ATTACK-RESPONSES Invalid URL {tcp}		url,www.microsoft.com/technet/security/bulletin/MS00-063.asp
ATTACK-RESPONSES index of /cgi-bin/ response {tcp}		nessus,10039
ATTACK-RESPONSES successful kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
ATTACK-RESPONSES successful kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
ATTACK-RESPONSES successful gobbles ssh exploit (GOBBLE) {tcp}		bugtraq,5093
ATTACK-RESPONSES successful gobbles ssh exploit (uname) {tcp}		bugtraq,5093
ATTACK-RESPONSES Microsoft cmd.exe banner {tcp}		nessus,11633
BACKDOOR subseven 22 {tcp}		url,www.hackfix.org/subseven/
BACKDOOR netbus active {tcp}		arachnids,401
BACKDOOR netbus getinfo {tcp}		arachnids,403
BACKDOOR netbus active {tcp}		arachnids,401
BACKDOOR DeepThroat 3.1 Server Response {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Response [3150] {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Response [4120] {udp}		arachnids,106
BACKDOOR Doly 2.0 access {tcp}		arachnids,312
BACKDOOR - Dagger_1.4.0_client_connect {tcp}		arachnids,483
BACKDOOR - Dagger_1.4.0 {tcp}		url,www.tlsecurity.net/backdoor/Dagger.1.4.html
BACKDOOR ACKcmdC trojan scan {tcp}		arachnids,445
BACKDOOR QAZ Worm Client Login access {tcp}		MCAFEE,98775
BACKDOOR Infector.1.x {tcp}		arachnids,315
BACKDOOR SatansBackdoor.2.0.Beta {tcp}		arachnids,316
BACKDOOR GirlFriendaccess {tcp}		arachnids,98
BACKDOOR NetSphere access {tcp}		arachnids,76
BACKDOOR GateCrasher {tcp}		arachnids,99
BACKDOOR NetSphere 1.31.337 access {tcp}		arachnids,76
BACKDOOR NetMetro File List {tcp}		arachnids,79
BACKDOOR Matrix 2.0 Client connect {udp}		arachnids,83
BACKDOOR Matrix 2.0 Server access {udp}		arachnids,83
BACKDOOR WinCrash 1.0 Server Active {tcp}		arachnids,36
BACKDOOR SIGNATURE - Q ICMP {icmp}		arachnids,202
BACKDOOR Q access {tcp}		arachnids,203
BACKDOOR CDK {tcp}		arachnids,263
BACKDOOR w00w00 attempt {tcp}		arachnids,510
BACKDOOR MISC Linux rootkit satori attempt {tcp}		arachnids,516
BACKDOOR hack-a-tack attempt {tcp}		arachnids,314
BACKDOOR fragroute trojan connection attempt {ip}		bugtraq,4898
BACKDOOR win-trin00 connection attempt {udp}		nessus,10307
BACKDOOR trinity connection attempt {tcp}		cve,CAN-2000-0138
BACKDOOR TCPDUMP/PCAP trojan traffic {tcp}		url,hlug.fscker.com
BACKDOOR Remote PC Access connection attempt {tcp}		nessus,11673
BACKDOOR FsSniffer connection attempt {tcp}		nessus,11854
BAD-TRAFFIC udp port 0 traffic {udp}		nessus,10074
BAD-TRAFFIC data in TCP SYN packet {tcp}		url,www.cert.org/incident_notes/IN-99-07.html
BAD-TRAFFIC loopback traffic {ip}		url,rr.sans.org/firewall/egress.php
BAD-TRAFFIC same SRC/DST {ip}		url,www.cert.org/advisories/CA-1997-28.html
BAD-TRAFFIC 0 ttl {ip}		url,support.microsoft.com/default.aspx?scid=kb\
BAD-TRAFFIC Unassigned/Reserved IP protocol {ip}		url,www.iana.org/assignments/protocol-numbers
BAD-TRAFFIC IP Proto 53 (SWIPE) {ip}		cve,CAN-2003-0567
BAD-TRAFFIC IP Proto 55 (IP Mobility) {ip}		cve,CAN-2003-0567
BAD-TRAFFIC IP Proto 77 (Sun ND) {ip}		cve,CAN-2003-0567
BAD-TRAFFIC IP Proto 103 (PIM) {ip}		cve,CAN-2003-0567
CHAT ICQ forced user addition {tcp}		cve,CAN-2001-1305
DDOS TFN Probe {icmp}		arachnids,443
DDOS tfn2k icmp possible communication {icmp}		arachnids,425
DDOS Trin00 Daemon to Master PONG message detected {udp}		arachnids,187
DDOS TFN client command BE {icmp}		arachnids,184
DDOS shaft client to handler {tcp}		arachnids,254
DDOS Trin00 Daemon to Master message detected {udp}		arachnids,186
DDOS Trin00 Daemon to Master *HELLO* message detected {udp}		url,www.sans.org/newlook/resources/IDFAQ/trinoo.htm
DDOS Trin00 Attacker to Master default startup password {tcp}		arachnids,197
DDOS Trin00 Master to Daemon default password attempt {udp}		arachnids,197
DDOS TFN server response {icmp}		arachnids,182
DDOS shaft handler to agent {udp}		arachnids,255
DDOS shaft agent to handler {udp}		arachnids,256
DDOS shaft synflood {tcp}		arachnids,253
DDOS mstream handler to agent {udp}		cve,CAN-2000-0138
DDOS mstream handler ping to agent {udp}		cve,CAN-2000-0138
DDOS mstream client to handler {tcp}		cve,CAN-2000-0138
DDOS mstream handler to client {tcp}		cve,CAN-2000-0138
DDOS mstream client to handler {tcp}		cve,CAN-2000-0138
DDOS mstream handler to client {tcp}		cve,CAN-2000-0138
DDOS - TFN client command LE {icmp}		arachnids,183
DDOS Stacheldraht server spoof {icmp}		arachnids,193
DDOS Stacheldraht gag server response {icmp}		arachnids,195
DDOS Stacheldraht server response {icmp}		arachnids,191
DDOS Stacheldraht client spoofworks {icmp}		arachnids,192
DDOS Stacheldraht client check gag {icmp}		arachnids,194
DDOS Stacheldraht client check skillz {icmp}		arachnids,190
DDOS Stacheldraht handler->agent (niggahbitch) {icmp}		url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
DDOS Stacheldraht agent->handler (skillz) {icmp}		url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
DDOS Stacheldraht handler->agent (ficken) {icmp}		url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
FINGER probe 0 attempt {tcp}		arachnids,378
MISC ramen worm incoming {tcp}		arachnids,460
WEB-CGI edit.pl access {tcp}		bugtraq,2713
EXPERIMENTAL WEB-IIS .htr request {tcp}		cve,CAN-2002-0071
WEB-MISC iPlanet ../../ DOS attempt {tcp}		cve,CAN-2001-0252
WEB-IIS header field buffer overflow attempt {tcp}		bugtraq,4476
X11 outbound client connection detected {tcp}		arachnids,126
FINGER cybercop redirection {tcp}		arachnids,11
WEB-FRONTPAGE rad overflow attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS01-035.asp
WEB-FRONTPAGE rad overflow attempt {tcp}		bugtraq,2906
IMAP EXPLOIT partial body overflow attempt {tcp}		bugtraq,4713
NNTP Cassandra Overflow {tcp}		arachnids,274
WEB-CGI w3-msql solaris x86  access {tcp}		arachnids,211
EXPLOIT bootp x86 bsd overfow {udp}		cve,CVE-1999-0914
EXPLOIT bootp x86 linux overflow {udp}		cve,CAN-1999-0389
BACKDOOR netbus active {tcp}		arachnids,401
BACKDOOR netbus getinfo {tcp}		arachnids,403
BACKDOOR BackOrifice access {tcp}		arachnids,400
BACKDOOR BackOrifice access {udp}		arachnids,399
BACKDOOR DeepThroat 3.1 Server Active on Network {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Keylogger on Server ON {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Show Picture Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Resolution Change Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Keylogger on Server OFF {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 FTP Server Port Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Process List Client request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Close Port Scan Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Registry Add Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 System Info Client Request {udp}		arachnids,106
 {}		  alert udp $EXTERNAL_NET 60000 -> $HOME_NET 2140 (msg:"BACKDOOR DeepThroat 3.1 FTP Status Client Request"
BACKDOOR DeepThroat 3.1 E-Mail Info From Server {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 E-Mail Info Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Status From Server {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Status Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Drive Info From Server {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 System Info From Server {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Drive Info Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Cached Passwords Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 RAS Passwords Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Password Change Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Password Remove Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Rehash Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Rehash Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Server Active on Network {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Wrong Password {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Visible Window List Client Request {udp}		arachnids,106
BACKDOOR DeepThroat access {udp}		arachnids,405
BACKDOOR DeepThroat 3.1 Monitor on/off Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Delete File Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Kill Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Disable Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Enable Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Change Window Title Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Show Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Send Text to Window Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Create Directory Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 All Window List Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Play Sound Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Run Program Normal Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Get NET File Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Find File Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 Find File Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 HUP Modem Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 CD ROM Open Client Request {udp}		arachnids,106
BACKDOOR DeepThroat 3.1 CD ROM Close Client Request {udp}		arachnids,106
DNS named iquery attempt {udp}		url,www.rfc-editor.org/rfc/rfc1035.txt
BACKDOOR DeepThroat 3.1 Keylogger Active on Network {udp}		arachnids,106
FTP EXPLOIT format string {tcp}		arachnids,453
FTP EXPLOIT OpenBSD x86 ftpd {tcp}		arachnids,446
FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8 {tcp}		arachnids,451
FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD {tcp}		cve,CAN-2000-0573
FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux {tcp}		arachnids,287
FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic {tcp}		nessus,10452
FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check {tcp}		cve,CAN-2000-0573
FTP EXPLOIT wu-ftpd 2.6.0 {tcp}		bugtraq,1387
FTP EXPLOIT MKD overflow {tcp}		cve,CVE-1999-0368
FTP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0368
FTP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0368
FTP EXPLOIT x86 linux overflow {tcp}		cve, CVE-1999-0368
ICMP Traceroute ipopts {icmp}		arachnids,238
RPC EXPLOIT ttdbserv solaris overflow {tcp}		arachnids,242
RPC EXPLOIT ttdbserv Solaris overflow {tcp}		arachnids,242
RPC portmap request yppasswdd {udp}		bugtraq,2763
RPC portmap request yppasswdd {tcp}		bugtraq,2763
RPC portmap listing {tcp}		arachnids,429
RPC portmap listing {tcp}		arachnids,429
RPC AMD Overflow {tcp}		arachnids,217
RPC EXPLOIT statdx {tcp}		arachnids,442
RPC EXPLOIT statdx {udp}		arachnids,442
WEB-CGI webstore directory traversal {tcp}		cve,CVE-2000-1005
IMAP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0005
IMAP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0005
IMAP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0005
IMAP EXPLOIT x86 linux overflow {tcp}		cve,CVE-1999-0005
IMAP EXPLOIT x86 linux overflow {tcp}		cve, CVE-1999-0005
RPC rstatd query {udp}		arachnids,9
RPC rstatd query {tcp}		arachnids,9
NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt {tcp}		url,www.corest.com/common/showdoc.php?idx=262
SMTP EXPLOIT x86 windows CSMMail overflow {tcp}		cve,CVE-2000-0042
DOS Land attack {tcp}		cve,CVE-1999-0016
WEB-MISC Cisco Web DOS attempt {tcp}		arachnids,275
SMTP sendmail 8.4.1 exploit {tcp}		arachnids,120
RPC portmap tooltalk request TCP {tcp}		url,www.cert.org/advisories/CA-2001-05.html
RPC portmap tooltalk request UDP {udp}		url,www.cert.org/advisories/CA-2001-05.html
Virus - Possible QAZ Worm {tcp}		MCAFEE,98775
Virus - Possible QAZ Worm Calling Home {tcp}		MCAFEE,98775
Virus - Possible Pikachu Pokemon Virus {tcp}		MCAFEE,98696
Virus - Possible Triplesix Worm {tcp}		MCAFEE,10389
Virus - Possible Tune.vbs {tcp}		MCAFEE,10497
Virus - Possible NAIL Worm {tcp}		MCAFEE,10109
Virus - Possible NAIL Worm {tcp}		MCAFEE,10109
Virus - Possible NAIL Worm {tcp}		MCAFEE,10109
Virus - Possible NAIL Worm {tcp}		MCAFEE,10109
Virus - Possible Papa Worm {tcp}		MCAFEE,10145
Virus - Possible Freelink Worm {tcp}		MCAFEE,10225
Virus - Possible BADASS Worm {tcp}		MCAFEE,10388
Virus - Possible ExploreZip.B Worm {tcp}		MCAFEE,10471
Virus - Possible wscript.KakWorm {tcp}		MCAFEE,10509
Virus Possible Suppl Worm {tcp}		MCAFEE,10361
Virus - Possible NewApt.Worm - theobbq.exe {tcp}		MCAFEE,10540
Virus - Possible Word Macro - VALE {tcp}		MCAFEE,10502
Virus - Possible IROK Worm {tcp}		MCAFEE,98552
Virus - Possible Fix2001 Worm {tcp}		MCAFEE,10355
Virus - Possible Y2K Zelu Trojan {tcp}		MCAFEE,10505
Virus - Possible The_Fly Trojan {tcp}		MCAFEE,10478
Virus - Possible Word Macro - VALE {tcp}		MCAFEE,10502
Virus - Possible Passion Worm {tcp}		MCAFEE,10467
Virus - Possible NewApt.Worm - cooler3.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - party.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - hog.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - goal1.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - pirate.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - video.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - baby.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - cooler1.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - boss.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - g-zilla.exe {tcp}		MCAFEE,10540
Virus - Possible ToadieE-mail Trojan {tcp}		MCAFEE,10540
Virus - Possible PrettyPark Trojan {tcp}		MCAFEE,10175
Virus - Possible Happy99 Virus {tcp}		MCAFEE,10144
Virus - Possible Bubbleboy Worm {tcp}		MCAFEE,10418
Virus - Possible NewApt.Worm - copier.exe {tcp}		MCAFEE,10540
Virus - Possible MyPics Worm {tcp}		MCAFEE,10467
Virus - Possible Babylonia - X-MAS.exe {tcp}		MCAFEE,10461
Virus - Possible NewApt.Worm - gadget.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - irnglant.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - casper.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - fborfw.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - saddam.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - bboy.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - monica.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - goal.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - panther.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - chestburst.exe {tcp}		MCAFEE,10540
Virus - Possible NewApt.Worm - cupid2.exe {tcp}		MCAFEE,10540
Virus - Possible Resume Worm {tcp}		MCAFEE,98661
Virus - Possible Resume Worm {tcp}		MCAFEE,98661
Virus - Possible Timofonica Worm {tcp}		MCAFEE,98674
Virus - Possible Resume Worm {tcp}		MCAFEE,98661
Virus - Possible NewApt.Worm - farter.exe {tcp}		MCAFEE,1054
DNS zone transfer TCP {tcp}		arachnids,212
DNS zone transfer UDP {udp}		arachnids,212
DNS named authors attempt {tcp}		arachnids,480
DNS named authors attempt {udp}		arachnids,480
DNS named version attempt {tcp}		arachnids,278
DNS named version attempt {udp}		arachnids,278
DNS EXPLOIT named 8.2->8.2.1 {tcp}		bugtraq,788
DNS EXPLOIT named tsig overflow attempt {tcp}		arachnids,482
DNS EXPLOIT named tsig overflow attempt {udp}		bugtraq,2303
DNS EXPLOIT named overflow (ADM) {tcp}		bugtraq,788
DNS EXPLOIT named overflow (ADMROCKS) {tcp}		bugtraq,788
DNS EXPLOIT named overflow attempt {tcp}		url,www.cert.org/advisories/CA-1998-05.html
DOS Jolt attack {ip}		cve,CAN-1999-0345
DOS Teardrop attack {udp}		bugtraq,124
DOS UDP echo+chargen bomb {udp}		cve,CVE-1999-0103
DOS IGMP dos attack {ip}		cve,CVE-1999-0918
DOS IGMP dos attack {ip}		cve,CVE-1999-0918
DOS ath {icmp}		arachnids,264
DOS NAPTHA {tcp}		bugtraq,2022
DOS Real Audio Server {tcp}		arachnids,411
DOS Real Server template.html {tcp}		bugtraq,1288
DOS Real Server template.html {tcp}		bugtraq,1288
DOS Bay/Nortel Nautica Marlin {udp}		cve,CVE-2000-0221
DOS Ascend Route {udp}		arachnids,262
DOS arkiea backup {tcp}		arachnids,261
 {}		alert tcp $EXTERNAL_NET any -> $HOME_NET 135:139 (msg: "DOS Winnuke attack"
DOS MSDTC attempt {tcp}		bugtraq,4006
DOS iParty DOS attempt {tcp}		cve,CAN-1999-1566
EXPLOIT ssh CRC32 overflow /bin/sh {tcp}		cve,CVE-2001-0144
EXPLOIT ssh CRC32 overflow NOOP {tcp}		cve,CVE-2001-0144
EXPLOIT ssh CRC32 overflow {tcp}		cve,CVE-2001-0144
EXPLOIT Netscape 4.7 client overflow {tcp}		arachnids,215
EXPLOIT nlps x86 Solaris overflow {tcp}		bugtraq,2319
EXPLOIT LPRng overflow {tcp}		bugtraq,1712
EXPLOIT SCO calserver overflow {tcp}		bugtraq,2353
EXPLOIT delegate proxy overflow {tcp}		cve,CVE-2000-0165
EXPLOIT VQServer admin {tcp}		cve,CAN-2000-0766
EXPLOIT NextFTP client overflow {tcp}		cve,CVE-1999-0671
EXPLOIT sniffit overflow {tcp}		arachnids,273
EXPLOIT x86 windows MailMax overflow {tcp}		cve,CVE-1999-0404
EXPLOIT Netscape 4.7 unsucessful overflow {tcp}		arachnids,214
EXPLOIT ntpdx overflow attempt {udp}		bugtraq,2540
EXPLOIT ntalkd x86 Linux overflow {udp}		bugtraq,210
EXPLOIT x86 Linux mountd overflow {udp}		bugtraq,121
EXPLOIT x86 Linux mountd overflow {udp}		bugtraq,121
EXPLOIT x86 Linux mountd overflow {udp}		bugtraq,121
EXPLOIT MDBMS overflow {tcp}		cve,CVE-2000-0446
EXPLOIT AIX pdnsd overflow {tcp}		bugtraq,3237
EXPLOIT rwhoisd format string attempt {tcp}		bugtraq,3474
EXPLOIT CDE dtspcd exploit attempt {tcp}		url,www.cert.org/advisories/CA-2002-01.html
EXPLOIT cachefsd buffer overflow attempt {tcp}		bugtraq,4631
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT kadmind buffer overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/875073
EXPLOIT gobbles SSH exploit attempt {tcp}		bugtraq,5093
EXPLOIT LPD dvips remote command execution attempt {tcp}		nessus,11023
EXPLOIT SSH server banner overflow {tcp}		bugtraq,5287
EXPLOIT CHAT IRC topic overflow {tcp}		bugtraq,573
EXPLOIT CHAT IRC Ettercap parse overflow attempt {tcp}		url,www.bugtraq.org/dev/GOBBLES-12.txt
EXPLOIT x86 Linux samba overflow {tcp}		cve,CVE-1999-0182
FINGER cmd_rootsh backdoor attempt {tcp}		url,www.sans.org/y2k/fingerd.htm
FINGER account enumeration attempt {tcp}		nessus,10788
FINGER search query {tcp}		arachnids,375
FINGER root query {tcp}		arachnids,376
FINGER null request {tcp}		arachnids,377
FINGER remote command execution attempt {tcp}		arachnids,379
FINGER remote command pipe execution attempt {tcp}		arachnids,380
FINGER bomb attempt {tcp}		cve,CAN-1999-0106
FINGER redirection attempt {tcp}		cve,CAN-1999-0105
FINGER cybercop query {tcp}		cve,CVE-1999-0612
FINGER 0 query {tcp}		cve,CAN-1999-0197
FINGER . query {tcp}		cve,CAN-1999-0198
FTP CEL overflow attempt {tcp}		arachnids,257
FTP CWD overflow attempt {tcp}		cve,CAN-2002-0126
FTP STAT overflow attempt {tcp}		url,labs.defcom.com/adv/2001/def-2001-31.txt
FTP SITE CHOWN overflow attempt {tcp}		cve,CAN-2001-0065
FTP SITE NEWER overflow attempt {tcp}		cve,CVE-1999-0800
FTP SITE CPWD overflow attempt {tcp}		cve,CAN-2002-0826
FTP SITE overflow attempt {tcp}		cve,CVE-1999-0838
FTP USER overflow attempt {tcp}		cve,CVE-2000-0943
FTP PASS overflow attempt {tcp}		cve,CAN-2002-0126
FTP MKD overflow attempt {tcp}		bugtraq,612
FTP REST overflow attempt {tcp}		cve,CAN-2001-0826
FTP DELE overflow attempt {tcp}		cve,CAN-2001-0826
FTP RMD overflow attempt {tcp}		cve,CAN-2001-0826
FTP CWD Root directory transversal attempt {tcp}		bugtraq,7674
FTP SITE ZIPCHK overflow attempt {tcp}		cve,CVE-2000-0040
FTP SITE NEWER attempt {tcp}		nessus,10319
FTP SITE EXEC attempt {tcp}		arachnids,317
FTP EXPLOIT STAT * dos attempt {tcp}		bugtraq,4482
FTP EXPLOIT STAT ? dos attempt {tcp}		bugtraq,4482
FTP tar parameters {tcp}		cve,CVE-1999-0202
FTP CWD ~root attempt {tcp}		arachnids,318
FTP CWD ~ attempt {tcp}		bugtraq,2601
FTP serv-u directory transversal {tcp}		cve,CVE-2001-0054
FTP wu-ftp bad file completion attempt [ {tcp}		bugtraq,3581
FTP wu-ftp bad file completion attempt { {tcp}		bugtraq,3581
FTP command overflow attempt {tcp}		bugtraq,4638
FTP LIST directory traversal attempt {tcp}		nessus,11112
FTP .forward {tcp}		arachnids,319
FTP .rhosts {tcp}		arachnids,328
FTP passwd retrieval attempt {tcp}		arachnids,213
FTP ADMw0rm ftp login attempt {tcp}		arachnids,01
FTP adm scan {tcp}		arachnids,332
FTP iss scan {tcp}		arachnids,331
FTP pass wh00t {tcp}		arachnids,324
FTP saint scan {tcp}		arachnids,330
FTP satan scan {tcp}		arachnids,329
FTP USER format string attempt {tcp}		bugtraq,7474
FTP PASS format string attempt {tcp}		bugtraq,7474
FTP LIST integer overflow attempt {tcp}		bugtraq,8875
ICMP IRDP router advertisement {icmp}		arachnids,173
ICMP IRDP router selection {icmp}		arachnids,174
ICMP PING BSDtype {icmp}		arachnids,152
ICMP PING BayRS Router {icmp}		arachnids,444
ICMP PING BeOS4.x {icmp}		arachnids,151
ICMP PING Cisco Type.x {icmp}		arachnids,153
ICMP PING Delphi-Piette Windows {icmp}		arachnids,155
ICMP PING Flowpoint2200 or Network Management Software {icmp}		arachnids,156
ICMP PING IP NetMonitor Macintosh {icmp}		arachnids,157
ICMP PING LINUX/*BSD {icmp}		arachnids,447
ICMP PING Microsoft Windows {icmp}		arachnids,159
ICMP PING Network Toolbox 3 Windows {icmp}		arachnids,161
ICMP PING Ping-O-MeterWindows {icmp}		arachnids,164
ICMP PING Pinger Windows {icmp}		arachnids,163
ICMP PING Seer Windows {icmp}		arachnids,166
ICMP PING Sun Solaris {icmp}		arachnids,448
ICMP PING Windows {icmp}		arachnids,169
ICMP traceroute {icmp}		arachnids,118
ICMP Router Advertisement {icmp}		arachnids,173
ICMP Router Selection {icmp}		arachnids,174
ICMP ISS Pinger {icmp}		arachnids,158
ICMP L3retriever Ping {icmp}		arachnids,311
ICMP Nemesis v1.1 Echo {icmp}		arachnids,449
ICMP PING NMAP {icmp}		arachnids,162
ICMP icmpenum v1.1.1 {icmp}		arachnids,450
ICMP redirect host {icmp}		cve,CVE-1999-0265
ICMP redirect net {icmp}		cve,CVE-1999-0265
ICMP traceroute ipopts {icmp}		arachnids,238
ICMP webtrends scanner {icmp}		arachnids,307
ICMP TJPingPro1.1Build 2 Windows {icmp}		arachnids,167
ICMP PING WhatsupGold Windows {icmp}		arachnids,168
ICMP PING CyberKit 2.2 Windows {icmp}		arachnids,154
ICMP Large ICMP Packet {icmp}		arachnids,246
IMAP login literal buffer overflow attempt {tcp}		bugtraq,6298
IMAP login buffer overflow attempt {tcp}		cve,CVE-1999-0005
IMAP authenticate literal overflow attempt {tcp}		cve,CVE-1999-0042
IMAP authenticate overflow attempt {tcp}		cve,CVE-1999-0042
IMAP auth overflow attempt {tcp}		cve,CVE-1999-0005
IMAP lsub literal overflow attempt {tcp}		cve,CAN-2000-0284
IMAP lsub overflow attempt {tcp}		cve,CAN-2000-0284
IMAP list literal overflow attempt {tcp}		cve,CAN-2000-0284
IMAP list overflow attempt {tcp}		cve,CAN-2000-0284
IMAP rename literal overflow attempt {tcp}		cve,CAN-2000-0284
IMAP rename overflow attempt {tcp}		cve,CAN-2000-0284
IMAP find overflow attempt {tcp}		cve,CAN-2000-0284
IMAP partial body buffer overflow attempt {tcp}		cve,CAN-2002-0379
IMAP partial body.peek buffer overflow attempt {tcp}		cve,CAN-2002-0379
IMAP create buffer overflow attempt {tcp}		bugtraq,7446
IMAP create literal buffer overflow attempt {tcp}		bugtraq,7446
INFO FTP no password {tcp}		arachnids,322
MISC source route lssr {ip}		arachnids,418
MISC source route lssre {ip}		arachnids,420
MISC source route ssrr {ip}		arachnids,422
MISC Source Port 20 to <1024 {tcp}		arachnids,06
MISC source port 53 to <1024 {tcp}		arachnids,07
MISC Insecure TIMBUKTU Password {tcp}		arachnids,229
MISC gopher proxy {tcp}		arachnids,409
MISC PCAnywhere Failed Login {tcp}		arachnids,240
MISC Cisco Catalyst Remote Access {tcp}		cve,CVE-1999-0430
MISC ramen worm {tcp}		arachnids,461
MISC xdmcp query {udp}		arachnids,476
MISC xdmcp info query {udp}		nessus,10891
MISC UPnP malformed advertisement {udp}		cve,CAN-2001-0877
MISC UPnP Location overflow {udp}		cve,CAN-2001-0876
MISC AIM AddGame attempt {tcp}		cve,CAN-2002-0005
MISC AIM AddExternalApp attempt {tcp}		url,www.w00w00.org/files/w00aimexp/
MISC AFS access {udp}		nessus,10441
MISC Xtramail Username overflow attempt {tcp}		bugtraq,791
MISC OpenSSL Worm traffic {tcp}		url,www.cert.org/advisories/CA-2002-27.html
MISC slapper worm admin traffic {udp}		url,isc.incidents.org/analysis.html?id=167
MISC MS Terminal server request (RDP) {tcp}		cve,CAN-2001-0540
MISC MS Terminal server request {tcp}		cve,CAN-2001-0540
MISC Alcatel PABX 4400 connection attempt {tcp}		nessus,11019
MISC bootp hardware address length overflow {udp}		cve,CAN-1999-0798
MISC bootp invalid hardware type {udp}		cve,CAN-1999-0798
MISC bootp hostname format string attempt {udp}		bugtraq,4701
MISC GlobalSunTech Access Point Information Disclosure attempt {udp}		bugtraq,6100
MISC xfs overflow attempt {tcp}		nessus,11188
MISC CVS double free exploit attempt response {tcp}		bugtraq,6650
MISC CVS invalid directory response {tcp}		bugtraq,6650
MISC Microsoft PPTP Start Control Request buffer overflow attempt {tcp}		cve,CAN-2002-1214
MISC BGP invalid length {tcp}		url,sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575
NETBIOS nimda .eml {tcp}		url,www.f-secure.com/v-descs/nimda.shtml
NETBIOS nimda .nws {tcp}		url,www.f-secure.com/v-descs/nimda.shtml
NETBIOS nimda RICHED20.DLL {tcp}		url,www.f-secure.com/v-descs/nimda.shtml
NETBIOS DOS RFPoison {tcp}		arachnids,454
NETBIOS NT NULL session {tcp}		arachnids,204
NETBIOS SMB ADMIN$access {tcp}		arachnids,340
NETBIOS SMB C$ access {tcp}		arachnids,339
NETBIOS SMB CD.. {tcp}		arachnids,338
NETBIOS SMB CD... {tcp}		arachnids,337
NETBIOS SMB D$access {tcp}		arachnids,336
NETBIOS SMB IPC$ share access (unicode) {tcp}		arachnids,334
NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt {tcp}		url,www.corest.com/common/showdoc.php?idx=262
NETBIOS SMB trans2open buffer overflow attempt {tcp}		url,www.digitaldefense.net/labs/advisories/DDI-1013.txt
NETBIOS DCERPC ISystemActivator bind attempt {tcp}		cve,CAN-2003-0352
NETBIOS SMB DCERPC ISystemActivator bind attempt {tcp}		cve,CAN-2003-0352
NETBIOS DCERPC Remote Activation bind attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-039.asp
NETBIOS SMB DCERPC Remote Activation bind attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-039.asp
NETBIOS DCERPC Messenger Service buffer overflow attempt {udp}		cve,CAN-2003-0717
NETBIOS SMB DCERPC Messenger Service buffer overflow attempt {tcp}		cve,CAN-2003-0717
NETBIOS SMB DCERPC Workstation Service unicode bind attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NETBIOS SMB DCERPC Workstation Service bind attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NETBIOS SMB DCERPC Workstation Service unicode bind attempt microsoft-ds {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NETBIOS SMB DCERPC Workstation Service bind attempt microsoft-ds {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NETBIOS DCERPC Workstation Service direct service bind attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NETBIOS DCERPC Workstation Service direct service access attempt {udp}		url,www.microsoft.com/technet/security/bulletin/MS03-049.asp
NNTP return code buffer overflow attempt {tcp}		cve,CAN-2002-0909
NNTP AUTHINFO USER overflow attempt {tcp}		arachnids,274
P2P Fastrack  (kazaa/morpheus) GET request {tcp}		url,www.kazaa.com
P2P Fastrack (kazaa/morpheus) traffic {tcp}		url,www.kazaa.com
POLICY WinGate telnet server response {tcp}		cve,CAN-1999-0657
POLICY PCAnywhere server response {udp}		arachnids,239
POLICY SMTP relaying denied {tcp}		arachnids,249
POLICY HP JetDirect LCD modification attempt {tcp}		arachnids,302
POLICY HP JetDirect LCD modification attempt {tcp}		arachnids,302
POLICY poll.gotomypc.com access {ip}		url,www.gotomypc.com/help2.tmpl
POLICY vncviewer Java applet download attempt {tcp}		nessus,10758
POP2 FOLD overflow attempt {tcp}		cve,CVE-1999-0920
POP3 DELE negative arguement attempt {tcp}		bugtraq,6053
POP3 UIDL negative arguement attempt {tcp}		bugtraq,6053
POP3 USER overflow attempt {tcp}		nessus,10311
POP3 LIST overflow attempt {tcp}		cve,CAN-2000-0096
POP3 PASS overflow attempt {tcp}		nessus,10325
POP3 APOP overflow attempt {tcp}		nessus,10559
POP3 EXPLOIT x86 BSD overflow {tcp}		bugtraq,133
POP3 EXPLOIT qpopper overflow {tcp}		cve,CAN-1999-0822
POP3 USER format string attempt {tcp}		nessus,11742
RPC portmap proxy integer overflow attempt TCP {tcp}		bugtraq,7123
RPC portmap proxy integer overflow attempt UDP {udp}		bugtraq,7123
RPC portmap listing UDP 111 {udp}		arachnids,428
RPC portmap listing TCP 111 {tcp}		arachnids,428
RPC portmap UNSET attempt TCP 111 {tcp}		bugtraq,1892
RPC portmap UNSET attempt UDP 111 {udp}		bugtraq,1892
RPC portmap listing TCP 32771 {tcp}		arachnids,429
RPC portmap listing UDP 32771 {udp}		arachnids,429
RPC portmap cachefsd request UDP {udp}		bugtraq,4674
RPC portmap cachefsd request TCP {tcp}		bugtraq,4674
RPC portmap admind request UDP {udp}		arachnids,18
RPC portmap admind request TCP {tcp}		arachnids,18
RPC portmap amountd request UDP {udp}		arachnids,19
RPC portmap amountd request TCP {tcp}		arachnids,19
RPC portmap bootparam request UDP {udp}		arachnids,16
RPC portmap bootparam request TCP {tcp}		arachnids,16
RPC portmap nisd request UDP {udp}		arachnids,21
RPC portmap nisd request TCP {tcp}		arachnids,21
RPC portmap pcnfsd request UDP {udp}		arachnids,22
RPC portmap pcnfsd request TCP {tcp}		arachnids,22
RPC portmap rexd request UDP {udp}		arachnids,23
RPC portmap rexd request TCP {tcp}		arachnids,23
RPC portmap rusers request UDP {udp}		arachnids,133
RPC portmap rusers request TCP {tcp}		arachnids,133
RPC rusers query UDP {udp}		cve,CVE-1999-0626
RPC portmap selection_svc request UDP {udp}		arachnids,25
RPC portmap selection_svc request TCP {tcp}		arachnids,25
RPC portmap status request UDP {udp}		arachnids,15
RPC portmap status request TCP {tcp}		arachnids,15
RPC portmap snmpXdmi request TCP {tcp}		bugtraq,2417
RPC portmap snmpXdmi request UDP {udp}		bugtraq,2417
RPC snmpXdmi overflow attempt TCP {tcp}		url,www.cert.org/advisories/CA-2001-05.html
RPC snmpXdmi overflow attempt UDP {udp}		url,www.cert.org/advisories/CA-2001-05.html
RPC portmap espd request UDP {udp}		cve,CAN-2001-0331
RPC portmap espd request TCP {tcp}		cve,CAN-2001-0331
RPC status GHBN format string attack {udp}		cve,CVE-2000-0666
RPC status GHBN format string attack {tcp}		 cve,CVE-2000-0666
RPC portmap mountd request UDP {udp}		arachnids,13
RPC portmap mountd request TCP {tcp}		arachnids,13
RPC mountd TCP export request {tcp}		arachnids,26
RPC mountd UDP export request {udp}		arachnids,26
RPC mountd TCP exportall request {tcp}		arachnids,26
RPC mountd UDP exportall request {udp}		arachnids,26
RPC AMD UDP amqproc_mount plog overflow attempt {udp}		bugtraq,614
RPC AMD TCP amqproc_mount plog overflow attempt {tcp}		bugtraq,614
RPC portmap cmsd request UDP {udp}		arachnids,17
RPC portmap cmsd request TCP {tcp}		arachnids,17
RPC CMSD UDP CMSD_CREATE buffer overflow attempt {udp}		bugtraq,524
RPC CMSD TCP CMSD_CREATE buffer overflow attempt {tcp}		bugtraq,524
RPC CMSD UDP CMSD_CREATE array buffer overflow attempt {udp}		bugtraq,5356
RPC CMSD TCP CMSD_CREATE array buffer overflow attempt {tcp}		bugtraq,5356
RPC CMSD TCP CMSD_INSERT buffer overflow attempt {tcp}		url,www.cert.org/advisories/CA-99-08-cmsd.html
RPC CMSD udp CMSD_INSERT buffer overflow attempt {udp}		url,www.cert.org/advisories/CA-99-08-cmsd.html
RPC portmap sadmind request TCP {tcp}		arachnids,20
RPC portmap sadmind request UDP {udp}		arachnids,20
RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt {udp}		bugtraq,866
RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt {tcp}		bugtraq,866
RPC sadmind UDP PING {udp}		bugtraq,866
RPC sadmind TCP PING {tcp}		bugtraq,866
RPC portmap rstatd request UDP {udp}		arachnids,10
RPC portmap rstatd request TCP {tcp}		arachnids,10
RPC STATD UDP stat mon_name format string exploit attempt {udp}		bugtraq,1480
RPC STATD TCP stat mon_name format string exploit attempt {tcp}		bugtraq,1480
RPC STATD UDP monitor mon_name format string exploit attempt {udp}		bugtraq,1480
RPC STATD TCP monitor mon_name format string exploit attempt {tcp}		bugtraq,1480
RPC portmap ypupdated request UDP {udp}		arachnids,125
RPC portmap ypupdated request TCP {tcp}		arachnids,125
RPC RQUOTA getquota overflow attempt UDP {udp}		bugtraq,864
RPC RQUOTA getquota overflow attempt TCP {tcp}		bugtraq,864
RPC portmap ttdbserv request UDP {udp}		url,www.cert.org/advisories/CA-2001-05.html
RPC portmap ttdbserv request TCP {tcp}		url,www.cert.org/advisories/CA-2001-05.html
RPC tooltalk UDP overflow attempt {udp}		bugtraq,122
RPC tooltalk TCP overflow attempt {tcp}		bugtraq,122
RPC portmap yppasswd request UDP {udp}		arachnids,14
RPC portmap yppasswd request TCP {tcp}		arachnids,14
RPC yppasswd username overflow attempt UDP {udp}		bugtraq,2763
RPC yppasswd username overflow attempt TCP {tcp}		bugtraq,2763
RPC portmap ypserv request UDP {udp}		arachnids,12
RPC portmap ypserv request TCP {tcp}		arachnids,12
RPC ypserv maplist request UDP {udp}		cve,CAN-2002-1232
RPC ypserv maplist request TCP {tcp}		Cve,CAN-2002-1232
RPC portmap nlockmgr request UDP {udp}		bugtraq,1372
RPC portmap nlockmgr request TCP {tcp}		bugtraq,1372
RPC portmap rpc.xfsmd request UDP {udp}		bugtraq,5075
RPC portmap rpc.xfsmd request TCP {tcp}		bugtraq,5075
RPC rpc.xfsmd xfs_export attempt UDP {udp}		bugtraq,5075
RPC rpc.xfsmd xfs_export attempt TCP {tcp}		bugtraq,5075
RPC portmap kcms_server request UDP {udp}		url,www.kb.cert.org/vuls/id/850785
RPC portmap kcms_server request TCP {tcp}		url,www.kb.cert.org/vuls/id/850785
RPC kcms_server directory traversal attempt {tcp}		url,www.kb.cert.org/vuls/id/850785
RSERVICES rlogin bin {tcp}		arachnids,384
RSERVICES rlogin echo++ {tcp}		arachnids,385
RSERVICES rsh froot {tcp}		arachnids,387
RSERVICES rlogin login failure {tcp}		arachnids,392
RSERVICES rlogin login failure {tcp}		arachnids,393
RSERVICES rlogin root {tcp}		arachnids,389
RSERVICES rsh bin {tcp}		arachnids,390
RSERVICES rsh echo + + {tcp}		arachnids,388
RSERVICES rsh froot {tcp}		arachnids,387
RSERVICES rsh root {tcp}		arachnids,391
SCAN myscan {tcp}		arachnids,439
SCAN ident version request {tcp}		arachnids,303
SCAN cybercop os probe {tcp}		arachnids,146
SCAN SOCKS Proxy attempt {tcp}		url,help.undernet.org/proxyscan/
SCAN FIN {tcp}		arachnids,27
SCAN ipEye SYN scan {tcp}		arachnids,236
SCAN NULL {tcp}		arachnids,4
SCAN SYN FIN {tcp}		arachnids,198
SCAN XMAS {tcp}		arachnids,144
SCAN nmap XMAS {tcp}		arachnids,30
SCAN nmap TCP {tcp}		arachnids,28
SCAN nmap fingerprint attempt {tcp}		arachnids,05
SCAN synscan portscan {tcp}		arachnids,441
SCAN cybercop os PA12 attempt {tcp}		arachnids,149
SCAN cybercop os SFU12 probe {tcp}		arachnids,150
SCAN XTACACS logout {udp}		arachnids,408
SCAN cybercop udp bomb {udp}		arachnids,363
SCAN Webtrends Scanner UDP Probe {udp}		arachnids,308
SCAN cybercop os probe {tcp}		arachnids,145
SHELLCODE sparc setuid 0 {ip}		arachnids,282
SHELLCODE x86 setgid 0 {ip}		arachnids,284
SHELLCODE x86 setuid 0 {ip}		arachnids,436
SHELLCODE SGI NOOP {ip}		arachnids,356
SHELLCODE SGI NOOP {ip}		arachnids,357
SHELLCODE Digital UNIX NOOP {ip}		arachnids,352
SHELLCODE HP-UX NOOP {ip}		arachnids,358
SHELLCODE HP-UX NOOP {ip}		arachnids,359
SHELLCODE sparc NOOP {ip}		arachnids,345
SHELLCODE sparc NOOP {ip}		arachnids,353
SHELLCODE sparc NOOP {ip}		arachnids,355
SHELLCODE x86 NOOP {ip}		arachnids,181
SHELLCODE x86 stealth NOOP {ip}		arachnids,291
SHELLCODE Linux shellcode {ip}		arachnids,343
SMTP RCPT TO overflow {tcp}		bugtraq,2283
SMTP chameleon overflow {tcp}		cve,CAN-1999-0261
SMTP sendmail 8.6.9 exploit {tcp}		cve,CVE-1999-0204
SMTP expn decode {tcp}		arachnids,32
SMTP expn root {tcp}		arachnids,31
SMTP expn *@ {tcp}		cve,CAN-1999-1200
SMTP majordomo ifs {tcp}		arachnids,143
SMTP sendmail 5.5.5 exploit {tcp}		arachnids,119
SMTP rcpt to command attempt {tcp}		cve,CVE-1999-0095
SMTP RCPT TO decode attempt {tcp}		cve,CVE-1999-0203
SMTP sendmail 5.6.5 exploit {tcp}		arachnids,122
SMTP sendmail 8.6.10 exploit {tcp}		arachnids,123
SMTP sendmail 8.6.10 exploit {tcp}		arachnids,124
SMTP sendmail 8.6.9 exploit {tcp}		cve,CVE-1999-0204
SMTP sendmail 8.6.9 exploit {tcp}		arachnids,139
SMTP sendmail 8.6.9c exploit {tcp}		cve,CVE-1999-0204
SMTP vrfy decode {tcp}		arachnids,373
SMTP ehlo cybercop attempt {tcp}		arachnids,372
SMTP expn cybercop attempt {tcp}		arachnids,371
SMTP HELO overflow attempt {tcp}		nessus,11674
SMTP ETRN overflow attempt {tcp}		cve,CAN-2000-0490
SMTP From comment overflow attempt {tcp}		url,www.kb.cert.org/vuls/id/398025
SMTP Content-Transfer-Encoding overflow attempt {tcp}		url,www.cert.org/advisories/CA-2003-12.html
SMTP XEXCH50 overflow attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-046.asp
SMTP XEXCH50 overflow with evasion attempt {tcp}		url,www.microsoft.com/technet/security/bulletin/MS03-046.asp
SMTP EXPN overflow attempt {tcp}		cve,CAN-2002-1337
SMTP VRFY overflow attempt {tcp}		cve,CAN-2002-1337
SMTP SEND FROM sendmail prescan too many addresses overflow {tcp}		cve,CAN-2002-1337
SMTP SEND FROM sendmail prescan too long addresses overflow {tcp}		cve,CAN-2003-0161
SMTP SAML FROM sendmail prescan too many addresses overflow {tcp}		cve,CAN-2002-1337
SMTP SAML FROM sendmail prescan too long addresses overflow {tcp}		cve,CAN-2003-0161
SMTP SOML FROM sendmail prescan too many addresses overflow {tcp}		cve,CAN-2002-1337
SMTP SOML FROM sendmail prescan too long addresses overflow {tcp}		cve,CAN-2003-0161
SMTP MAIL FROM sendmail prescan too many addresses overflow {tcp}		cve,CAN-2002-1337
SMTP MAIL FROM sendmail prescan too long addresses overflow {tcp}		cve,CAN-2003-0161
SMTP RCPT TO sendmail prescan too many addresses overflow {tcp}		cve,CAN-2002-1337
SMTP RCPT TO sendmail prescan too long addresses overflow {tcp}		cve,CAN-2003-0161
SNMP missing community string attempt {udp}		cve,CAN-1999-0517
SNMP null community string attempt {udp}		cve,CAN-1999-0517
SNMP community string buffer overflow attempt {udp}		cve,CAN-2002-0013
SNMP community string buffer overflow attempt (with evasion) {udp}		cve,CAN-2002-0013
SNMP public access udp {udp}		cve,CAN-2002-0013
SNMP public access tcp {tcp}		cve,CAN-2002-0013
SNMP private access udp {udp}		cve,CAN-2002-0013
SNMP private access tcp {tcp}		cve,CAN-2002-0013
SNMP Broadcast request {udp}		cve,CAN-2002-0013
SNMP broadcast trap {udp}		cve,CAN-2002-0013
SNMP request udp {udp}		cve,CAN-2002-0013
SNMP request tcp {tcp}		cve,CAN-2002-0013
SNMP trap udp {udp}		cve,CAN-2002-0013
SNMP trap tcp {tcp}		cve,CAN-2002-0013
SNMP AgentX/tcp request {tcp}		cve,CAN-2002-0013
SNMP PROTOS test-suite-req-app attempt {udp}		url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
SNMP PROTOS test-suite-trap-app attempt {udp}		url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
MS-SQL/SMB xp_enumresultset possible buffer overflow {tcp}		cve,CAN-2000-1082
MS-SQL/SMB raiserror possible buffer overflow {tcp}		bugtraq,3733
MS-SQL/SMB xp_displayparamstmt possible buffer overflow {tcp}		cve,CAN-2000-1081
MS-SQL/SMB xp_setsqlsecurity possible buffer overflow {tcp}		bugtraq,2043
MS-SQL/SMB xp_printstatements possible buffer overflow {tcp}		cve,CAN-2000-1086
MS-SQL/SMB xp_sprintf possible buffer overflow {tcp}		bugtraq,1204
MS-SQL/SMB xp_showcolv possible buffer overflow {tcp}		bugtraq,2038
MS-SQL/SMB xp_peekqueue possible buffer overflow {tcp}		cve,CAN-2000-1085
MS-SQL/SMB xp_proxiedmetadata possible buffer overflow {tcp}		cve,CAN-2000-1087
MS-SQL/SMB xp_updatecolvbm possible buffer overflow {tcp}		cve,CAN-2000-1084
MS-SQL xp_displayparamstmt possible buffer overflow {tcp}		cve,CAN-2000-1081
MS-SQL xp_setsqlsecurity possible buffer overflow {tcp}		bugtraq,2043
MS-SQL xp_printstatements possible buffer overflow {tcp}		cve,CAN-2000-1086
MS-SQL xp_updatecolvbm possible buffer overflow {tcp}		cve,CAN-2000-1084
MS-SQL xp_sprintf possible buffer overflow {tcp}		bugtraq,1204
MS-SQL xp_showcolv possible buffer overflow {tcp}		cve,CAN-2000-1083
MS-SQL xp_peekqueue possible buffer overflow {tcp}		cve,CAN-2000-1085
MS-SQL xp_proxiedmetadata possible buffer overflow {tcp}		cve,CAN-2000-1087
MS-SQL raiserror possible buffer overflow {tcp}		bugtraq,3733
MS-SQL Worm propagation attempt {udp}		url,vil.nai.com/vil/content/v_99992.htm
MS-SQL Worm propagation attempt OUTBOUND {udp}		url,vil.nai.com/vil/content/v_99992.htm
MS-SQL ping attempt {udp}		nessus,10674
MS-SQL version overflow attempt {udp}		cve,CVE-2002-0649
TELNET SGI telnetd format bug {tcp}		arachnids,304
TELNET ld_library_path {tcp}		arachnids,367
TELNET livingston DOS {tcp}		arachnids,370
TELNET resolv_host_conf {tcp}		arachnids,369
TELNET not on console {tcp}		arachnids,365
TELNET login incorrect {tcp}		arachnids,127
TELNET bsd telnet exploit response {tcp}		cve,CAN-2001-0554
TELNET bsd exploit client finishing {tcp}		cve,CAN-2001-0554
TELNET 4Dgifts SGI account attempt {tcp}		cve,CAN-1999-0501
TELNET EZsetup account attempt {tcp}		cve,CAN-1999-0501
TELNET access {tcp}		cve,CAN-1999-0619
TFTP filename overflow attempt {udp}		bugtraq,5328
TFTP GET Admin.dll {udp}		url,www.cert.org/advisories/CA-2001-26.html
TFTP parent directory {udp}		cve,CVE-1999-0183
TFTP root directory {udp}		cve,CVE-1999-0183
TFTP Put {udp}		arachnids,148
Virus - Possible QAZ Worm Infection {tcp}		MCAFEE,98775
WEB-CGI HyperSeek hsx.cgi directory traversal attempt {tcp}		cve,CAN-2001-0253
WEB-CGI HyperSeek hsx.cgi access {tcp}		cve,CAN-2001-0253
WEB-CGI SWSoft ASPSeek Overflow attempt {tcp}		bugtraq,2492
WEB-CGI webspeed access {tcp}		nessus,10304
WEB-CGI yabb directory traversal attempt {tcp}		bugtraq,1668
WEB-CGI yabb access {tcp}		bugtraq,1668
WEB-CGI /wwwboard/passwd.txt access {tcp}		bugtraq,649
WEB-CGI webdriver access {tcp}		nessus,10592
WEB-CGI whois_raw.cgi arbitrary command execution attempt {tcp}		nessus,10306
WEB-CGI whois_raw.cgi access {tcp}		nessus,10306
WEB-CGI websitepro path access {tcp}		arachnids,468
WEB-CGI webplus version access {tcp}		arachnids,470
WEB-CGI webplus directory traversal {tcp}		arachnids,471
WEB-CGI websendmail access {tcp}		nessus,10301
WEB-CGI dcforum.cgi directory traversal attempt {tcp}		cve,CAN-2001-0436
WEB-CGI dcforum.cgi access {tcp}		bugtraq,2728
WEB-CGI dcboard.cgi invalid user addition attempt {tcp}		bugtraq,2728
WEB-CGI dcboard.cgi access {tcp}		bugtraq,2728
WEB-CGI mmstdod.cgi access {tcp}		cve,CVE-2001-0021
WEB-CGI anaconda directory transversal attempt {tcp}		bugtraq,2388
WEB-CGI imagemap.exe overflow attempt {tcp}		cve,CVE-1999-0951
WEB-CGI imagemap.exe access {tcp}		arachnids,412
WEB-CGI cvsweb.cgi access {tcp}		bugtraq,1469
WEB-CGI php.cgi access {tcp}		arachnids,232
WEB-CGI glimpse access {tcp}		bugtraq,2026
WEB-CGI htmlscript attempt {tcp}		cve,CVE-1999-0264
WEB-CGI htmlscript access {tcp}		cve,CVE-1999-0264
WEB-CGI info2www access {tcp}		cve,CVE-1999-0266
WEB-CGI nph-test-cgi access {tcp}		bugtraq,686
WEB-CGI NPH-publish access {tcp}		cve,CAN-2001-0400
WEB-CGI NPH-publish access {tcp}		cve,CAN-1999-1177
WEB-CGI rguest.exe access {tcp}		bugtraq,2024
WEB-CGI rwwwshell.pl access {tcp}		url,www.itsecurity.com/papers/p37.htm
WEB-CGI test-cgi attempt {tcp}		arachnids,218
WEB-CGI test-cgi access {tcp}		arachnids,218
WEB-CGI testcgi access {tcp}		bugtraq,7214
WEB-CGI textcounter.pl access {tcp}		cve,CAN-1999-1479
WEB-CGI uploader.exe access {tcp}		nessus,10291
WEB-CGI webgais access {tcp}		nessus,10300
WEB-CGI finger access {tcp}		nessus,10071
WEB-CGI perlshop.cgi access {tcp}		cve,CAN-1999-1374
WEB-CGI pfdisplay.cgi access {tcp}		cve,CVE-1999-0270
WEB-CGI aglimpse access {tcp}		bugtraq,2026
WEB-CGI anform2 access {tcp}		arachnids,225
WEB-CGI args.bat access {tcp}		cve,CAN-1999-1374
WEB-CGI args.cmd access {tcp}		cve,CAN-1999-1374
WEB-CGI AT-admin.cgi access {tcp}		cve,CAN-1999-1072
WEB-CGI AT-generated.cgi access {tcp}		cve,CAN-1999-1072
WEB-CGI bnbform.cgi access {tcp}		bugtraq,1469
WEB-CGI campas access {tcp}		bugtraq,1975
WEB-CGI view-source directory traversal {tcp}		bugtraq,8883
WEB-CGI view-source access {tcp}		bugtraq,8883
WEB-CGI wwwwais access {tcp}		cve,CAN-2001-0223
WEB-CGI files.pl access {tcp}		cve,CAN-1999-1081
WEB-CGI wguest.exe access {tcp}		bugtraq,2024
WEB-CGI wrap access {tcp}		cve,CVE-1999-0149
WEB-CGI classifieds.cgi access {tcp}		cve,CVE-1999-0934
WEB-CGI faxsurvey attempt (full path) {tcp}		nessus,10067
WEB-CGI faxsurvey arbitrary file read attempt {tcp}		bugtraq,2056
WEB-CGI faxsurvey access {tcp}		nessus,10067
WEB-CGI filemail access {tcp}		cve,CAN-1999-1154
WEB-CGI man.sh access {tcp}		cve,CAN-1999-1179
WEB-CGI snork.bat access {tcp}		arachnids,220
WEB-CGI w3-msql access {tcp}		cve,CVE-2000-0012
WEB-CGI day5datacopier.cgi access {tcp}		cve,CAN-1999-1232
WEB-CGI day5datanotifier.cgi access {tcp}		cve,CAN-1999-1232
WEB-CGI post-query access {tcp}		cve,CAN-2001-0291
WEB-CGI visadmin.exe access {tcp}		nessus,10295
WEB-CGI dumpenv.pl access {tcp}		cve,CAN-1999-1178
WEB-CGI calendar_admin.pl arbitrary command execution attempt {tcp}		cve,CVE-2000-0432
WEB-CGI calendar_admin.pl access {tcp}		cve,CVE-2000-0432
WEB-CGI calendar-admin.pl access {tcp}		bugtraq,1215
WEB-CGI calender.pl access {tcp}		cve,CVE-2000-0432
WEB-CGI user_update_admin.pl access {tcp}		cve,CVE-2000-0627
WEB-CGI user_update_passwd.pl access {tcp}		cve,CVE-2000-0627
WEB-CGI survey.cgi access {tcp}		cve,CVE-1999-0936
WEB-CGI scriptalias access {tcp}		arachnids,227
WEB-CGI win-c-sample.exe access {tcp}		nessus,10008
WEB-CGI admin.pl access {tcp}		bugtraq,3839
WEB-CGI LWGate access {tcp}		url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm
WEB-CGI flexform access {tcp}		url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm
WEB-CGI formmail arbitrary command execution attempt {tcp}		arachnids,226
WEB-CGI formmail access {tcp}		arachnids,226
WEB-CGI phf arbitrary command execution attempt {tcp}		cve,CVE-1999-0067
WEB-CGI phf access {tcp}		cve,CVE-1999-0067
WEB-CGI www-sql access {tcp}		url,marc.theaimsgroup.com/?l=bugtraq&m=88704258804054&w=2
WEB-CGI ppdscgi.exe access {tcp}		url,online.securityfocus.com/archive/1/16878
WEB-CGI sendform.cgi access {tcp}		url,www.scn.org/help/sendform.txt
WEB-CGI AnyForm2 access {tcp}		cve,CVE-1999-0066
WEB-CGI MachineInfo access {tcp}		cve,CAN-1999-1067
WEB-CGI bb-hist.sh attempt {tcp}		bugtraq,142
WEB-CGI bb-hist.sh access {tcp}		bugtraq,142
WEB-CGI bb-histlog.sh access {tcp}		cve,CAN-1999-1462
WEB-CGI bb-histsvc.sh access {tcp}		cve,CAN-1999-1462
WEB-CGI bb-hostscv.sh attempt {tcp}		cve,CVE-2000-0638
WEB-CGI bb-hostscv.sh access {tcp}		cve,CVE-2000-0638
WEB-CGI bb-rep.sh access {tcp}		cve,CAN-1999-1462
WEB-CGI bb-replog.sh access {tcp}		cve,CAN-1999-1462
WEB-CGI redirect access {tcp}		cve,CVE-2000-0382
WEB-CGI wayboard attempt {tcp}		cve,CAN-2001-0214
WEB-CGI way-board access {tcp}		nessus,10610
WEB-CGI pals-cgi arbitrary file access attempt {tcp}		nessus,10611
WEB-CGI pals-cgi access {tcp}		nessus,10611
WEB-CGI commerce.cgi arbitrary file access attempt {tcp}		cve,CAN-2001-0210
WEB-CGI commerce.cgi access {tcp}		cve,CAN-2001-0210
WEB-CGI Amaya templates sendtemp.pl directory traversal attempt {tcp}		cve,CAN-2001-0272
WEB-CGI Amaya templates sendtemp.pl access {tcp}		cve,CAN-2001-0272
WEB-CGI webspirs.cgi directory traversal attempt {tcp}		nessus,10616
WEB-CGI webspirs.cgi access {tcp}		nessus,10616
WEB-CGI tstisapi.dll access {tcp}		cve,CAN-2001-0302
WEB-CGI lastlines.cgi access {tcp}		bugtraq,3754
WEB-CGI zml.cgi attempt {tcp}		bugtraq,3759
WEB-CGI zml.cgi access {tcp}		bugtraq,3759
WEB-CGI AHG search.cgi access {tcp}		bugtraq,3985
WEB-CGI agora.cgi attempt {tcp}		bugtraq,3976
WEB-CGI agora.cgi access {tcp}		bugtraq,3976
WEB-CGI rksh access {tcp}		cve,CAN-1999-0509
WEB-CGI bash access {tcp}		url,www.cert.org/advisories/CA-1996-11.html
WEB-CGI perl.exe command attempt {tcp}		nessus,10173
WEB-CGI perl.exe access {tcp}		nessus,10173
WEB-CGI perl command attempt {tcp}		nessus,10173
WEB-CGI zsh access {tcp}		cve,CAN-1999-0509
WEB-CGI csh access {tcp}		cve,CAN-1999-0509
WEB-CGI tcsh access {tcp}		cve,CAN-1999-0509
WEB-CGI rsh access {tcp}		url,www.cert.org/advisories/CA-1996-11.html
WEB-CGI ksh access {tcp}		cve,CAN-1999-0509
WEB-CGI auktion.cgi directory traversal attempt {tcp}		cve,CAN-2001-0212
WEB-CGI auktion.cgi access {tcp}		cve,CAN-2001-0212
WEB-CGI cgiforum.pl attempt {tcp}		cve,CVE-2000-1171
WEB-CGI cgiforum.pl access {tcp}		cve,CVE-2000-1171
WEB-CGI directorypro.cgi attempt {tcp}		cve,CAN-2001-0780
WEB-CGI directorypro.cgi access {tcp}		cve,CAN-2001-0780
WEB-CGI Web Shopper shopper.cgi attempt {tcp}		bugtraq,1776
WEB-CGI Web Shopper shopper.cgi access {tcp}		bugtraq,1776
WEB-CGI listrec.pl access {tcp}		cve,CAN-2001-0997
WEB-CGI mailnews.cgi access {tcp}		cve,CAN-2001-0271
WEB-CGI book.cgi arbitrary command execution attempt {tcp}		nessus,10721
WEB-CGI book.cgi access {tcp}		nessus,10721
WEB-CGI newsdesk.cgi access {tcp}		cve,CAN-2001-0232
WEB-CGI cal_make.pl directory traversal attempt {tcp}		bugtraq,2663
WEB-CGI cal_make.pl access {tcp}		bugtraq,2663
WEB-CGI sdbsearch.cgi access {tcp}		cve,CAN-2001-1130
WEB-CGI ttawebtop.cgi arbitrary file attempt {tcp}		nessus,10696
WEB-CGI ttawebtop.cgi access {tcp}		bugtraq,2890
WEB-CGI upload.cgi access {tcp}		nessus,10290
WEB-CGI view_source access {tcp}		nessus,10294
WEB-CGI ustorekeeper.pl directory traversal attempt {tcp}		nessus,10645
WEB-CGI ustorekeeper.pl access {tcp}		nessus,10646
WEB-CGI icat access {tcp}		cve,CAN-1999-1069
WEB-CGI Bugzilla doeditvotes.cgi access {tcp}		cve,CAN-2002-0011
WEB-CGI htsearch arbitrary configuration file attempt {tcp}		cve,CVE-2000-0208
WEB-CGI htsearch arbitrary file read attempt {tcp}		cve,CVE-2000-0208
WEB-CGI htsearch access {tcp}		cve,CVE-2000-0208
WEB-CGI a1stats a1disp3.cgi directory traversal attempt {tcp}		cve,CAN-2001-0561
WEB-CGI a1stats a1disp3.cgi access {tcp}		cve,CAN-2001-0561
WEB-CGI a1stats access {tcp}		cve,CAN-2001-0561
WEB-CGI admentor admin.asp access {tcp}		url,www.securiteam.com/windowsntfocus/5DP0N1F6AW.html
WEB-CGI alchemy http server PRN arbitrary command execution attempt {tcp}		cve,CAN-2001-0871
WEB-CGI alchemy http server NUL arbitrary command execution attempt {tcp}		cve,CAN-2001-0871
WEB-CGI alibaba.pl arbitrary command execution attempt {tcp}		cve,CAN-1999-0885
WEB-CGI alibaba.pl access {tcp}		cve ,CAN-1999-0885
WEB-CGI AltaVista Intranet Search directory traversal attempt {tcp}		nessus,10015
WEB-CGI test.bat arbitrary command execution attempt {tcp}		cve,CVE-1999-0947
WEB-CGI test.bat access {tcp}		cve,CVE-1999-0947
WEB-CGI input.bat arbitrary command execution attempt {tcp}		cve,CVE-1999-0947
WEB-CGI input.bat access {tcp}		cve,CVE-1999-0947
WEB-CGI input2.bat arbitrary command execution attempt {tcp}		cve,CVE-1999-0947
WEB-CGI input2.bat access {tcp}		cve,CVE-1999-0947
WEB-CGI envout.bat arbitrary command execution attempt {tcp}		cve,CVE-1999-0947
WEB-CGI envout.bat access {tcp}		cve,CVE-1999-0947
WEB-CGI echo.bat arbitrary command execution attempt {tcp}		cve,CAN-2000-0213
WEB-CGI echo.bat access {tcp}		cve,CAN-2000-0213
WEB-CGI hello.bat arbitrary command execution attempt {tcp}		cve,CAN-2000-0213
WEB-CGI hello.bat access {tcp}		cve,CAN-2000-0213
WEB-CGI tst.bat access {tcp}		bugtraq,770
WEB-CGI /cgi-bin/ls access {tcp}		bugtraq,936
WEB-CGI cgimail access {tcp}		cve,CVE-2000-0726
WEB-CGI cgiwrap access {tcp}		cve,CVE-2001-0987
WEB-CGI csSearch.cgi arbitrary command execution attempt {tcp}		cve,CAN-2002-0495
WEB-CGI csSearch.cgi access {tcp}		cve,CAN-2002-0495
WEB-CGI /cart/cart.cgi access {tcp}		cve,CVE-2000-0252
WEB-CGI dbman db.cgi access {tcp}		nessus,10403
WEB-CGI DCShop access {tcp}		cve,CAN-2001-0821
WEB-CGI DCShop orders.txt access {tcp}		cve,CAN-2001-0821
WEB-CGI DCShop auth_user_file.txt access {tcp}		cve,CAN-2001-0821
WEB-CGI eshop.pl arbitrary commane execution attempt {tcp}		cve,CAN-2001-1014
WEB-CGI eshop.pl access {tcp}		cve,CAN-2001-1014
WEB-CGI faqmanager.cgi arbitrary file access attempt {tcp}		bugtraq,3810
WEB-CGI faqmanager.cgi access {tcp}		bugtraq,3810
WEB-CGI /fcgi-bin/echo.exe access {tcp}		nessus,10838
WEB-CGI FormHandler.cgi directory traversal attempt attempt {tcp}		cve,CAN-1999-1050
WEB-CGI FormHandler.cgi external site redirection attempt {tcp}		cve,CAN-1999-1050
WEB-CGI FormHandler.cgi access {tcp}		cve,CAN-1999-1050
WEB-CGI guestbook.cgi access {tcp}		cve,CVE-1999-0237
WEB-CGI Home Free search.cgi directory traversal attempt {tcp}		bugtraq,921
WEB-CGI search.cgi access {tcp}		bugtraq,921
WEB-CGI pagelog.cgi directory traversal attempt {tcp}		bugtraq,1864
WEB-CGI pagelog.cgi access {tcp}		nessus,10591
WEB-CGI gbook.cgi access {tcp}		cve,CVE-2000-1131
WEB-CGI emumail.cgi NULL attempt {tcp}		cve,CAN-2002-1526
WEB-CGI emumail.cgi access {tcp}		cve,CAN-2002-1526
WEB-CGI document.d2w access {tcp}		bugtraq,2017
WEB-CGI db2www access {tcp}		cve,CVE-2000-0677
WEB-CGI technote main.cgi file directory traversal attempt {tcp}		bugtraq,2156
WEB-CGI technote print.cgi directory traversal attempt {tcp}		bugtraq,2156
WEB-CGI ads.cgi command execution attempt {tcp}		bugtraq,2103
WEB-CGI eXtropia webstore directory traversal {tcp}		cve,CVE-2000-1005
WEB-CGI eXtropia webstore access {tcp}		cve,CVE-2000-1005
WEB-CGI shopping cart directory traversal {tcp}		bugtraq,1777
WEB-CGI cached_feed.cgi moreover shopping cart directory traversal {tcp}		bugtraq,1762
WEB-CGI cached_feed.cgi moreover shopping cart access {tcp}		bugtraq,1762
WEB-CGI Talentsoft Web+ exploit attempt {tcp}		bugtraq,1725
WEB-CGI Poll-it access {tcp}		bugtraq,1431
WEB-CGI count.cgi access {tcp}		nessus,10049
WEB-CGI webdist.cgi arbitrary command attempt {tcp}		nessus,10299
WEB-CGI webdist.cgi access {tcp}		nessus,10299
WEB-CGI bigconf.cgi access {tcp}		cve,CVE-1999-1550
WEB-CGI /cgi-bin/jj access {tcp}		cve,CVE-1999-0260
WEB-CGI bizdbsearch attempt {tcp}		bugtraq,1104
WEB-CGI bizdbsearch access {tcp}		bugtraq,1104
WEB-CGI sojourn.cgi File attempt {tcp}		cve,CAN-2000-0180
WEB-CGI sojourn.cgi access {tcp}		cve,CAN-2000-0180
WEB-CGI SGI InfoSearch fname attempt {tcp}		cve,CVE-2000-0207
WEB-CGI SGI InfoSearch fname access {tcp}		cve,CVE-2000-0207
WEB-CGI cachemgr.cgi access {tcp}		nessus,10034
WEB-CGI dfire.cgi access {tcp}		cve,CAN-1999-0913
WEB-CGI store.cgi directory traversal attempt {tcp}		cve,CAN-2001-0305
WEB-CGI store.cgi access {tcp}		cve,CAN-2001-0305
WEB-CGI SIX webboard generate.cgi attempt {tcp}		bugtraq,3175
WEB-CGI SIX webboard generate.cgi access {tcp}		bugtraq,3175
WEB-CGI csPassword.cgi access {tcp}		bugtraq,4889
WEB-CGI csPassword password.cgi.tmp access {tcp}		bugtraq,4889
WEB-CGI Nortel Contivity cgiproc DOS attempt {tcp}		cve,CVE-2000-0063
WEB-CGI Nortel Contivity cgiproc DOS attempt {tcp}		cve,CVE-2000-0063
WEB-CGI Nortel Contivity cgiproc access {tcp}		cve,CVE-2000-0063
WEB-CGI Oracle reports CGI access {tcp}		bugtraq,4848
WEB-CGI alienform.cgi directory traversal attempt {tcp}		bugtraq,4983
WEB-CGI AlienForm af.cgi directory traversal attempt {tcp}		bugtraq,4983
WEB-CGI alienform.cgi access {tcp}		bugtraq,4983
WEB-CGI AlienForm af.cgi access {tcp}		bugtraq,4983
WEB-CGI story.pl arbitrary file read attempt {tcp}		cve,CVE-2001-0804
WEB-CGI story.pl access {tcp}		cve,CVE-2001-0804
WEB-CGI siteUserMod.cgi access {tcp}		cve,CVE-2000-0117
WEB-CGI cgicso access {tcp}		nessus,10780
WEB-CGI nph-publish.cgi access {tcp}		cve,CVE-1999-1177
WEB-CGI printenv access {tcp}		cve,CVE-2000-0868
WEB-CGI sdbsearch.cgi access {tcp}		cve,CVE-2000-0868
WEB-CGI rpc-nlog.pl access {tcp}		cve,CAN-1999-1278
WEB-CGI rpc-smb.pl access {tcp}		cve,CAN-1999-1278
WEB-CGI vpasswd.cgi access {tcp}		nessus,11165
WEB-CGI alya.cgi access {tcp}		nessus,11118
WEB-CGI viralator.cgi access {tcp}		cve,CAN-2001-0849
WEB-CGI mrtg.cgi directory traversal attempt {tcp}		nessus,11001
WEB-CGI overflow.cgi access {tcp}		url,www.cert.org/advisories/CA-2002-35.html
WEB-CGI way-board.cgi access {tcp}		nessus,10610
WEB-CGI process_bug.cgi access {tcp}		cve,CAN-2002-0008
WEB-CGI enter_bug.cgi arbitrary command attempt {tcp}		cve,CAN-2002-0008
WEB-CGI enter_bug.cgi access {tcp}		cve,CAN-2002-0008
WEB-CGI parse_xml.cgi access {tcp}		cve,CAN-2003-0054
WEB-CGI streaming server parse_xml.cgi access {tcp}		cve,CAN-2003-0054
WEB-CGI album.pl access {tcp}		bugtraq,7444
WEB-CGI chipcfg.cgi access {tcp}		cve,CAN-2001-1341
WEB-CGI ikonboard.cgi access {tcp}		nessus,11605
WEB-CGI swsrv.cgi access {tcp}		nessus,11608
WEB-CGI CSMailto.cgi access {tcp}		nessus,11748
WEB-CGI alert.cgi access {tcp}		nessus,11748
WEB-CGI catgy.cgi access {tcp}		nessus,11748
WEB-CGI cvsview2.cgi access {tcp}		nessus,11748
WEB-CGI cvslog.cgi access {tcp}		nessus,11748
WEB-CGI multidiff.cgi access {tcp}		nessus,11748
WEB-CGI dnewsweb.cgi access {tcp}		nessus,11748
WEB-CGI download.cgi access {tcp}		nessus,11748
WEB-CGI edit_action.cgi access {tcp}		nessus,11748
WEB-CGI everythingform.cgi access {tcp}		nessus,11748
WEB-CGI ezadmin.cgi access {tcp}		nessus,11748
WEB-CGI ezboard.cgi access {tcp}		nessus,11748
WEB-CGI ezman.cgi access {tcp}		nessus,11748
WEB-CGI fileseek.cgi access {tcp}		nessus,11748
WEB-CGI fom.cgi access {tcp}		nessus,11748
WEB-CGI getdoc.cgi access {tcp}		nessus,11748
WEB-CGI global.cgi access {tcp}		nessus,11748
WEB-CGI guestserver.cgi access {tcp}		nessus,11748
WEB-CGI imageFolio.cgi access {tcp}		nessus,11748
WEB-CGI mailfile.cgi access {tcp}		nessus,11748
WEB-CGI mailview.cgi access {tcp}		nessus,11748
WEB-CGI nsManager.cgi access {tcp}		nessus,11748
WEB-CGI readmail.cgi access {tcp}		nessus,11748
WEB-CGI printmail.cgi access {tcp}		nessus,11748
WEB-CGI service.cgi access {tcp}		nessus,11748
WEB-CGI setpasswd.cgi access {tcp}		nessus,11748
WEB-CGI simplestmail.cgi access {tcp}		nessus,11748
WEB-CGI ws_mail.cgi access {tcp}		nessus,11748
WEB-CGI nph-exploitscanget.cgi access {tcp}		nessus,11740
WEB-CGI csNews.cgi access {tcp}		nessus,11726
WEB-CGI psunami.cgi access {tcp}		nessus,11750
WEB-CGI gozila.cgi access {tcp}		nessus,11773
WEB-CLIENT readme.eml download attempt {tcp}		url,www.cert.org/advisories/CA-2001-26.html
WEB-CLIENT readme.eml autoload attempt {tcp}		url,www.cert.org/advisories/CA-2001-26.html
WEB-CLIENT Javascript document.domain attempt {tcp}		bugtraq,5346
WEB-CLIENT Javascript URL host spoofing attempt {tcp}		bugtraq,5293
WEB-COLDFUSION cfcache.map access {tcp}		cve,CVE-2000-0057
WEB-COLDFUSION exampleapp application.cfm {tcp}		bugtraq,1021
WEB-COLDFUSION application.cfm access {tcp}		bugtraq,1021
WEB-COLDFUSION getfile.cfm access {tcp}		bugtraq,229
WEB-COLDFUSION administrator access {tcp}		cve,CVE-2000-0538
WEB-COLDFUSION datasource username attempt {tcp}		bugtraq,550
WEB-COLDFUSION fileexists.cfm access {tcp}		bugtraq,550
WEB-COLDFUSION exprcalc access {tcp}		bugtraq,550
WEB-COLDFUSION parks access {tcp}		bugtraq,550
WEB-COLDFUSION cfappman access {tcp}		bugtraq,550
WEB-COLDFUSION beaninfo access {tcp}		bugtraq,550
WEB-COLDFUSION evaluate.cfm access {tcp}		bugtraq,550
WEB-COLDFUSION getodbcdsn access {tcp}		bugtraq,550
WEB-COLDFUSION db connections flush attempt {tcp}		bugtraq,550
WEB-COLDFUSION expeval access {tcp}		cve,CAN-1999-0477
WEB-COLDFUSION datasource passwordattempt {tcp}		bugtraq,550
WEB-COLDFUSION datasource attempt {tcp}		bugtraq,550
WEB-COLDFUSION admin encrypt attempt {tcp}		bugtraq,550
WEB-COLDFUSION displayfile access {tcp}		bugtraq,550
WEB-COLDFUSION getodbcin attempt {tcp}		bugtraq,550
WEB-COLDFUSION admin decrypt attempt {tcp}		bugtraq,550
WEB-COLDFUSION mainframeset access {tcp}		bugtraq,550
WEB-COLDFUSION set odbc ini attempt {tcp}		bugtraq,550
WEB-COLDFUSION settings refresh attempt {tcp}		bugtraq,550
WEB-COLDFUSION CFUSION_VERIFYMAIL access {tcp}		bugtraq,550
WEB-COLDFUSION snippets attempt {tcp}		bugtraq,550
WEB-COLDFUSION cfmlsyntaxcheck.cfm access {tcp}		bugtraq,550
WEB-COLDFUSION application.cfm access {tcp}		cve,CAN-2000-0189
WEB-COLDFUSION onrequestend.cfm access {tcp}		cve,CAN-2000-0189
WEB-COLDFUSION startstop DOS access {tcp}		bugtraq,247
WEB-COLDFUSION gettempdirectory.cfm access  {tcp}		bugtraq,550
WEB-FRONTPAGE rad fp30reg.dll access {tcp}		url,www.microsoft.com/technet/security/bulletin/MS01-035.asp
WEB-FRONTPAGE frontpage rad fp4areg.dll access {tcp}		bugtraq,2906
WEB-FRONTPAGE _vti_rpc access {tcp}		bugtraq,2144
WEB-FRONTPAGE shtml.dll access {tcp}		arachnids,292
WEB-FRONTPAGE authors.pwd access {tcp}		nessus,10078
WEB-FRONTPAGE administrators.pwd access {tcp}		bugtraq,1205
WEB-FRONTPAGE service.pwd {tcp}		bugtraq,1205
WEB-FRONTPAGE shtml.exe access {tcp}		bugtraq,1174
WEB-FRONTPAGE .... request {tcp}		arachnids,248
WEB-FRONTPAGE dvwssr.dll access {tcp}		url,www.microsoft.com/technet/security/bulletin/ms00-025.asp
WEB-IIS MDAC Content-Type overflow attempt {tcp}		url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337
WEB-IIS repost.asp access {tcp}		nessus,10372
WEB-IIS .htr chunked Transfer-Encoding {tcp}		cve,CAN-2002-0364
WEB-IIS .asp chunked Transfer-Encoding {tcp}		cve,CAN-2002-0079
WEB-IIS as_web.exe access {tcp}		bugtraq,4670
WEB-IIS as_web4.exe access {tcp}		bugtraq,4670
WEB-IIS pbserver access {tcp}		url,www.microsoft.com/technet/security/bulletin/ms00-094.asp
WEB-IIS /isapi/tstisapi.dll access {tcp}		bugtraq,2381
WEB-IIS WebDAV file lock attempt {tcp}		bugtraq,2736
WEB-IIS ISAPI .printer access {tcp}		arachnids,533
WEB-IIS ISAPI .ida attempt {tcp}		cve,CAN-2000-0071
WEB-IIS ISAPI .ida access {tcp}		bugtraq,1065
WEB-IIS ISAPI .idq attempt {tcp}		bugtraq,1065
WEB-IIS ISAPI .idq access {tcp}		bugtraq,1065
WEB-IIS %2E-asp access {tcp}		cve,CAN-1999-0253
WEB-IIS *.idc attempt {tcp}		cve,CVE-1999-0874
WEB-IIS Directory transversal attempt {tcp}		cve,CAN-1999-0229
WEB-IIS Alternate Data streams ASP file access attempt {tcp}		nessus,10362
WEB-IIS .bat? access {tcp}		url,support.microsoft.com/support/kb/articles/Q155/0/56.asp
WEB-IIS ASP contents view {tcp}		bugtraq,1084
WEB-IIS ASP contents view {tcp}		bugtraq,1861
WEB-IIS CGImail.exe access {tcp}		bugtraq,1623
WEB-IIS unicode directory traversal attempt {tcp}		cve,CVE-2000-0884
WEB-IIS unicode directory traversal attempt {tcp}		cve,CVE-2000-0884
WEB-IIS unicode directory traversal attempt {tcp}		cve,CVE-2000-0884
WEB-IIS unicode directory traversal attempt {tcp}		cve,CVE-2000-0884
WEB-IIS +.htr code fragment attempt {tcp}		cve,CVE-2000-0630
WEB-IIS .htr access {tcp}		cve,CVE-2000-0630
WEB-IIS SAM Attempt {tcp}		url,www.ciac.org/ciac/bulletins/h-45.shtml
WEB-IIS achg.htr access {tcp}		bugtraq,2110
WEB-IIS ism.dll access {tcp}		bugtraq,189
WEB-IIS anot.htr access {tcp}		cve,CVE-1999-0407
WEB-IIS encoding access {tcp}		arachnids,200
WEB-IIS fpcount attempt {tcp}		bugtraq,2252
WEB-IIS fpcount access {tcp}		bugtraq,2252
WEB-IIS global.asa access {tcp}		cve,CVE-2000-0778
WEB-IIS idc-srch attempt {tcp}		cve,CVE-1999-0874
WEB-IIS iisadmpwd attempt {tcp}		cve,CVE-2000-0304
WEB-IIS isc$data attempt {tcp}		cve,CVE-1999-0874
WEB-IIS ism.dll attempt {tcp}		bugtraq,1193
WEB-IIS jet vba access {tcp}		cve,CVE-1999-0874
WEB-IIS msadcs.dll access {tcp}		bugtraq,529
WEB-IIS newdsn.exe access {tcp}		cve,CVE-1999-0191
WEB-IIS search97.vts access {tcp}		bugtraq,162
WEB-IIS showcode.asp access {tcp}		nessus,10007
WEB-IIS site server config access {tcp}		bugtraq,256
WEB-IIS view source via translate header {tcp}		bugtraq,1578
WEB-IIS viewcode.asp access {tcp}		nessus,10576
WEB-IIS webhits access {tcp}		arachnids,237
WEB-IIS CodeRed v2 root.exe access {tcp}		url,www.cert.org/advisories/CA-2001-19.html
WEB-IIS outlook web dos {tcp}		bugtraq,3223
WEB-IIS multiple decode attempt {tcp}		cve,CAN-2001-0333
WEB-IIS htimage.exe access {tcp}		cve,CAN-2000-0122
WEB-IIS MS Site Server default login attempt {tcp}		nessus,11018
WEB-IIS MS Site Server admin attempt {tcp}		nessus,11018
WEB-IIS WEBDAV exploit attempt {tcp}		bugtraq,7716
WEB-IIS WEBDAV nessus safe scan attempt {tcp}		nessus,11412
WEB-IIS Battleaxe Forum login.asp access {tcp}		bugtraq,7416
WEB-IIS nsiislog.dll access {tcp}		url,www.microsoft.com/technet/security/bulletin/ms03-018.asp
WEB-IIS IISProtect siteadmin.asp access {tcp}		bugtraq,7675
WEB-IIS IISProtect globaladmin.asp access {tcp}		nessus,11661
WEB-IIS IISProtect access {tcp}		nessus,11661
WEB-IIS Synchrologic Email Accelerator userid list access attempt {tcp}		nessus,11657
WEB-IIS MS BizTalk server access {tcp}		cve,CAN-2003-0118
WEB-IIS register.asp access {tcp}		nessus,11621
WEB-IIS UploadScript11.asp access {tcp}		cve,CAN-2001-0938
WEB-IIS DirectoryListing.asp access {tcp}		cve,CAN-2001-0938
WEB-IIS /pcadmin/login.asp access {tcp}		bugtraq,8103
WEB-MISC Cisco IOS HTTP configuration attempt {tcp}		bugtraq,2936
WEB-MISC Netscape Enterprise DOS {tcp}		bugtraq,2294
WEB-MISC Netscape Enterprise directory listing attempt {tcp}		bugtraq,2285
WEB-MISC weblogic view source attempt {tcp}		bugtraq,2527
WEB-MISC Tomcat directory traversal attempt {tcp}		bugtraq,2518
WEB-MISC Tomcat view source attempt {tcp}		bugtraq,2527
WEB-MISC WebDAV search access {tcp}		arachnids,474
WEB-MISC Lotus Domino directory traversal {tcp}		bugtraq,2173
WEB-MISC counter.exe access {tcp}		bugtraq,267
WEB-MISC WebDAV propfind access {tcp}		cve,CVE-2000-0869
WEB-MISC unify eWave ServletExec upload {tcp}		cve,CVE-2000-1024
WEB-MISC Netscape Servers suite DOS {tcp}		bugtraq,1868
WEB-MISC amazon 1-click cookie theft {tcp}		cve,CVE-2000-0439
WEB-MISC Allaire JRUN DOS attempt {tcp}		bugtraq,2337
WEB-MISC Talentsoft Web+ Source Code view access {tcp}		bugtraq,1722
WEB-MISC Talentsoft Web+ internal IP Address access {tcp}		bugtraq,1720
WEB-MISC SmartWin CyberOffice Shopping Cart access {tcp}		bugtraq,1734
WEB-MISC cybercop scan {tcp}		arachnids,374
WEB-MISC L3retriever HTTP Probe {tcp}		arachnids,310
WEB-MISC Webtrends HTTP probe {tcp}		arachnids,309
WEB-MISC Nessus 404 probe {tcp}		arachnids,301
WEB-MISC Netscape admin passwd {tcp}		bugtraq,1579
WEB-MISC ftp.pl attempt {tcp}		nessus,10467
WEB-MISC ftp.pl access {tcp}		nessus,10467
WEB-MISC Tomcat server snoop access {tcp}		bugtraq,1532
WEB-MISC ROXEN directory list attempt {tcp}		cve,CVE-2000-0671
WEB-MISC apache source.asp file access {tcp}		cve,CVE-2000-0628
WEB-MISC http directory traversal {tcp}		arachnids,298
WEB-MISC ICQ webserver DOS {tcp}		cve,CVE-1999-0474
WEB-MISC Lotus EditDoc attempt {tcp}		url,www.securiteam.com/exploits/5NP080A1RE.html
WEB-MISC mlog.phtml access {tcp}		cve,CVE-1999-0346
WEB-MISC mylog.phtml access {tcp}		cve,CVE-1999-0068
WEB-MISC ?PageServices access {tcp}		cve,CVE-1999-0269
WEB-MISC webcart access {tcp}		cve,CAN-1999-0610
WEB-MISC convert.bas access {tcp}		cve,CVE-1999-0175
WEB-MISC guestbook.pl access {tcp}		arachnids,228
WEB-MISC handler attempt {tcp}		cve,CVE-1999-0148
WEB-MISC handler access {tcp}		cve,CVE-1999-0148
WEB-MISC cat%20 access {tcp}		bugtraq,374
WEB-MISC Netscape PublishingXpert access {tcp}		cve,CAN-2000-1196
WEB-MISC windmail.exe access {tcp}		nessus,10365
WEB-MISC webplus access {tcp}		bugtraq,1725
WEB-MISC Netscape dir index wp {tcp}		arachnids,270
WEB-MISC cart 32 AdminPwd access {tcp}		bugtraq,1153
WEB-MISC shopping cart access {tcp}		cve,CAN-2000-1188
WEB-MISC Novell Groupwise gwweb.exe attempt {tcp}		cve,CAN-1999-1006
WEB-MISC Novell Groupwise gwweb.exe access {tcp}		cve,CAN-1999-1006
WEB-MISC ws_ftp.ini access {tcp}		bugtraq,547
WEB-MISC rpm_query access {tcp}		bugtraq,1036
WEB-MISC wwwboard.pl access {tcp}		cve,CAN-1999-0930
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC get32.exe access {tcp}		arachnids,258
WEB-MISC Annex Terminal DOS attempt {tcp}		arachnids,260
WEB-MISC cgitest.exe attempt {tcp}		arachnids,265
WEB-MISC cgitest.exe access {tcp}		arachnids,265
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC SalesLogix Eviewer web command attempt {tcp}		cve,CAN-2000-0289
WEB-MISC SalesLogix Eviewer access {tcp}		cve,CAN-2000-0289
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC Trend Micro OfficeScan attempt {tcp}		bugtraq,1057
WEB-MISC Trend Micro OfficeScan access {tcp}		bugtraq,1057
WEB-MISC oracle web arbitrary command execution attempt {tcp}		nessus,10348
WEB-MISC oracle web application server access {tcp}		nessus,10348
WEB-MISC Netscape Enterprise Server directory view {tcp}		bugtraq,1063
WEB-MISC htgrep attempt {tcp}		cve,CAN-2000-0832
WEB-MISC htgrep access {tcp}		cve,CAN-2000-0832
WEB-MISC plusmail access {tcp}		bugtraq,2653
WEB-MISC ROADS search.pl attempt {tcp}		nessus,10627
WEB-MISC VirusWall FtpSave access {tcp}		nessus,10733
WEB-MISC VirusWall FtpSaveCSP access {tcp}		nessus,10733
WEB-MISC VirusWall FtpSaveCVP access {tcp}		nessus,10733
WEB-MISC whisker HEAD/./ {tcp}		url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
WEB-MISC HP OpenView Manager DOS {tcp}		bugtraq,2845
WEB-MISC long basic authorization string {tcp}		bugtraq,3230
WEB-MISC sml3com access {tcp}		bugtraq,2721
WEB-MISC carbo.dll access {tcp}		bugtraq,2126
WEB-MISC console.exe access {tcp}		bugtraq,3375
WEB-MISC cs.exe access {tcp}		bugtraq,3375
WEB-MISC http directory traversal {tcp}		arachnids,297
WEB-MISC sadmind worm access {tcp}		url,www.cert.org/advisories/CA-2001-11.html
WEB-MISC mod-plsql administration access {tcp}		bugtraq,3727
WEB-MISC Phorecast remote code execution attempt {tcp}		bugtraq,3388
WEB-MISC PCCS mysql database admin tool access {tcp}		arachnids,300
WEB-MISC .DS_Store access {tcp}		url,www.macintouch.com/mosxreaderreports46.html
WEB-MISC .FBCIndex access {tcp}		url,www.securiteam.com/securitynews/5LP0O005FS.html
WEB-MISC ExAir access {tcp}		cve,CVE-1999-0449
WEB-MISC apache ?M=D directory list attempt {tcp}		bugtraq,3009
WEB-MISC server-info access {tcp}		url,httpd.apache.org/docs/mod/mod_info.html
WEB-MISC server-status access {tcp}		url,httpd.apache.org/docs/mod/mod_info.html
WEB-MISC ans.pl attempt {tcp}		bugtraq,4149
WEB-MISC ans.pl access {tcp}		bugtraq,4149
WEB-MISC AxisStorpoint CD attempt {tcp}		cve,CAN-2000-0191
WEB-MISC Axis Storpoint CD access {tcp}		cve,CAN-2000-0191
WEB-MISC basilix sendmail.inc access {tcp}		cve,CAN-2001-1044
WEB-MISC basilix mysql.class access {tcp}		cve,CAN-2001-1044
WEB-MISC BBoard access {tcp}		cve,CAN-2000-0629
WEB-MISC Cisco Catalyst command execution attempt {tcp}		cve,CAN-2000-0945
WEB-MISC Cisco /%% DOS attempt {tcp}		bugtraq,1154
WEB-MISC cvsweb version access {tcp}		cve,CAN-2000-0670
WEB-MISC /doc/ access {tcp}		bugtraq,318
WEB-MISC login.htm attempt {tcp}		cve,CAN-1999-1533
WEB-MISC login.htm access {tcp}		cve,CAN-1999-1533
WEB-MISC global.inc access {tcp}		bugtraq,4612
WEB-MISC SecureSite authentication bypass attempt {tcp}		bugtraq,4621
WEB-MISC search.dll directory listing attempt {tcp}		nessus,10514
WEB-MISC search.dll access {tcp}		cve,CAN-2000-0835
WEB-MISC iChat directory traversal attempt {tcp}		cve,CAN-1999-0897
WEB-MISC Delegate whois overflow attempt {tcp}		cve,CVE-2000-0165
WEB-MISC Netscape Unixware overflow {tcp}		arachnids,180
WEB-MISC Compaq Insight directory traversal {tcp}		cve,CVE-1999-0771
WEB-MISC VirusWall catinfo access {tcp}		cve,CAN-2001-0432
WEB-MISC VirusWall catinfo access {tcp}		cve,CAN-2001-0432
WEB-MISC Apache Chunked-Encoding worm attempt {tcp}		cve,CAN-2002-0392
WEB-MISC Chunked-Encoding transfer attempt {tcp}		cve,CAN-2002-0392
WEB-MISC CISCO VoIP DOS ATTEMPT {tcp}		bugtraq,4794
WEB-MISC IBM Net.Commerce orderdspc.d2w access {tcp}		nessus,11020
WEB-MISC WEB-INF access {tcp}		nessus,11037
WEB-MISC Tomcat servlet mapping cross site scripting attempt {tcp}		bugtraq,5193
WEB-MISC iPlanet Search directory traversal attempt {tcp}		bugtraq,5191
WEB-MISC Tomcat TroubleShooter servlet access {tcp}		bugtraq,4575
WEB-MISC Tomcat SnoopServlet servlet access {tcp}		bugtraq,4575
WEB-MISC jigsaw dos attempt {tcp}		nessus,11047
WEB-MISC Macromedia SiteSpring cross site scripting attempt {tcp}		bugtraq,5249
WEB-MISC mailman cross site scripting attempt {tcp}		bugtraq,5298
WEB-MISC webalizer access {tcp}		cve,CAN-1999-0643
WEB-MISC webcart-lite access {tcp}		nessus,10298
WEB-MISC webfind.exe access {tcp}		nessus,10475
WEB-MISC active.log access {tcp}		cve,CAN-2000-0642
WEB-MISC robots.txt access {tcp}		nessus,10302
WEB-MISC robot.txt access {tcp}		nessus,10302
WEB-MISC CISCO PIX Firewall Manager directory traversal attempt {tcp}		nessus,10819
WEB-MISC Sun JavaServer default password login attempt {tcp}		nessus,10995
WEB-MISC Linksys router default password login attempt {tcp}		nessus,10999
WEB-MISC Linksys router default username and password login attempt {tcp}		nessus,10999
WEB-MISC NetGear router default password login attempt \(admin\:password\) {tcp}		nessus,11737
WEB-MISC Oracle XSQLConfig.xml access {tcp}		cve,CAN-2002-0568
WEB-MISC Oracle Dynamic Monitoring Services (dms) access {tcp}		nessus,10848
WEB-MISC globals.jsa access {tcp}		cve,CAN-2002-0562
WEB-MISC Oracle Java Process Manager access {tcp}		nessus,10851
WEB-MISC bad HTTP/1.1 request, Potentially worm attack {tcp}		url,securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html
WEB-MISC whisker space splice attack {tcp}		url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
WEB-MISC whisker tab splice attack {tcp}		url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
WEB-MISC apache chunked encoding memory corruption exploit attempt {tcp}		cve,CAN-2002-0392
WEB-MISC /Carello/add.exe access {tcp}		bugtraq,1245
WEB-MISC ion-p access {tcp}		bugtraq,6091
WEB-MISC SiteScope Service access {tcp}		nessus,10778
WEB-MISC perl post attempt {tcp}		nessus,11158
WEB-MISC TRACE attempt {tcp}		nessus,11213
WEB-MISC helpout.exe access {tcp}		nessus,11162
WEB-MISC MsmMask.exe attempt {tcp}		nessus,11163
WEB-MISC MsmMask.exe access {tcp}		nessus,11163
WEB-MISC DB4Web access {tcp}		nessus,11180
WEB-MISC Tomcat null byte directory listing attempt {tcp}		bugtraq,6721
WEB-MISC BitKeeper arbitrary command attempt {tcp}		bugtraq,6588
WEB-MISC chip.ini access {tcp}		cve,CAN-2001-0749
WEB-MISC post32.exe arbitrary command attempt {tcp}		bugtraq,1485
WEB-MISC post32.exe access {tcp}		bugtraq,1485
WEB-MISC lyris.pl access {tcp}		bugtraq,1584
WEB-MISC globals.pl access {tcp}		bugtraq,2671
WEB-MISC philboard.mdb access {tcp}		nessus,11682
WEB-MISC philboard_admin.asp authentication bypass attempt {tcp}		bugtraq,7739
WEB-MISC philboard_admin.asp access {tcp}		bugtraq,7739
WEB-MISC logicworks.ini access {tcp}		bugtraq,6996
WEB-MISC /*.shtml access {tcp}		nessus,11604
WEB-MISC mod_gzip_status access {tcp}		nessus,11685
WEB-MISC register.dll access {tcp}		nessus,11747
WEB-MISC ContentFilter.dll access {tcp}		nessus,11747
WEB-MISC SFNofitication.dll access {tcp}		nessus,11747
WEB-MISC TOP10.dll access {tcp}		nessus,11747
WEB-MISC SpamExcp.dll access {tcp}		nessus,11747
WEB-MISC spamrule.dll access {tcp}		nessus,11747
WEB-MISC cgiWebupdate.exe access {tcp}		nessus,11722
WEB-MISC WebLogic ConsoleHelp view source attempt {tcp}		nessus,11724
WEB-MISC redirect.exe access {tcp}		cve,CAN-2000-0401
WEB-MISC changepw.exe access {tcp}		cve,CAN-2000-0401
WEB-MISC cwmail.exe access {tcp}		nessus,11727
WEB-MISC ddicgi.exe access {tcp}		bugtraq,1657
WEB-MISC ndcgi.exe access {tcp}		nessus,11730
WEB-MISC VsSetCookie.exe access {tcp}		bugtraq,3784
WEB-MISC Webnews.exe access {tcp}		bugtraq,4124
WEB-MISC webadmin.dll access {tcp}		nessus,11771
WEB-MISC oracle portal demo access {tcp}		nessus,11918
WEB-MISC PeopleSoft PeopleBooks psdoccgi access {tcp}		bugtraq,9037
WEB-MISC negative Content-Length attempt {tcp}		bugtraq,9098
WEB-PHP bb_smilies.php access {tcp}		url,www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html
WEB-PHP content-disposition memchr overflow {tcp}		bugtraq,4183
WEB-PHP squirrel mail spell-check arbitrary command attempt {tcp}		bugtraq,3952
WEB-PHP squirrel mail theme arbitrary command attempt {tcp}		bugtraq,4385
WEB-PHP DNSTools administrator authentication bypass attempt {tcp}		bugtraq,4617
WEB-PHP DNSTools authentication bypass attempt {tcp}		bugtraq,4617
WEB-PHP DNSTools access {tcp}		bugtraq,4617
WEB-PHP Blahz-DNS dostuff.php modify user attempt {tcp}		bugtraq,4618
WEB-PHP Blahz-DNS dostuff.php access {tcp}		bugtraq,4618
WEB-PHP Messagerie supp_membre.php access {tcp}		bugtraq,4635
WEB-PHP php.exe access {tcp}		url,www.securitytracker.com/alerts/2002/Jan/1003104.html
WEB-PHP directory.php arbitrary command attempt {tcp}		cve,CAN-2002-0434
WEB-PHP directory.php access {tcp}		cve,CAN-2002-0434
WEB-PHP PHP-Wiki cross site scripting attempt {tcp}		bugtraq,5254
WEB-PHP phpbb quick-reply.php arbitrary command attempt {tcp}		bugtraq,6173
WEB-PHP phpbb quick-reply.php access {tcp}		bugtraq,6173
WEB-PHP read_body.php access attempt {tcp}		bugtraq,6302
WEB-PHP calendar.php access {tcp}		bugtraq,5820
WEB-PHP edit_image.php access {tcp}		cve,CVE-2001-1020
WEB-PHP readmsg.php access {tcp}		nessus,11073
WEB-PHP Phorum admin access {tcp}		arachnids,205
WEB-PHP piranha passwd.php3 access {tcp}		arachnids,272
WEB-PHP Phorum read access {tcp}		arachnids,208
WEB-PHP Phorum violation access {tcp}		arachnids,209
WEB-PHP Phorum code access {tcp}		arachnids,207
WEB-PHP admin.php file upload attempt {tcp}		bugtraq,3361
WEB-PHP admin.php access {tcp}		bugtraq,3361
WEB-PHP smssend.php access {tcp}		bugtraq,3982
WEB-PHP PHP-Nuke remote file include attempt {tcp}		bugtraq,3889
WEB-PHP Phorum authentication access {tcp}		arachnids,206
WEB-PHP strings overflow {tcp}		arachnids,431
WEB-PHP strings overflow {tcp}		bugtraq,1786
WEB-PHP PHPLIB remote command attempt {tcp}		bugtraq,3079
WEB-PHP PHPLIB remote command attempt {tcp}		bugtraq,3079
WEB-PHP Mambo uploadimage.php upload php file attempt {tcp}		bugtraq,6572
WEB-PHP Mambo upload.php upload php file attempt {tcp}		bugtraq,6572
WEB-PHP Mambo uploadimage.php access {tcp}		bugtraq,6572
WEB-PHP Mambo upload.php access {tcp}		bugtraq,6572
WEB-PHP phpBB privmsg.php access {tcp}		bugtraq,6634
WEB-PHP p-news.php access {tcp}		nessus,11669
WEB-PHP shoutbox.php directory traversal attempt {tcp}		nessus,11668
WEB-PHP shoutbox.php access {tcp}		nessus,11668
WEB-PHP b2 cafelog gm-2-b2.php remote command execution attempt {tcp}		nessus,11667
WEB-PHP b2 cafelog gm-2-b2.php access {tcp}		nessus,11667
WEB-PHP TextPortal admin.php default password (admin) attempt {tcp}		bugtraq,7673
WEB-PHP TextPortal admin.php default password (12345) attempt {tcp}		bugtraq,7673
WEB-PHP BLNews objects.inc.php4 remote command execution attempt {tcp}		bugtraq,7677
WEB-PHP BLNews objects.inc.php4 access {tcp}		bugtraq,7677
WEB-PHP Turba status.php access {tcp}		nessus,11646
WEB-PHP ttCMS header.php remote command execution attempt {tcp}		bugtraq,7543
WEB-PHP ttCMS header.php access {tcp}		bugtraq,7543
WEB-PHP test.php access {tcp}		nessus,11617
WEB-PHP autohtml.php directory traversal attempt {tcp}		nessus,11630
WEB-PHP autohtml.php access {tcp}		nessus,11630
WEB-PHP ttforum remote command execution attempt {tcp}		bugtraq,7542
WEB-PHP pmachine remote command execution attempt {tcp}		bugtraq,7919
WEB-PHP forum_details.php access {tcp}		bugtraq,7933
WEB-PHP phpMyAdmin db_details_importdocsql.php access {tcp}		bugtraq,7965
WEB-PHP viewtopic.php access {tcp}		bugtraq,7979
WEB-PHP UpdateClasses.php access {tcp}		bugtraq,9057
WEB-PHP Title.php access {tcp}		bugtraq,9057
WEB-PHP Setup.php access {tcp}		bugtraq,9057
WEB-PHP GlobalFunctions.php access {tcp}		bugtraq,9057
WEB-PHP DatabaseFunctions.php access {tcp}		bugtraq,9057
WEB-PHP rolis guestbook arbitrary command execution attempt {tcp}		bugtraq,9057
WEB-PHP rolis guestbook access {tcp}		bugtraq,9057
WEB-PHP friends.php access {tcp}		bugtraq,9088
WEB-PHP Advanced Poll admin_comment.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_edit.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_embed.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_help.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_license.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_logout.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_password.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_preview.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_settings.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_stats.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_templates_misc.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_templates.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_tpl_misc_new.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll admin_tpl_new.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll booth.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll poll_ssi.php access {tcp}		bugtraq,8890
WEB-PHP Advanced Poll popup.php access {tcp}		bugtraq,8890
WEB-PHP files.inc.php access {tcp}		bugtraq,8910
WEB-PHP chatbox.php access {tcp}		bugtraq,8930
WEB-PHP gallery arbitrary command execution attempt {tcp}		bugtraq,8814
WEB-PHP PayPal Storefront arbitrary command execution attempt {tcp}		bugtraq,8791
X11 MIT Magic Cookie detected {tcp}		arachnids,396
X11 xopen {tcp}		arachnids,395
