZaA GET Request: The signature fires when a client request to the default KazaA server port (TCP 1214) is detected.

  • 11006-Gnucleus file request: This signature fires when the Gnucleaus peer-to-peer file sharing client request a file from a sever.

  • 11007-Limewire File Request: This signature fires when the LimeWire peer-to-peer file sharing client request a file from a sever.

  • 11008-Morpheus File Request: This signature fires when the Morpheus peer-to-peer file sharing client request a file from a sever.

  • 11009-Phex File Request: This signature fires when the Phex peer-to-peer file sharing client request a file from a sever.

  • 11010-Swapper File Request: This signature fires when the Swapper peer-to-peer file sharing client request a file from a sever.

  • 11011-XoloX File Request: This signature fires when the BearShare peer-to-peer file sharing client request a file from a sever.

  • 11012-GTK-Gnutella File Request: This signature fires when the GTK-Gnutella peer-to-peer file sharing client request a file from a sever.

  • 11013-Mutella File Request: This signature fires when the Mutella peer-to-peer file sharing client request a file from a sever.

  • 11014-Hotline Client Login: This signature is fired when a Hotline client logs into a hotline server.

  • 11015-Hotline File Transfer: This signature is fired when a Hotline file transfer is initiated.

  • 11016-Hotline Tracker Login: This signature is fired when a Hotline client contacts a Hotline tracker server.

  • 11200-Yahoo Messenger Activity: This signature fires when a Yahoo Messenger client login attempt to the default TCP port 5050 is detected.

  • 11201-MSN Messenger Activity: This signature fires when an MSN new connection attempt to the default TCP port 1863 is detected.

  • 11202-AOL / ICQ Activity: This signature fires when an AOL / ICQ new connection attempt to the default TCP port 5190 is detected.

  • 11203- IRC Channel Join: This signature fires when an atempt to join an IRC (Internet Relay Chat) channel is detected.

  • 11204-Jabber Activity: This signature fires when a Jabber client login attempt to the default TCP port is detected.