![[Silicon Defense logo]](SDlogo.gif)
|
SnortSnarf start pageAll Snort signaturesSnortSnarf v021111.1 |
| Signature section (71781) | Top 20 source IPs | Top 20 dest IPs |
| Priority | Signature (click for sig info) | # Alerts | # Sources | # Dests | Detail link |
| N/A | (snort_decoder) WARNING: TCP Header length exceeds packet length! | 1 | 1 | 1 | Summary |
| N/A | (snort_decoder): T/TCP Detected | 2443 | 53 | 1 | Summary |
| 3 | ICMP Destination Unreachable (Communication Administratively Prohibited) [sid] | 117 | 22 | 2 | Summary |
| 3 | ICMP PING speedera [sid] | 294 | 47 | 9 | Summary |
| 2 | WEB-MISC /doc/ access [sid] [BUGTRAQ] | 1 | 1 | 1 | Summary |
| 2 | ATTACK RESPONSES id check returned root [sid] | 1 | 1 | 1 | Summary |
| 2 | WEB-IIS ISAPI .printer access [sid] [arachNIDS] | 1 | 1 | 1 | Summary |
| 2 | WEB-MISC login.htm access [sid] [CVE] | 2 | 2 | 1 | Summary |
| 2 | DOS ath [sid] [arachNIDS] | 3 | 1 | 3 | Summary |
| 2 | SCAN nmap TCP [sid] [arachNIDS] | 3 | 3 | 1 | Summary |
| 2 | WEB-IIS encoding access [sid] [arachNIDS] | 3 | 1 | 1 | Summary |
| 2 | WEB-MISC webdav search access [sid] [arachNIDS] | 4 | 1 | 1 | Summary |
| 2 | FTP passwd retreval attempt [sid] [arachNIDS] | 5 | 1 | 1 | Summary |
| 2 | DNS zone transfer TCP [sid] [arachNIDS] | 9 | 1 | 1 | Summary |
| 2 | ICMP L3retriever Ping [sid] [arachNIDS] | 14 | 4 | 2 | Summary |
| 2 | RPC portmap request mountd [sid] [arachNIDS] | 15 | 1 | 1 | Summary |
| 2 | RPC portmap listing TCP 111 [sid] [arachNIDS] | 18 | 1 | 1 | Summary |
| 2 | RPC mountd TCP mount request [sid] | 18 | 1 | 1 | Summary |
| 2 | RPC portmap request NFS UDP [sid] | 18 | 1 | 1 | Summary |
| 2 | ATTACK RESPONSES 403 Forbidden [sid] | 22 | 1 | 8 | Summary |
| 2 | WEB-CGI calendar access [sid] | 23 | 8 | 1 | Summary |
| 2 | WEB-MISC bad HTTP/1.1 request, Potentially worm attack [securityresponse.symantec.com] [sid] | 27 | 10 | 2 | Summary |
| 2 | WEB-IIS view source via translate header [sid] [arachNIDS] | 44 | 7 | 2 | Summary |
| 2 | WEB-MISC robots.txt access [cgi.nessus.org] [sid] | 54 | 14 | 1 | Summary |
| 2 | WEB-IIS _mem_bin access [sid] | 72 | 25 | 1 | Summary |
| 2 | WEB-FRONTPAGE /_vti_bin/ access [sid] | 75 | 27 | 1 | Summary |
| 2 | WEB-MISC apache DOS attempt [sid] | 80 | 1 | 1 | Summary |
| 2 | ICMP Source Quench [sid] | 81 | 8 | 1 | Summary |
| 2 | BAD TRAFFIC loopback traffic [rr.sans.org] [sid] | 87 | 1 | 9 | Summary |
| 2 | SNMP missing community string attempt [sid] [CVE] | 120 | 1 | 1 | Summary |
| 2 | ICMP superscan echo [sid] | 265 | 7 | 66 | Summary |
| 2 | ICMP Large ICMP Packet [sid] [arachNIDS] | 634 | 77 | 5 | Summary |
| 2 | ICMP PING NMAP [sid] [arachNIDS] | 767 | 16 | 210 | Summary |
| 2 | SNMP public access udp [sid] [CVE] | 1818 | 1 | 1 | Summary |
| 2 | WEB-MISC http directory traversal [sid] [arachNIDS] | 6627 | 3 | 1 | Summary |
| 2 | SNMP request udp [sid] [CVE] | 50696 | 1 | 1 | Summary |
| 1 | FTP CWD overflow attempt [sid] [CVE] | 1 | 1 | 1 | Summary |
| 1 | FTP format string attempt [sid] | 1 | 1 | 1 | Summary |
| 1 | WEB-MISC Transfer-Encoding: chunked [sid] [BUGTRAQ] | 2 | 2 | 1 | Summary |
| 1 | WEB-PHP content-disposition [sid] [BUGTRAQ] | 4 | 1 | 1 | Summary |
| 1 | SMTP HELO overflow attempt [sid] [CVE] | 28 | 25 | 1 | Summary |
| 1 | WEB-MISC Apache Chunked-Encoding worm attempt [sid] [BUGTRAQ] | 42 | 2 | 1 | Summary |
| 1 | WEB-IIS WEBDAV nessus safe scan attempt [sid] [BUGTRAQ] | 64 | 23 | 2 | Summary |
| 1 | WEB-IIS CodeRed v2 root.exe access [www.cert.org] [sid] | 165 | 30 | 1 | Summary |
| 1 | WEB-IIS multiple decode attempt [sid] [CVE] | 192 | 23 | 1 | Summary |
| 1 | WEB-MISC cross site scripting attempt [sid] | 271 | 1 | 1 | Summary |
| 1 | WEB-IIS ISAPI .ida attempt [sid] [arachNIDS] | 358 | 269 | 1 | Summary |
| 1 | WEB-IIS unicode directory traversal attempt [sid] [CVE] | 2649 | 181 | 2 | Summary |
| 1 | WEB-IIS cmd.exe access [sid] | 3542 | 857 | 2 | Summary |