| Home Prev |  cOS Core 15.00.02 Administration Guide
|
Next |
|---|
For IDP scanning, the following signature groups are available for selection. The signature group names listed below are in the form:
group_subgroupThe Type value of IDS, IPS or Policy for each entry is not given in the list because the entry may exist with more than one type.
https://www.clavister.com/advisories/idp
For further information about using these signatures, see Section 7.8, Intrusion Detection and Prevention.
| Group Name | Intrusion Type |
|---|---|
| APP_AMANDA | Amanda, a popular backup software |
| APP_ETHEREAL | Ethereal |
| APP_ITUNES | Apple iTunes player |
| APP_REALPLAYER | Media player from RealNetworks |
| APP_REALSERVER | RealNetworks RealServer player |
| APP_WINAMP | WinAMP |
| APP_WMP | MS Windows Media Player |
| AUTHENTICATION_GENERAL | Authenticantion |
| AUTHENTICATION_KERBEROS | Kerberos |
| AUTHENTICATION_XTACACS | XTACACS |
| BACKUP_ARKEIA | Network backup solution |
| BACKUP_BRIGHTSTOR | Backup solutions from CA |
| BACKUP_GENERAL | General backup solutions |
| BACKUP_NETVAULT | NetVault Backup solution |
| BACKUP_VERITAS | Backup solutions |
| BOT_GENERAL | Activities related to bots, including those controlled by IRC channels |
| BROWSER_FIREFOX | Mozilla Firefox |
| BROWSER_GENERAL | General attacks targeting web browsers/clients |
| BROWSER_IE | Microsoft IE |
| BROWSER_MOZILLA | Mozilla Browser |
| COMPONENT_ENCODER | Encoders, as part of an attack. |
| COMPONENT_INFECTION | Infection, as part of an attack |
| COMPONENT_SHELLCODE | Shell code, as part of the attacks |
| DB_GENERAL | Database systems |
| DB_MSSQL | MS SQL Server |
| DB_MYSQL | MySQL DBMS |
| DB_ORACLE | Oracle DBMS |
| DB_SYBASE | Sybase server |
| DCOM_GENERAL | MS DCOM |
| DHCP_CLIENT | DHCP Client related activities |
| DHCP_GENERAL | DHCP protocol |
| DHCP_SERVER | DHCP Server related activities |
| DNS_EXPLOIT | DNS attacks |
| DNS_GENERAL | Domain Name Systems |
| DNS_OVERFLOW | DNS overflow attack |
| DNS_QUERY | Query related attacks |
| ECHO_GENERAL | Echo protocol and implementations |
| ECHO_OVERFLOW | Echo buffer overflow |
| FINGER_BACKDOOR | Finger backdoor |
| FINGER_GENERAL | Finger protocol and implementation |
| FINGER_OVERFLOW | Overflow for Finger protocol/implementation |
| FS_AFS | Andrew File System |
| FTP_DIRNAME | Directory name attack |
| FTP_FORMATSTRING | Format string attack |
| FTP_GENERAL | FTP protocol and implementation |
| FTP_LOGIN | Login attacks |
| FTP_OVERFLOW | FTP buffer overflow |
| GAME_BOMBERCLONE | Bomberclone game |
| GAME_GENERAL | Generic game servers/clients |
| GAME_UNREAL | UnReal Game server |
| HTTP_APACHE | Apache httpd |
| HTTP_BADBLUE | Badblue web server |
| HTTP_CGI | HTTP CGI |
| HTTP_CISCO | Cisco Embedded Web Server |
| HTTP_GENERAL | General HTTP activities |
| HTTP_MICROSOFTIIS | HTTP Attacks specific to MS IIS web server |
| HTTP_OVERFLOWS | Buffer overflow for HTTP servers |
| HTTP_TOMCAT | Tomcat JSP |
| ICMP_GENERAL | ICMP protocol and implementation |
| IGMP_GENERAL | IGMP |
| IMAP_GENERAL | IMAP protocol/implementation |
| IM_AOL | AOL IM |
| IM_GENERAL | Instant Messenger implementations |
| IM_MSN | MSN Messenger |
| IM_YAHOO | Yahoo Messenger |
| IP_GENERAL | IP protocol and implementation |
| IP_OVERFLOW | Overflow of IP protocol/implementation |
| IRC_GENERAL | Internet Relay Chat |
| LDAP_GENERAL | General LDAP clients/servers |
| LDAP_OPENLDAP | Open LDAP |
| LICENSE_CA-LICENSE | License management for CA software |
| LICENSE_GENERAL | General License Manager |
| MALWARE_GENERAL | Malware attack |
| METASPLOIT_FRAME | Metasploit frame attack |
| METASPLOIT_GENERAL | Metasploit general attack |
| MISC_GENERAL | General attack |
| MSDTC_GENERAL | MS DTC |
| MSHELP_GENERAL | Microsoft Windows Help |
| NETWARE_GENERAL | NetWare Core Protocol |
| NFS_FORMAT | Format |
| NFS_GENERAL | NFS protocol/implementation |
| NNTP_GENERAL | NNTP implementation/protocol |
| OS_SPECIFIC-AIX | AIX specific |
| OS_SPECIFIC-GENERAL | OS general |
| OS_SPECIFIC-HPUX | HP-UX related |
| OS_SPECIFIC-LINUX | Linux specific |
| OS_SPECIFIC-SCO | SCO specific |
| OS_SPECIFIC-SOLARIS | Solaris specific |
| OS_SPECIFIC-WINDOWS | Windows specific |
| P2P_EMULE | eMule P2P tool |
| P2P_GENERAL | General P2P tools |
| P2P_GNUTELLA | Gnutella P2P tool |
| PACKINGTOOLS_GENERAL | General packing tools attack |
| PBX_GENERAL | PBX |
| POP3_DOS | Denial of Service for POP |
| POP3_GENERAL | Post Office Protocol v3 |
| POP3_LOGIN-ATTACKS | Password guessing and related login attack |
| POP3_OVERFLOW | POP3 server overflow |
| POP3_REQUEST-ERRORS | Request Error |
| PORTMAPPER_GENERAL | PortMapper |
| PRINT_GENERAL | LP printing server: LPR LPD |
| PRINT_OVERFLOW | Overflow of LPR/LPD protocol/implementation |
| REMOTEACCESS_GOTOMYPC | Goto MY PC |
| REMOTEACCESS_PCANYWHERE | PcAnywhere |
| REMOTEACCESS_RADMIN | Remote Administrator (radmin) |
| REMOTEACCESS_VNC-CLIENT | Attacks targeting at VNC Clients |
| REMOTEACCESS_VNC-SERVER | Attack targeting at VNC servers |
| REMOTEACCESS_WIN-TERMINAL | Windows terminal/Remote Desktop |
| RLOGIN_GENERAL | RLogin protocol and implementation |
| RLOGIN_LOGIN-ATTACK | Login attacks |
| ROUTER_CISCO | Cisco router attack |
| ROUTER_GENERAL | General router attack |
| ROUTING_BGP | BGP router protocol |
| RPC_GENERAL | RFC protocol and implementation |
| RPC_JAVA-RMI | Java RMI |
| RSYNC_GENERAL | Rsync |
| SCANNER_GENERAL | Generic scanners |
| SCANNER_NESSUS | Nessus Scanner |
| SECURITY_GENERAL | Anti-virus solutions |
| SECURITY_ISS | Internet Security Systems software |
| SECURITY_MCAFEE | McAfee |
| SECURITY_NAV | Symantec AV solution |
| SMB_ERROR | SMB Error |
| SMB_EXPLOIT | SMB Exploit |
| SMB_GENERAL | SMB attacks |
| SMB_NETBIOS | NetBIOS attacks |
| SMB_WORMS | SMB worms |
| SMTP_COMMAND-ATTACK | SMTP command attack |
| SMTP_DOS | Denial of Service for SMTP |
| SMTP_GENERAL | SMTP protocol and implementation |
| SMTP_OVERFLOW | SMTP Overflow |
| SMTP_SPAM | SPAM |
| SNMP_ENCODING | SNMP encoding |
| SNMP_GENERAL | SNMP protocol/implementation |
| SOCKS_GENERAL | SOCKS protocol and implementation |
| SSH_GENERAL | SSH protocol and implementation |
| SSH_LOGIN-ATTACK | Password guess and related login attacks |
| SSH_OPENSSH | OpenSSH Server |
| SSL_GENERAL | SSL protocol and implementation |
| TCP_GENERAL | TCP protocol and implementation |
| TCP_PPTP | Point-to-Point Tunneling Protocol |
| TELNET_GENERAL | Telnet protocol and implementation |
| TELNET_OVERFLOW | Telnet buffer overflow attack |
| TFTP_DIR_NAME | Directory Name attack |
| TFTP_GENERAL | TFTP protocol and implementation |
| TFTP_OPERATION | Operation Attack |
| TFTP_OVERFLOW | TFTP buffer overflow attack |
| TFTP_REPLY | TFTP Reply attack |
| TFTP_REQUEST | TFTP request attack |
| TROJAN_GENERAL | Trojan |
| UDP_GENERAL | General UDP |
| UDP_POPUP | Pop-up window for MS Windows |
| UPNP_GENERAL | UPNP |
| VERSION_CVS | CVS |
| VERSION_SVN | Subversion |
| VIRUS_GENERAL | Virus |
| VOIP_GENERAL | VoIP protocol and implementation |
| VOIP_SIP | SIP protocol and implementation |
| WEB_CF-FILE-INCLUSION | Coldfusion file inclusion |
| WEB_FILE-INCLUSION | File inclusion |
| WEB_GENERAL | Web application attacks |
| WEB_JSP-FILE-INCLUSION | JSP file inclusion |
| WEB_PACKAGES | Popular web application packages |
| WEB_PHP-XML-RPC | PHP XML RPC |
| WEB_SQL-INJECTION | SQL Injection |
| WEB_XSS | Cross-Site-Scripting |
| WINS_GENERAL | MS WINS Service |
| WORM_GENERAL | Worms |
| X_GENERAL | Generic X applications |
