Detailed List of IPS rules used in ASG V7

Last update: Fri Jan 8 11:21:36 2010



Group Name# of attack rules# of warning rulesgoto
 
helper  0    450    goto rules ...  
 
OS         
OS / Windows  467    1    goto rules ...  
OS / Linux  345    0    goto rules ...  
OS / Other  19    0    goto rules ...  
 
Server         
Server / HTTP         
Server / HTTP / Common  155    121    goto rules ...  
Server / HTTP / Apache  11    0    goto rules ...  
Server / HTTP / Microsoft IIS  139    0    goto rules ...  
Server / HTTP / Other  104    0    goto rules ...  
Server / HTTP / Coldfusion  19    25    goto rules ...  
Server / HTTP / Frontpage  4    34    goto rules ...  
Server / HTTP / PHP  139    0    goto rules ...  
Server / HTTP / CGI  188    179    goto rules ...  
Server / Mail         
Server / Mail / Microsoft Exchange  2    3    goto rules ...  
Server / Mail / Sendmail  18    0    goto rules ...  
Server / Mail / POP3  27    1    goto rules ...  
Server / Mail / IMAP  59    1    goto rules ...  
Server / Mail / SMTP  57    11    goto rules ...  
Server / Database         
Server / Database / Microsoft  123    1    goto rules ...  
Server / Database / Oracle  603    28    goto rules ...  
Server / Database / MySQL  6    13    goto rules ...  
Server / Database / Common SQL         
Server / Database / Common SQL         
Server / Misc         
Server / Misc / DNS  22    0    goto rules ...  
Server / Misc / FTP  51    32    goto rules ...  
Server / Misc / SSH         
Server / Misc / Backup  2    0    goto rules ...  
Server / Misc / TFTP  6    10    goto rules ...  
Server / Misc / SNMP  0    12    goto rules ...  
Server / Misc / Authentication         
Server / Misc / CVS  0    9    goto rules ...  
 
Client         
Client / Office  90    0    goto rules ...  
Client / Browser  2678    0    goto rules ...  
Client / Email         
Client / Multimedia  5    0    goto rules ...  
Client / Peer to Peer         
Client / Instant Messenger         
 
Protocol Anomaly         
Protocol Anomaly / Invalid Traffic  15    0    goto rules ...  
Protocol Anomaly / ICMP  0    16    goto rules ...  
Protocol Anomaly / IGMP         
Protocol Anomaly / RPC  84    93    goto rules ...  
Protocol Anomaly / Misc  46    37    goto rules ...  
 
Malware  948    0    goto rules ...  
Malware / Trojans  568    0    goto rules ...  
Malware / DoS  71    25    goto rules ...  

 goto Top

Group: helper

# of attack rules in this group: 0

# of warning rules in this group: 450

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
2419MULTIMEDIA realplayer .ram playlist download attempt (more info ...)misc-activity    
2420MULTIMEDIA realplayer .rmp playlist download attempt (more info ...)misc-activity    
2421MULTIMEDIA realplayer .smi playlist download attempt (more info ...)misc-activity    
2422MULTIMEDIA realplayer .rt playlist download attempt (more info ...)misc-activity    
2423MULTIMEDIA realplayer .rp playlist download attempt (more info ...)misc-activity    
2520WEB-MISC SSLv3 Client_Hello request (more info ...)protocol-command-decode    
2521WEB-MISC SSLv3 Server_Hello request (more info ...)protocol-command-decode    
2527SMTP STARTTLS attempt (more info ...)protocol-command-decode    
2529IMAP SSLv3 Client_Hello request (more info ...)protocol-command-decode    
2530IMAP SSLv3 Server_Hello request (more info ...)protocol-command-decode    
2535POP3 SSLv3 Client_Hello request (more info ...)protocol-command-decode    
2536POP3 SSLv3 Server_Hello request (more info ...)protocol-command-decode    
2542SMTP SSLv3 Client_Hello request (more info ...)protocol-command-decode    
2543SMTP SSLv3 Server_Hello request (more info ...)protocol-command-decode    
2658WEB-MISC SSLv2 Client_Hello request (more info ...)protocol-command-decode    
2659WEB-MISC SSLv2 Client_Hello with pad request (more info ...)protocol-command-decode    
2660WEB-MISC SSLv2 Server_Hello request (more info ...)protocol-command-decode    
2661WEB-MISC TLSv1 Client_Hello request (more info ...)protocol-command-decode    
2662WEB-MISC TLSv1 Server_Hello request (more info ...)protocol-command-decode    
2706WEB-CLIENT JPEG transfer (more info ...)protocol-command-decode    
3009BACKDOOR NetBus Pro 2.0 connection request (more info ...)misc-activity    
3013BACKDOOR Asylum 0.1 connection request (more info ...)misc-activity    
3059WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request (more info ...)protocol-command-decode    
3063BACKDOOR Vampire 1.2 connection request (more info ...)misc-activity    
3081BACKDOOR Y3KRAT 1.5 Connect (more info ...)misc-activity    
3082BACKDOOR Y3KRAT 1.5 Connect Client Response (more info ...)misc-activity    
3135NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (more info ...)protocol-command-decode    
3136NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (more info ...)protocol-command-decode    
3137NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (more info ...)protocol-command-decode    
3138NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (more info ...)protocol-command-decode    
3139NETBIOS SMB Trans2 FIND_FIRST2 attempt (more info ...)protocol-command-decode    
3140NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (more info ...)protocol-command-decode    
3141NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (more info ...)protocol-command-decode    
3142NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (more info ...)protocol-command-decode    
3487IMAP SSLv2 Client_Hello request (more info ...)protocol-command-decode    
3488IMAP SSLv2 Client_Hello with pad request (more info ...)protocol-command-decode    
3489IMAP TLSv1 Client_Hello request (more info ...)protocol-command-decode    
3490IMAP TLSv1 Client_Hello via SSLv2 handshake request (more info ...)protocol-command-decode    
3491IMAP SSLv2 Server_Hello request (more info ...)protocol-command-decode    
3492IMAP TLSv1 Server_Hello request (more info ...)protocol-command-decode    
3493SMTP SSLv2 Client_Hello request (more info ...)protocol-command-decode    
3494SMTP SSLv2 Client_Hello with pad request (more info ...)protocol-command-decode    
3495SMTP TLSv1 Client_Hello request (more info ...)protocol-command-decode    
3496SMTP TLSv1 Client_Hello via SSLv2 handshake request (more info ...)protocol-command-decode    
3497SMTP SSLv2 Server_Hello request (more info ...)protocol-command-decode    
3498SMTP TLSv1 Server_Hello request (more info ...)protocol-command-decode    
3499POP3 SSLv2 Client_Hello request (more info ...)protocol-command-decode    
3500POP3 SSLv2 Client_Hello with pad request (more info ...)protocol-command-decode    
3501POP3 TLSv1 Client_Hello request (more info ...)protocol-command-decode    
3502POP3 TLSv1 Client_Hello via SSLv2 handshake request (more info ...)protocol-command-decode    
3503POP3 SSLv2 Server_Hello request (more info ...)protocol-command-decode    
3504POP3 TLSv1 Server_Hello request (more info ...)protocol-command-decode    
3535WEB-CLIENT GIF transfer (more info ...)protocol-command-decode    
3551WEB-CLIENT .hta download attempt (more info ...)not-suspicious    
3633WEB-CLIENT bitmap transfer (more info ...)protocol-command-decode    
3665MYSQL server greeting (more info ...)attempted-user 2004-0627 10655 12639 URL
3666MYSQL server greeting finished (more info ...)attempted-user 2004-0627 10655 12639 URL
3819WEB-CLIENT multipacket CHM file transfer start (more info ...)protocol-command-decode    
3822WEB-MISC Real Player realtext long URI request (more info ...)protocol-command-decode    
4143EXPLOIT lpd receive printer job cascade adaptor protocol request (more info ...)protocol-command-decode    
4194WEB-CLIENT multipacket CBO CBL CBM file transfer start (more info ...)protocol-command-decode    
4678WEB-CLIENT quicktime movie file transfer (more info ...)protocol-command-decode    
5685SMTP TLSv1 Client_Hello via SSLv2 handshake request (more info ...)protocol-command-decode    
5686SMTP TLSv1 Server_Hello request (more info ...)protocol-command-decode    
5687SMTP SSLv2 Client_Hello request (more info ...)protocol-command-decode    
5688SMTP SSLv2 Client_Hello with pad request (more info ...)protocol-command-decode    
5689SMTP TLSv1 Client_Hello request (more info ...)protocol-command-decode    
5690SMTP SSLv3 Client_Hello request (more info ...)protocol-command-decode    
5691SMTP SSLv2 Server_Hello request (more info ...)protocol-command-decode    
5740WEB-CLIENT Microsoft HTML help workshop file .hhp download attempt (more info ...)misc-activity    
5771SPYWARE-PUT Screen-Scraper farsighter runtime detection - initial connection (more info ...)successful-recon-limited    URL
5813SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (more info ...)misc-activity    
5815SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory redirection (more info ...)misc-activity    
5817SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (more info ...)misc-activity    
5818SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - check status (more info ...)misc-activity    
5820SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (more info ...)misc-activity    
5822SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - view netstat (more info ...)misc-activity    
5873SPYWARE-PUT Snoopware pc acme pro runtime detection (more info ...)successful-recon-limited    URL
5895SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (more info ...)misc-activity    
5957SPYWARE-PUT Hacker-Tool ghostvoice 1.02 runtime detection (more info ...)misc-activity    
6010EXPLOIT VERITAS NetBackup vnetd connection attempt (more info ...)protocol-command-decode    
6012BACKDOOR coolcat runtime connection detection - tcp 1 (more info ...)trojan-activity    URL
6013BACKDOOR coolcat runtime connection detection - tcp 2 (more info ...)trojan-activity    URL
6015BACKDOOR dsk lite 1.0 runtime detection - initial connection (more info ...)trojan-activity    URL
6030BACKDOOR fkwp 2.0 runtime detection - connection attempt client-to-server (more info ...)trojan-activity    URL
6034BACKDOOR minicommand runtime detection - initial connection client-to-server (more info ...)trojan-activity    URL
6040BACKDOOR fade 1.0 runtime detection - enable keylogger (more info ...)trojan-activity    URL
6044BACKDOOR fear 0.2 runtime detection - initial connection (more info ...)trojan-activity    URL
6045BACKDOOR fear 0.2 runtime detection - initial connection (more info ...)trojan-activity    URL
6047BACKDOOR fun factory runtime detection - connect (more info ...)trojan-activity    URL
6049BACKDOOR fun factory runtime detection - upload (more info ...)trojan-activity    URL
6051BACKDOOR fun factory runtime detection - set volume (more info ...)trojan-activity    URL
6053BACKDOOR fun factory runtime detection - do script remotely (more info ...)trojan-activity    URL
6055BACKDOOR bifrose 1.1 runtime detection (more info ...)trojan-activity    URL
6056BACKDOOR bifrose 1.1 runtime detection (more info ...)trojan-activity    URL
6060BACKDOOR neurotickat1.3 runtime detection - initial connection (more info ...)trojan-activity    URL
6061BACKDOOR neurotickat1.3 runtime detection - initial connection (more info ...)trojan-activity    URL
6063BACKDOOR schwindler 1.82 runtime detection (more info ...)trojan-activity    URL
6065BACKDOOR optixlite 1.0 runtime detection - connection success client-to-server (more info ...)trojan-activity    URL
6072BACKDOOR freak 1.0 runtime detection - initial connection client-to-server (more info ...)trojan-activity    URL
6074BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (more info ...)trojan-activity    URL
6077BACKDOOR autospy runtime detection - get information (more info ...)trojan-activity    
6079BACKDOOR autospy runtime detection - show autospy (more info ...)trojan-activity    
6081BACKDOOR autospy runtime detection - show nude pic (more info ...)trojan-activity    
6083BACKDOOR autospy runtime detection - hide taskbar (more info ...)trojan-activity    
6085BACKDOOR autospy runtime detection - make directory (more info ...)trojan-activity    
6087BACKDOOR a trojan 2.0 runtime detection (more info ...)trojan-activity    
6089BACKDOOR a trojan 2.0 runtime detection (more info ...)trojan-activity    
6091BACKDOOR a trojan 2.0 runtime detection (more info ...)trojan-activity    
6093BACKDOOR a trojan 2.0 runtime detection (more info ...)trojan-activity    
6095BACKDOOR a trojan 2.0 runtime detection (more info ...)trojan-activity    
6097BACKDOOR alvgus 2000 runtime detection (more info ...)trojan-activity    
6099BACKDOOR alvgus 2000 runtime detection (more info ...)trojan-activity    
6101BACKDOOR alvgus 2000 runtime detection (more info ...)trojan-activity    
6103BACKDOOR alvgus 2000 runtime detection (more info ...)trojan-activity    
6105BACKDOOR alvgus 2000 runtime detection (more info ...)trojan-activity    
6108BACKDOOR dagger v1.1.40 runtime detection (more info ...)trojan-activity    URL
6111BACKDOOR optix 1.32 runtime detection - init conn (more info ...)trojan-activity    URL
6112BACKDOOR optix 1.32 runtime detection - init conn (more info ...)trojan-activity    URL
6116BACKDOOR fore v1.0 beta runtime detection - init conn (more info ...)trojan-activity    URL
6118BACKDOOR net runner runtime detection - initial connection client-to-server (more info ...)trojan-activity    URL
6120BACKDOOR net runner runtime detection - download file client-to-server (more info ...)trojan-activity    URL
6123BACKDOOR ambush 1.0 runtime detection - ping client-to-server (more info ...)trojan-activity    URL
6125BACKDOOR dkangel runtime detection - smtp (more info ...)trojan-activity    URL
6129BACKDOOR chupacabra 1.0 runtime detection (more info ...)trojan-activity    
6131BACKDOOR chupacabra 1.0 runtime detection (more info ...)trojan-activity    
6140BACKDOOR hellzaddiction v1.0e runtime detection - init conn (more info ...)trojan-activity    URL
6144BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (more info ...)trojan-activity    URL
6145BACKDOOR mantis runtime detection - sent notify option server-to-client (more info ...)trojan-activity    URL
6147BACKDOOR mantis runtime detection - go to address client-to-server (more info ...)trojan-activity    URL
6149BACKDOOR netcontrol v1.0.8 runtime detection (more info ...)trojan-activity    URL
6152BACKDOOR dirtxt runtime detection - chdir client-to-server (more info ...)trojan-activity    URL
6154BACKDOOR dirtxt runtime detection - info client-to-server (more info ...)trojan-activity    URL
6156BACKDOOR dirtxt runtime detection - view client-to-server (more info ...)trojan-activity    URL
6164BACKDOOR psyrat 1.0 runtime detection (more info ...)trojan-activity    URL
6167BACKDOOR unicorn runtime detection - set wallpaper client-to-server (more info ...)trojan-activity    URL
6169BACKDOOR digital rootbeer runtime detection (more info ...)trojan-activity    URL
6171BACKDOOR cookie monster 0.24 runtime detection (more info ...)trojan-activity    
6173BACKDOOR cookie monster 0.24 runtime detection (more info ...)trojan-activity    
6180BACKDOOR netraider 0.0 runtime detection (more info ...)trojan-activity    URL
6285BACKDOOR antilamer 1.1 runtime detection - set flowbit (more info ...)trojan-activity    URL
6289BACKDOOR netspy runtime detection - command pattern client-to-server (more info ...)trojan-activity    URL
6293BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (more info ...)trojan-activity    URL
6294BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (more info ...)trojan-activity    URL
6302BACKDOOR cia runtime detection - initial connection - set flowbit (more info ...)trojan-activity    URL
6304BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (more info ...)trojan-activity    URL
6307BACKDOOR lamespy runtime detection - initial connection - set flowbit (more info ...)trojan-activity    URL
6309BACKDOOR net demon runtime detection - initial connection - password request (more info ...)trojan-activity    URL
6310BACKDOOR net demon runtime detection - initial connection - password send (more info ...)trojan-activity    URL
6312BACKDOOR net demon runtime detection - message send (more info ...)trojan-activity    URL
6314BACKDOOR net demon runtime detection - open browser request (more info ...)trojan-activity    URL
6316BACKDOOR net demon runtime detection - file manager request (more info ...)trojan-activity    URL
6320BACKDOOR ptakks2.1 runtime detection - keepalive (more info ...)trojan-activity    URL
6323BACKDOOR 3xBackdoor runtime detection - set flowbit (more info ...)trojan-activity    URL
6326BACKDOOR fucktrojan 1.2 runtime detection - flood (more info ...)trojan-activity    
6329BACKDOOR commando runtime detection - chat client-to-server (more info ...)trojan-activity    URL
6335BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (more info ...)trojan-activity    URL
6337BACKDOOR hatredfriend file manage command - set flowbit (more info ...)trojan-activity    URL
6390SPYWARE-PUT Adware esyndicate runtime detection - ads popup (more info ...)misc-activity    
6400BACKDOOR snowdoor runtime detection client-to-server (more info ...)trojan-activity    URL
6404EXPLOIT Veritas NetBackup Volume Manager connection attempt (more info ...)protocol-command-decode    
6469EXPLOIT RealVNC connection attempt (more info ...)protocol-command-decode    
6470EXPLOIT RealVNC authentication types sent attempt (more info ...)protocol-command-decode    
6472BACKDOOR bugs runtime detection - file manager client-to-server (more info ...)trojan-activity    URL
6475BACKDOOR badrat 1.1 runtime detection - flowbit set (more info ...)trojan-activity    URL
6497BACKDOOR exploiter 1.0 runtime detection (more info ...)trojan-activity    URL
6499BACKDOOR omerta 1.3 runtime detection (more info ...)trojan-activity    URL
6500BACKDOOR omerta 1.3 runtime detection (more info ...)trojan-activity    URL
6688WEB-CLIENT PNG file transfer (more info ...)protocol-command-decode    
7023WEB-CLIENT xls file download (more info ...)misc-activity    URL
7047WEB-CLIENT excel object record overflow attempt (more info ...)attempted-user 2006-1306   URL
7058BACKDOOR charon runtime detection - download file flowbit 1 (more info ...)trojan-activity    URL
7059BACKDOOR charon runtime detection - download file/log flowbit 2 (more info ...)trojan-activity    URL
7061BACKDOOR charon runtime detection - download log flowbit 1 (more info ...)trojan-activity    URL
7065BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (more info ...)trojan-activity    URL
7066BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (more info ...)trojan-activity    URL
7078BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (more info ...)trojan-activity    URL
7079BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (more info ...)trojan-activity    URL
7080BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (more info ...)trojan-activity    URL
7082BACKDOOR mosucker3.0 runtime detection - client-to-server (more info ...)trojan-activity    URL
7085BACKDOOR erazer v1.1 runtime detection (more info ...)trojan-activity    URL
7087BACKDOOR sinique 1.0 runtime detection - initial connection with correct password client-to-server (more info ...)trojan-activity    URL
7089BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password -client-to-server (more info ...)trojan-activity    URL
7101BACKDOOR gwboy 0.92 runtime detection (more info ...)trojan-activity    URL
7104BACKDOOR aol admin runtime detection (more info ...)trojan-activity    URL
7106BACKDOOR girlfriend runtime detection (more info ...)trojan-activity    URL
7111BACKDOOR fearless lite 1.01 runtime detection (more info ...)trojan-activity    URL
7113BACKDOOR donalddick v1.5b3 runtime detection (more info ...)trojan-activity    URL
7119BACKDOOR y3k 1.2 runtime detection (more info ...)trojan-activity    URL
7121BACKDOOR y3k 1.2 runtime detection (more info ...)trojan-activity    URL
7157SPYWARE-PUT Keylogger win-spy runtime detection - remote conn client-to-server (more info ...)successful-recon-limited    URL
7159SPYWARE-PUT Keylogger win-spy runtime detection - upload file client-to-server (more info ...)successful-recon-limited    URL
7161SPYWARE-PUT Keylogger win-spy runtime detection - download file client-to-server (more info ...)successful-recon-limited    URL
7163SPYWARE-PUT Keylogger win-spy runtime detection - execute file client-to-server (more info ...)successful-recon-limited    URL
7165SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (more info ...)successful-recon-limited    URL
7166SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 2 (more info ...)successful-recon-limited    URL
7167SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 3 (more info ...)successful-recon-limited    URL
7168SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange - flowbit set 4 (more info ...)successful-recon-limited    URL
7175SPYWARE-PUT Keylogger ab system spy runtime detection - log retrieve (more info ...)successful-recon-limited    URL
7178SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (more info ...)successful-recon-limited    
7179SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (more info ...)successful-recon-limited    
7506SPYWARE-PUT Hacker-Tool coma runtime detection - init connection - flowbit set (more info ...)misc-activity    
7508SPYWARE-PUT Hacker-Tool coma runtime detection - ping - flowbit set (more info ...)misc-activity    
7512SPYWARE-PUT Keylogger watchdog runtime detection - init connection - flowbit set (more info ...)successful-recon-limited    URL
7544SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 1 (more info ...)successful-recon-limited    URL
7545SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (more info ...)successful-recon-limited    URL
7583SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set big (more info ...)misc-activity    URL
7584SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set open (more info ...)misc-activity    URL
7585SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set image (more info ...)misc-activity    URL
7591SPYWARE-PUT Keylogger keylogger pro runtime detection - flowbit set (more info ...)successful-recon-limited    
7596SPYWARE-PUT Keylogger spy lantern keylogger runtime detection - flowbit set (more info ...)successful-recon-limited    URL
7602SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver - flowbit set (more info ...)successful-recon-limited    URL
7604BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (more info ...)trojan-activity    
7606BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (more info ...)trojan-activity    
7608BACKDOOR katux 2.0 runtime detection - chat - flowbit set (more info ...)trojan-activity    
7617BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (more info ...)trojan-activity    
7618BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (more info ...)trojan-activity    
7620BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (more info ...)trojan-activity    
7621BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (more info ...)trojan-activity    
7622BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (more info ...)trojan-activity    
7625BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (more info ...)trojan-activity    
7626BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (more info ...)trojan-activity    
7627BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (more info ...)trojan-activity    
7628BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (more info ...)trojan-activity    
7631BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (more info ...)trojan-activity    URL
7633BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (more info ...)trojan-activity    URL
7635BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (more info ...)trojan-activity    URL
7641BACKDOOR am remote client runtime detection - client-to-server (more info ...)trojan-activity    URL
7645BACKDOOR snipernet 2.1 runtime detection - flowbit set (more info ...)trojan-activity    URL
7648BACKDOOR minicom lite runtime detection - client-to-server (more info ...)trojan-activity    URL
7650BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7652BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set (more info ...)trojan-activity    URL
7654BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set (more info ...)trojan-activity    URL
7656BACKDOOR diems mutter runtime detection - client-to-server (more info ...)trojan-activity    URL
7660BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (more info ...)trojan-activity    
7662BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    
7664BACKDOOR screen control 1.0 runtime detection - flowbit set (more info ...)trojan-activity    URL
7668BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (more info ...)trojan-activity    URL
7673BACKDOOR remote havoc runtime detection - flowbit set 1 (more info ...)trojan-activity    URL
7674BACKDOOR remote havoc runtime detection - flowbit set 2 (more info ...)trojan-activity    URL
7676BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7678BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (more info ...)trojan-activity    URL
7680BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (more info ...)trojan-activity    URL
7682BACKDOOR acid head 1.00 runtime detection - flowbit set (more info ...)trojan-activity    URL
7685BACKDOOR illusion runtime detection - get remote info client-to-server (more info ...)trojan-activity    URL
7687BACKDOOR illusion runtime detection - file browser client-to-server (more info ...)trojan-activity    URL
7690BACKDOOR evade runtime detection - file manager - flowbit set (more info ...)trojan-activity    URL
7695BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (more info ...)trojan-activity    URL
7696BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (more info ...)trojan-activity    URL
7698BACKDOOR brain wiper runtime detection - launch application - flowbit set (more info ...)trojan-activity    URL
7700BACKDOOR brain wiper runtime detection - chat - flowbit set (more info ...)trojan-activity    URL
7702BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (more info ...)trojan-activity    
7705BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (more info ...)trojan-activity    
7708BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7709BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7714BACKDOOR netdevil runtime detection - flowbit set 1 (more info ...)trojan-activity    URL
7715BACKDOOR netdevil runtime detection - flowbit set 2 (more info ...)trojan-activity    URL
7718BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7726BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (more info ...)trojan-activity    
7728BACKDOOR radmin runtime detection - client-to-server (more info ...)trojan-activity    URL
7731BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (more info ...)trojan-activity    URL
7734BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7736BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set (more info ...)trojan-activity    URL
7740BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (more info ...)trojan-activity    URL
7742BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (more info ...)trojan-activity    URL
7744BACKDOOR phoenix 2.1 runtime detection - flowbit set (more info ...)trojan-activity    
7746BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    
7748BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (more info ...)trojan-activity    
7750BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (more info ...)trojan-activity    
7751BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (more info ...)trojan-activity    
7753BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (more info ...)trojan-activity    
7754BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (more info ...)trojan-activity    
7756BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set (more info ...)trojan-activity    URL
7764BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (more info ...)trojan-activity    URL
7766BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (more info ...)trojan-activity    URL
7768BACKDOOR data rape runtime detection - execute program client-to-server (more info ...)trojan-activity    URL
7770BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (more info ...)trojan-activity    
7772BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (more info ...)trojan-activity    
7774BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (more info ...)trojan-activity    
7776BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (more info ...)trojan-activity    
7782BACKDOOR netdevil runtime detection - file manager - flowbit set (more info ...)trojan-activity    URL
7784BACKDOOR forced control uploader runtime detection - connection with password - flowbit set (more info ...)trojan-activity    URL
7786BACKDOOR forced control uploader runtime detection directory listing - flowbit set 1 (more info ...)trojan-activity    URL
7787BACKDOOR forced control uploader runtime detection directory listing - flowbit set 2 (more info ...)trojan-activity    URL
7788BACKDOOR forced control uploader runtime detection directory listing - flowbit set 3 (more info ...)trojan-activity    URL
7789BACKDOOR forced control uploader runtime detection directory listing - flowbit set 4 (more info ...)trojan-activity    URL
7794BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (more info ...)trojan-activity    URL
7795BACKDOOR incommand 1.7 runtime detection - init connection (more info ...)trojan-activity    
7797BACKDOOR incommand 1.7 runtime detection - file manage 1 (more info ...)trojan-activity    
7799BACKDOOR incommand 1.7 runtime detection - file manage 2 (more info ...)trojan-activity    
7808BACKDOOR fatal wound 1.0 runtime detection - upload (more info ...)trojan-activity    URL
7811BACKDOOR abacab runtime detection - telnet initial (more info ...)trojan-activity    URL
7813BACKDOOR darkmoon initial connection detection - cts (more info ...)trojan-activity    URL
7815BACKDOOR darkmoon reverse connection detection - stc (more info ...)trojan-activity    URL
7817BACKDOOR infector v1.0 runtime detection - init conn (more info ...)trojan-activity    URL
7819BACKDOOR nightcreature beta 0.01 runtime detection (more info ...)trojan-activity    URL
7820BACKDOOR nightcreature beta 0.01 runtime detection (more info ...)trojan-activity    URL
7834SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (more info ...)misc-activity    
7845SPYWARE-PUT Keylogger clogger 1.0 runtime detection (more info ...)successful-recon-limited    
7846SPYWARE-PUT Keylogger clogger 1.0 runtime detection (more info ...)successful-recon-limited    
8075BACKDOOR mithril runtime detection - get system information (more info ...)trojan-activity    URL
8077BACKDOOR mithril runtime detection - get process list (more info ...)trojan-activity    URL
8355SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection (more info ...)successful-recon-limited    
8465SPYWARE-PUT Keylogger netobserve runtime detection - email notification (more info ...)successful-recon-limited    URL
8470BACKDOOR superspy 2.0 beta runtime detection - get system info (more info ...)trojan-activity    
8472BACKDOOR superspy 2.0 beta runtime detection - screen capture 2 (more info ...)trojan-activity    
8474BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage 2 (more info ...)trojan-activity    
8547BACKDOOR zzmm 2.0 runtime detection - init connection (more info ...)trojan-activity    
8704SMTP YPOPS Banner (more info ...)not-suspicious    
9649SPYWARE-PUT Keylogger ghost Keylogger runtime detection - flowbit set (more info ...)successful-recon-limited    URL
9654BACKDOOR apofis 1.0 runtime detection - remote controlling (more info ...)trojan-activity    
9656BACKDOOR bersek 1.0 runtime detection (more info ...)trojan-activity    
9658BACKDOOR bersek 1.0 runtime detection (more info ...)trojan-activity    
9660BACKDOOR bersek 1.0 runtime detection (more info ...)trojan-activity    
9662BACKDOOR bersek 1.0 runtime detection (more info ...)trojan-activity    
9664BACKDOOR crossbow 1.12 runtime detection (more info ...)trojan-activity    
9837BACKDOOR sun shadow 1.70 runtime detection - init connection (more info ...)trojan-activity    
9845WEB-CLIENT M3U File Download Detected (more info ...)misc-activity    
10097SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection (more info ...)successful-recon-limited    
10099SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection (more info ...)successful-recon-limited    
10103BACKDOOR hav-rat 1.1 runtime detection (more info ...)trojan-activity    
10104BACKDOOR hav-rat 1.1 runtime detection (more info ...)trojan-activity    
10110BACKDOOR poison ivy 2.1.2 runtime detection (more info ...)trojan-activity    
10450BACKDOOR only 1 rat runtime detection - control command (more info ...)trojan-activity    
10455BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (more info ...)trojan-activity    
10460BACKDOOR winicabras 1.1 runtime detection - get system info (more info ...)trojan-activity    
10462BACKDOOR winicabras 1.1 runtime detection - explorer (more info ...)trojan-activity    
10996WEB-MISC SSLv3 Client_Hello request (more info ...)protocol-command-decode    
11322BACKDOOR sohoanywhere runtime detection (more info ...)trojan-activity    
11671WEB-MISC SSLv2 Server_Hello request from SSLv3 Client_Hello request (more info ...)protocol-command-decode    
11953BACKDOOR supervisor plus runtime detection (more info ...)trojan-activity    
11965WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (more info ...)protocol-command-decode    
12054BACKDOOR tron runtime detection - init connection - flowbit set (more info ...)trojan-activity    
12129SPYWARE-PUT Keylogger remotekeylog.b runtime detection - get sys info (more info ...)successful-recon-limited    
12131SPYWARE-PUT Keylogger remotekeylog.b runtime detection - keylogging (more info ...)successful-recon-limited    
12133SPYWARE-PUT Keylogger remotekeylog.b runtime detection - open url (more info ...)successful-recon-limited    
12135SPYWARE-PUT Keylogger remotekeylog.b runtime detection - fun (more info ...)successful-recon-limited    
12142BACKDOOR access remote pc runtime detection - init connection (more info ...)trojan-activity    
12144BACKDOOR access remote pc runtime detection - rpc setup (more info ...)trojan-activity    
12146BACKDOOR blue eye 1.0b runtime detection - init connection (more info ...)trojan-activity    
12148BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (more info ...)trojan-activity    
12150BACKDOOR cafeini 1.0 runtime detection - init connection (more info ...)trojan-activity    
12153BACKDOOR optix pro v1.32 runtime detection - download file (more info ...)trojan-activity    
12154BACKDOOR optix pro v1.32 runtime detection - download file (more info ...)trojan-activity    
12156BACKDOOR optix pro v1.32 runtime detection - upload file (more info ...)trojan-activity    
12157BACKDOOR optix pro v1.32 runtime detection - upload file (more info ...)trojan-activity    
12160BACKDOOR optix pro v1.32 runtime detection - screen capturing (more info ...)trojan-activity    
12161BACKDOOR optix pro v1.32 runtime detection - screen capturing (more info ...)trojan-activity    
12163BACKDOOR cobra uploader 1.0 runtime detection (more info ...)trojan-activity    
12165BACKDOOR lithium 1.02 runtime detection (more info ...)trojan-activity    
12233BACKDOOR theef 2.10 runtime detection - connect with no password (more info ...)trojan-activity    
12235BACKDOOR theef 2.10 runtime detection - connect with password (more info ...)trojan-activity    
12237BACKDOOR theef 2.10 runtime detection - ftp (more info ...)trojan-activity    
12240BACKDOOR genie 1.7 runtime detection - init connection (more info ...)trojan-activity    
12242BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (more info ...)trojan-activity    
12283WEB-CLIENT xlw file download (more info ...)misc-activity    URL
12285WEB-CLIENT Excel Workspace file download (more info ...)misc-activity    URL
12297BACKDOOR bifrost v1.2.1 runtime detection (more info ...)trojan-activity    
12373BACKDOOR radmin 3.0 runtime detection - initial connection (more info ...)trojan-activity    
12375BACKDOOR radmin 3.0 runtime detection - login & remote control (more info ...)trojan-activity    
12377BACKDOOR shark 2.3.2 runtime detection (more info ...)trojan-activity    
12699BACKDOOR poison ivy 2.3.0 runtime detection - init connection (more info ...)trojan-activity    
12701BACKDOOR poison ivy 2.3.0 runtime detection - server connection (more info ...)trojan-activity    
12724BACKDOOR dark moon 4.11 runtime detection (more info ...)trojan-activity    
12726BACKDOOR bandook 1.35 runtime detection (more info ...)trojan-activity    
12758SPYWARE-PUT Keylogger/RAT digi watcher 2.32 runtime detection (more info ...)successful-recon-limited    
12760SPYWARE-PUT Keylogger powered Keylogger 2.2 runtime detection (more info ...)successful-recon-limited    
12792SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (more info ...)successful-recon-limited    
13236SPYWARE-PUT Keylogger active Keylogger 3.9.2 runtime detection (more info ...)successful-recon-limited    
13243SPYWARE-PUT Keylogger computer monitor 1.1 by lastcomfort runtime detection (more info ...)successful-recon-limited    
13245BACKDOOR troya 1.4 runtime detection - init connection (more info ...)trojan-activity    
13247BACKDOOR yuri 1.2 runtime detection - init connection (more info ...)trojan-activity    
13278SPYWARE-PUT Keylogger advanced spy 4.0 runtime detection (more info ...)successful-recon-limited    
13280SPYWARE-PUT Keylogger email spy monitor 6.9 runtime detection (more info ...)successful-recon-limited    
13346SPYWARE-PUT Snoopware remote desktop inspector runtime detection - init connection (more info ...)successful-recon-limited    
13465WEB-CLIENT Microsoft Works file download request (more info ...)misc-activity    
13473EXPLOIT Microsoft Publisher file download (more info ...)misc-activity    
13479SPYWARE-PUT Keylogger findnot guarddog 4.0 runtime detection (more info ...)successful-recon-limited    
13483SPYWARE-PUT Hijacker baidu toolbar runtime detection - updates automatically (more info ...)misc-activity    
13506BACKDOOR evilotus 1.3.2 runtime detection - init connection (more info ...)trojan-activity    
13508BACKDOOR xploit 1.4.5 runtime detection (more info ...)trojan-activity    
13515WEB-CLIENT Quicktime user agent (more info ...)misc-activity    
13584WEB-CLIENT csv file download request (more info ...)misc-activity 2008-0112   URL
13611EXPLOIT RealVNC client response (more info ...)misc-activity 2006-2369 17978  URL
13627WEB-CLIENT Microsoft Access file download request (more info ...)misc-activity    URL
13654BACKDOOR nuclear rat 2.1 runtime detection - init connection (more info ...)trojan-activity    
13678MISC Microsoft EMF metafile access detected (more info ...)attempted-user 2008-1087   URL
13709MYSQL yaSSL SSLv2 Server_Hello request (more info ...)protocol-command-decode    
13710MYSQL yaSSL TLSv1 Server_Hello request (more info ...)protocol-command-decode    
13767SPYWARE-PUT Keylogger cyber sitter runtime detection (more info ...)successful-recon-limited    
13797WEB-CLIENT pe compact binary download (more info ...)misc-activity    
13801WEB-CLIENT RTF file download (more info ...)protocol-command-decode    
13877BACKDOOR trojan-spy.win32.delf.uv runtime detection (more info ...)trojan-activity    
13880EXPLOIT RealVNC server authentication version array check (more info ...)misc-activity 2006-2369 17978  URL
13882POLICY RealVNC Server configured not to require authentication (more info ...)misc-activity    URL
13915WEB-MISC backup file download attempt (more info ...)misc-activity    
13938SPYWARE-PUT Hijacker adware.win32.ejik.ec variant runtime detection (more info ...)misc-activity    
13943SPYWARE-PUT Trickler dropper agent.rqg runtime detection (more info ...)trojan-activity    
13982WEB-CLIENT Microsoft Powerpoint file download attempt (more info ...)misc-activity    
13983WEB-CLIENT Microsoft Office eps file download (more info ...)misc-activity    
14017WEB-CLIENT MPEG Layer 3 playlist file request (more info ...)misc-activity    
14018WEB-CLIENT PLS multimedia playlist file request (more info ...)misc-activity    
14264MULTIMEDIA Windows Media Player playlist download (more info ...)misc-activity    
15013WEB-MISC Adobe Portable Document Format file download attempt (more info ...)misc-activity    
15079WEB-MISC WAV Formatfile download attempt (more info ...)misc-activity    
15123WEB-CLIENT Rich Text Format file request (more info ...)misc-activity    
15158WEB-MISC XML Shareable Playlist Format file download attempt (more info ...)misc-activity    
15237WEB-MISC Java .class file download attempt (more info ...)misc-activity    
15239WEB-MISC RealMedia format file download attempt (more info ...)misc-activity    
15240WEB-MISC RealMedia format file download attempt (more info ...)misc-activity    
15294WEB-CLIENT Microsoft Visio file download request (more info ...)misc-activity    
15319NETBIOS-DG SMB /sql/query create tree attempt (more info ...)protocol-command-decode    
15320NETBIOS-DG SMB /sql/query unicode create tree attempt (more info ...)protocol-command-decode    
15321NETBIOS SMB /sql/query create tree attempt (more info ...)protocol-command-decode    
15322NETBIOS SMB /sql/query unicode create tree attempt (more info ...)protocol-command-decode    
15323NETBIOS-DG SMB /sql/query andx create tree attempt (more info ...)protocol-command-decode    
15324NETBIOS-DG SMB /sql/query unicode andx create tree attempt (more info ...)protocol-command-decode    
15325NETBIOS SMB /sql/query andx create tree attempt (more info ...)protocol-command-decode    
15326NETBIOS SMB /sql/query unicode andx create tree attempt (more info ...)protocol-command-decode    
15361POLICY pdf file sent via email (more info ...)policy-violation    
15426WEB-CLIENT MAKI file request (more info ...)misc-activity    
15427WEB-MISC SVG file request (more info ...)misc-activity    
15463WEB-CLIENT Microsoft Excel file request (more info ...)misc-activity    
15464WEB-CLIENT Microsoft Excel file request (more info ...)misc-activity    
15471WEB-CLIENT asp file upload (more info ...)misc-activity    
15516WEB-CLIENT AVI multimedia file request (more info ...)misc-activity    
15582WEB-MISC ARJ format file download attempt (more info ...)misc-activity    
15585WEB-CLIENT Excel file download request (more info ...)protocol-command-decode    
15586WEB-CLIENT Powerpoint file download request (more info ...)protocol-command-decode    
15587WEB-CLIENT Word file download request (more info ...)protocol-command-decode    
15865WEB-CLIENT MP4 file request (more info ...)misc-activity    
15870WEB-MISC 4xm file request (more info ...)misc-activity    
15898WEB-MISC Audio Interchange File Format download request (more info ...)misc-activity    
15899WEB-MISC Audio Interchange File Format file request (more info ...)misc-activity    
15900WEB-MISC Audio Interchange File Format request (more info ...)misc-activity    
15921WEB-CLIENT Microsoft media format file download request (more info ...)misc-activity    
15922WEB-CLIENT mp3 file download request (more info ...)misc-activity    
15945WEB-CLIENT RSS file download request (more info ...)misc-activity    
15987WEB-MISC Microsoft Visio DXF file download request (more info ...)misc-activity    
16026WEB-CLIENT midi file download attempt (more info ...)misc-activity    
16061MISC X PixMap file download (more info ...)misc-activity    
16093BACKDOOR bugsprey runtime detection - initial connection (more info ...)trojan-activity    
16103BACKDOOR lost door 3.0 runtime detection - init (more info ...)trojan-activity    
16106BACKDOOR synrat 2.1 pro runtime detection - init (more info ...)trojan-activity    
16143WEB-CLIENT Microsoft asf file download (more info ...)misc-activity    
16205WEB-MISC bitmap file download request (more info ...)misc-activity    
16219WEB-CLIENT Adobe Director file format transfer (more info ...)misc-activity    
16254BACKDOOR rogue software system security 2009 installtime detection (more info ...)trojan-activity    URL
16270BACKDOOR srat 1.6 runtime detection (more info ...)trojan-activity    
16286WEB-MISC TrueType font file download request (more info ...)misc-activity    

 goto Top

Group: OS

# of attack rules in this group: 0

# of warning rules in this group: 0

 goto Top

Group: OS / Windows

# of attack rules in this group: 467

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
529NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (more info ...)protocol-command-decode        
530NETBIOS NT NULL session (more info ...)attempted-recon  2000-0347  1163    
532NETBIOS SMB ADMIN$ share access (more info ...)protocol-command-decode        
533NETBIOS SMB C$ share access (more info ...)protocol-command-decode        
534NETBIOS SMB CD.. (more info ...)attempted-recon        
535NETBIOS SMB CD... (more info ...)attempted-recon        
536NETBIOS SMB D$ share access (more info ...)protocol-command-decode        
1239NETBIOS RFParalyze Attempt (more info ...)attempted-recon  2000-0347  1163  10392  
1295NETBIOS nimda RICHED20.DLL (more info ...)bad-unknown        URL
2101NETBIOS SMB Trans Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
2103NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (more info ...)protocol-command-decode  2003-0201      
2126MISC Microsoft PPTP Start Control Request buffer overflow attempt (more info ...)attempted-admin  2002-1214  5807  11178  URL
2176NETBIOS SMB startup folder access (more info ...)attempted-recon        
2177NETBIOS SMB startup folder unicode access (more info ...)attempted-recon        
2190NETBIOS DCERPC invalid bind attempt (more info ...)attempted-dos        
2191NETBIOS SMB DCERPC invalid bind attempt (more info ...)attempted-dos        
2252NETBIOS SMB-DS DCERPC Remote Activation bind attempt (more info ...)attempted-admin  2003-0715  8458  11835  URL
2257NETBIOS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin  2003-0717  8826  11890  URL
2258NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin  2003-0717  8826  11890  URL
2349NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt (more info ...)protocol-command-decode        
2382NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
2383NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
2401NETBIOS SMB Session Setup andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
2402NETBIOS SMB-DS Session Setup andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
2403NETBIOS SMB Session Setup unicode username overflow attempt (more info ...)protocol-command-decode    9752    URL
2404NETBIOS SMB-DS Session Setup unicode andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
2467NETBIOS SMB D$ unicode share access (more info ...)protocol-command-decode        
2468NETBIOS SMB-DS D$ share access (more info ...)protocol-command-decode        
2470NETBIOS SMB C$ unicode share access (more info ...)protocol-command-decode        
2471NETBIOS SMB-DS C$ share access (more info ...)protocol-command-decode        
2473NETBIOS SMB ADMIN$ unicode share access (more info ...)protocol-command-decode        
2474NETBIOS SMB-DS ADMIN$ share access (more info ...)protocol-command-decode        
2475NETBIOS SMB-DS ADMIN$ unicode share access (more info ...)protocol-command-decode        
2508NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin  2003-0533  10108  12205  URL
2511NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin  2003-0533  10108  12205  URL
2563NETBIOS NS lookup response name overflow attempt (more info ...)attempted-admin  2004-0444  10333    URL
2564NETBIOS NS lookup short response attempt (more info ...)attempted-admin  2004-0444  10335    URL
2936NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (more info ...)attempted-admin  2004-0206  11372    URL
2942NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt (more info ...)protocol-command-decode        URL
2951NETBIOS SMB-DS too many stacked requests (more info ...)protocol-command-decode        
2972NETBIOS SMB D$ andx share access (more info ...)protocol-command-decode        
2973NETBIOS SMB D$ unicode andx share access (more info ...)protocol-command-decode        
2974NETBIOS SMB-DS D$ andx share access (more info ...)protocol-command-decode        
2975NETBIOS SMB-DS D$ unicode andx share access (more info ...)protocol-command-decode        
2976NETBIOS SMB C$ andx share access (more info ...)protocol-command-decode        
2977NETBIOS SMB C$ unicode andx share access (more info ...)protocol-command-decode        
2978NETBIOS SMB-DS C$ andx share access (more info ...)protocol-command-decode        
2979NETBIOS SMB-DS C$ unicode andx share access (more info ...)protocol-command-decode        
2980NETBIOS SMB ADMIN$ andx share access (more info ...)protocol-command-decode        
2981NETBIOS SMB ADMIN$ unicode andx share access (more info ...)protocol-command-decode        
2982NETBIOS SMB-DS ADMIN$ andx share access (more info ...)protocol-command-decode        
2983NETBIOS SMB-DS ADMIN$ unicode andx share access (more info ...)protocol-command-decode        
3001NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
3002NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
3004NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
3005NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (more info ...)protocol-command-decode  2003-0818  9635  12065  URL
3017EXPLOIT WINS overflow attempt (more info ...)misc-attack  2004-1080  11763    URL
3018NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3019NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3020NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3021NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3022NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3023NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3024NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3025NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (more info ...)protocol-command-decode  2004-1154      
3026NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3027NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3028NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3029NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3030NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3031NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3032NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3033NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3034NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3035NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3036NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3037NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3038NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3039NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3040NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3041NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
3042NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3043NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3044NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3045NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3046NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3047NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3048NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3049NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3050NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3051NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3052NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3053NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3054NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3055NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3056NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3057NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode        
3114NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (more info ...)attempted-admin  2005-0050  12481    URL
3143NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (more info ...)protocol-command-decode  2005-0045  12484    URL
3144NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (more info ...)protocol-command-decode  2005-0045  12484    URL
3146NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (more info ...)protocol-command-decode  2005-0045  12484    URL
3158NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (more info ...)protocol-command-decode  2003-0715      URL
3159NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (more info ...)protocol-command-decode  2003-0715      URL
3171NETBIOS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (more info ...)attempted-admin  2005-0059      URL
3195NETBIOS name query overflow attempt TCP (more info ...)attempted-admin  2003-0825  9624  15912  
3196NETBIOS name query overflow attempt UDP (more info ...)attempted-admin  2003-0825  9624  15912  
3199EXPLOIT WINS name query overflow attempt TCP (more info ...)attempted-admin  2003-0825  9624  15912  URL
3200EXPLOIT WINS name query overflow attempt UDP (more info ...)attempted-admin  2003-0825  9624  15912  URL
3234NETBIOS Messenger message little endian overflow attempt (more info ...)attempted-admin  2003-0717  8826    
3235NETBIOS Messenger message overflow attempt (more info ...)attempted-admin  2003-0717  8826    
3238NETBIOS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (more info ...)attempted-admin  2002-1561  6005    URL
3239NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (more info ...)attempted-admin  2002-1561  6005    URL
3397NETBIOS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (more info ...)protocol-command-decode  2003-0352  8205    URL
3398NETBIOS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (more info ...)protocol-command-decode  2003-0352  8205    URL
3409NETBIOS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (more info ...)attempted-admin  2003-0715  8205    URL
3590NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (more info ...)attempted-admin  2005-0059    18027  URL
3591NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (more info ...)attempted-admin  2005-0059    18027  URL
3639NETBIOS SMB Trans andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3640NETBIOS SMB Trans data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3641NETBIOS SMB Trans unicode data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3642NETBIOS SMB Trans unicode andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3643NETBIOS SMB-DS Trans andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3644NETBIOS SMB-DS Trans data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3645NETBIOS SMB-DS Trans unicode data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3646NETBIOS SMB-DS Trans unicode andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3647NETBIOS-DG SMB Trans andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3648NETBIOS-DG SMB Trans data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3649NETBIOS-DG SMB Trans unicode data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3650NETBIOS-DG SMB Trans unicode andx data displacement null pointer DOS attempt (more info ...)protocol-command-decode    13504    URL
3673MISC Microsoft SMS remote control client DoS overly long length attempt (more info ...)attempted-user  2004-0728  10726    
3697NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (more info ...)protocol-command-decode  2005-0771  14020    URL
3967NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (more info ...)protocol-command-decode  2005-1983  14513    URL
4072NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (more info ...)protocol-command-decode  2005-1983  14513    URL
4245NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt (more info ...)attempted-admin  2005-2119  15056    URL
4246NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt (more info ...)attempted-admin  2005-2119  15056    URL
4334NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (more info ...)protocol-command-decode  2005-2120  15065    URL
4358NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (more info ...)protocol-command-decode  2005-2120  15065    URL
4413NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (more info ...)attempted-admin  2005-1984  14514    URL
4608NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (more info ...)attempted-admin  2005-1985  15066    URL
4651NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4652NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4653NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4654NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4655NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4656NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4657NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4658NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4659NETBIOS-DG SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4660NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4661NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4662NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4663NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4664NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4665NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4666NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4667NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4668NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4669NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4670NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4671NETBIOS-DG SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4672NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4673NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4674NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (more info ...)protocol-command-decode  2004-1154      
4754NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (more info ...)attempted-admin  2003-0003  6666    URL
4755NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (more info ...)attempted-admin  2003-0003  6666    URL
4826NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (more info ...)protocol-command-decode  2005-3644  15460    URL
4918NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (more info ...)protocol-command-decode  2005-3644  15460    URL
5096NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (more info ...)protocol-command-decode  2003-0533  10108  12205  URL
5485NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (more info ...)attempted-admin  2005-0050  12481    URL
5677NETBIOS SMB Session Setup username overflow attempt (more info ...)protocol-command-decode    9752    URL
5678NETBIOS SMB-DS Session Setup username overflow attempt (more info ...)protocol-command-decode    9752    URL
5679NETBIOS SMB-DS Session Setup unicode username overflow attempt (more info ...)protocol-command-decode    9752    URL
5680NETBIOS-DG SMB Session Setup username overflow attempt (more info ...)protocol-command-decode    9752    URL
5681NETBIOS-DG SMB Session Setup unicode username overflow attempt (more info ...)protocol-command-decode    9752    URL
5682NETBIOS SMB Session Setup unicode andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
5683NETBIOS-DG SMB Session Setup andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
5684NETBIOS-DG SMB Session Setup unicode andx username overflow attempt (more info ...)protocol-command-decode    9752    URL
5717NETBIOS SMB-DS Trans Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5719NETBIOS-DG SMB Trans Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5720NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5721NETBIOS SMB Trans andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5722NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5723NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5724NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5725NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5726NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (more info ...)protocol-command-decode  2002-0724  5556  11110  URL
5727NETBIOS SMB Trans unicode Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5728NETBIOS-DG SMB Trans Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5729NETBIOS SMB Trans Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5730NETBIOS SMB-DS Trans Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5731NETBIOS SMB-DS Trans unicode Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5732NETBIOS-DG SMB Trans unicode Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5733NETBIOS SMB Trans unicode andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5734NETBIOS-DG SMB Trans andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5735NETBIOS SMB Trans andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5736NETBIOS SMB-DS Trans andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5737NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
5738NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (more info ...)protocol-command-decode  2005-1206  13942  18483  URL
6419NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (more info ...)attempted-admin  2006-1184  17905    URL
6420NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (more info ...)attempted-admin  2006-1184  17905    URL
6431NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (more info ...)attempted-admin  2006-1184  17905    URL
6432NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (more info ...)attempted-admin  2006-1184  17905    URL
6443NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (more info ...)attempted-admin  2006-0034  17906    URL
6444NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt (more info ...)attempted-admin  2006-0034  17906    URL
6455NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt (more info ...)attempted-admin  2006-0034  17906    URL
6456NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt (more info ...)attempted-admin  2006-0034  17906    URL
6584NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (more info ...)attempted-admin  2006-2370  18325    URL
6702NETBIOS SMB NT Trans Secondary Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6703NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6704NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6705NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6706NETBIOS-DG SMB NT Trans Secondary Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6707NETBIOS-DG SMB NT Trans Secondary unicode Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6708NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6709NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6710NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6711NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6712NETBIOS-DG SMB NT Trans Secondary andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6713NETBIOS-DG SMB NT Trans Secondary unicode andx Param Count overflow attempt (more info ...)protocol-command-decode  2003-0085  7106    
6714NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences phonebook mode overflow attempt (more info ...)attempted-admin  2006-2371  18358    URL
6810NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (more info ...)attempted-admin  2006-2371  18358    URL
6906NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences callback number overflow attempt (more info ...)attempted-admin  2006-2371  18358    URL
7035NETBIOS SMB Trans mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7036NETBIOS SMB Trans unicode mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7037NETBIOS-DG SMB Trans mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7038NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7039NETBIOS SMB Trans andx mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7040NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (more info ...)protocol-command-decode  2006-3942  18864    URL
7041NETBIOS-DG SMB Trans andx