Articles Articles Most Popular Articles Most Popular Articles Most Helpful Articles Most Helpful Articles
DrillDown Icon Table of Contents
DrillDown Icon Home
DrillDown Icon Cyberoam Security Appliances (UTM and NGFW)
DrillDown Icon Common Criteria (EAL4+) Compliant CyberoamOS
DrillDown Icon Version 10.X
DrillDown Icon Version 9.x
DrillDown Icon IPS Release Notes
DrillDown Icon Version 3.XX.XX
DrillDown Icon Version 5.XX.XX
DrillDown Icon Archive (V 5.11.48 - V 5.10.92)
DrillDown Icon IPS Archive (V 3.0.91 and below)
DrillDown Icon V 3.0.91
DrillDown Icon V 3.0.90
DrillDown Icon V 3.0.89
DrillDown Icon V 3.0.88
DrillDown Icon V 3.0.87
DrillDown Icon V 3.0.86
DrillDown Icon V 3.0.85
DrillDown Icon V 3.0.84
DrillDown Icon V 3.0.83
DrillDown Icon V 3.0.82
DrillDown Icon V 3.0.81
DrillDown Icon V 3.0.80
DrillDown Icon V 3.0.79
DrillDown Icon V 3.0.78
DrillDown Icon V 3.0.77
DrillDown Icon V 3.0.76
DrillDown Icon V 3.0.75
DrillDown Icon V 3.0.74
DrillDown Icon V 3.0.73
DrillDown Icon V 3.0.72
DrillDown Icon V 3.0.71
DrillDown Icon V 3.0.70
DrillDown Icon V 3.0.69
DrillDown Icon V 3.0.68
DrillDown Icon V 3.0.67
DrillDown Icon V 3.0.66
DrillDown Icon V 3.0.65
DrillDown Icon V 3.0.64
DrillDown Icon V 3.0.63
DrillDown Icon V 3.0.62
DrillDown Icon V 3.0.61
DrillDown Icon V 3.0.60
DrillDown Icon V 3.0.59
DrillDown Icon V 3.0.58
DrillDown Icon V 3.0.57
DrillDown Icon V 3.0.56
DrillDown Icon V 3.0.55
DrillDown Icon V 3.0.54
DrillDown Icon V 3.0.53
DrillDown Icon V 3.0.52
DrillDown Icon V 3.0.51
DrillDown Icon V 3.0.50
DrillDown Icon V 3.0.49
DrillDown Icon V 3.0.48
DrillDown Icon V 3.0.47
DrillDown Icon V 3.0.46
DrillDown Icon V 3.0.45
DrillDown Icon V 3.0.44
DrillDown Icon V 3.0.43
DrillDown Icon V 3.0.42
DrillDown Icon V 3.0.41
DrillDown Icon V 3.0.40
DrillDown Icon V 3.0.39
DrillDown Icon V 3.0.38
DrillDown Icon V 3.0.37
DrillDown Icon V 3.0.36
DrillDown Icon V 3.0.35
DrillDown Icon V 3.0.34
DrillDown Icon V 3.0.33
DrillDown Icon V 3.0.32
DrillDown Icon V 3.0.31
DrillDown Icon V 3.0.30
DrillDown Icon V 3.0.28
DrillDown Icon V 3.0.27
DrillDown Icon V 3.0.26
DrillDown Icon V 3.0.25
DrillDown Icon V 3.0.24
DrillDown Icon V 3.0.23
DrillDown Icon V 3.0.22
DrillDown Icon V 3.0.20
DrillDown Icon V 3.0.19
DrillDown Icon V 3.0.18
DrillDown Icon V 3.0.17
DrillDown Icon V 3.0.16
DrillDown Icon V 3.0.15
DrillDown Icon V 3.0.14
DrillDown Icon V 3.0.13
DrillDown Icon V 3.0.12
DrillDown Icon V 3.0.11
DrillDown Icon V 3.0.10
DrillDown Icon V 3.0.9
DrillDown Icon V 3.0.8
DrillDown Icon V 3.0.7
DrillDown Icon V 3.0.6
DrillDown Icon V 3.0.5
DrillDown Icon V 3.0.4
DrillDown Icon V 2.4.57
DrillDown Icon V 2.4.56
DrillDown Icon V 2.4.55
DrillDown Icon V 2.4.54
DrillDown Icon V 2.4.53
DrillDown Icon V 2.4.52
DrillDown Icon V 2.4.51
DrillDown Icon V 2.4.50
DrillDown Icon V 2.4.49
DrillDown Icon V 2.4.48
DrillDown Icon V 2.4.47
DrillDown Icon V 2.4.45
DrillDown Icon V 2.4.44
DrillDown Icon V 2.4.42
DrillDown Icon V 2.4.41
DrillDown Icon V 2.4.40
DrillDown Icon V 2.4.39
DrillDown Icon V 2.4.38
DrillDown Icon V 2.4.37
DrillDown Icon V 2.4.36
DrillDown Icon V 2.4.35
DrillDown Icon V 2.4.34
DrillDown Icon V 2.4.33
DrillDown Icon V 2.4.32
DrillDown Icon V 2.4.31
DrillDown Icon V 2.4.30
DrillDown Icon IPS Archive (V 3.11.48 to V3.10.94)
DrillDown Icon Application Filter Release Notes
DrillDown Icon Cyberoam Migration Assistant Guide
DrillDown Icon Cyberoam Virtual Appliances
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
DrillDown Icon Open Source iView – Logging & Reporting
DrillDown Icon Clients
  Email This ArticlePrintPrint Current Article and All Sub-Articles
 
V 2.4.40
Release Date
12th October, 2009 

Release Information

Upgrade Applicable on: IPS Signature Database V 2.4.39

Upgrade Information

Upgrade type:   Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above
                       Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier

Manual Upgrade procedure

1.       Download upgrade fromhttp://download.cyberoam.com/ips
2.       Log on to Cyberoam Web Admin console 
3.       Go to menu Help> Upload Upgrade and upload the file downloaded in step 1
4.       Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions.

Compatibility issues: None

 Introduction
 
This document contains the release notes for IPS Signature Database version 2.4.40. Release includes removal of obsolete signatures as well as includes support for new signatures. The following sections describe the release in details.

New Signatures

The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at idpsignature@cyberoam.com along with the application used.

Total signatures added: 9
Risk level: High

New signatures are added for the following vulnerabilities:  
                              

Name

Category

Freegate Utility - DNS Resolve Attempt

http://idp.cyberoam.com/signatures/1100780.html

Cyberoam-signatures

Gtunnel Proxy Attempt

http://idp.cyberoam.com/signatures/1100782.html

Cyberoam-signatures

Gtunnel Utility - DNS Resolve Attempt

 http://idp.cyberoam.com/signatures/1100781.html

Cyberoam-signatures

External SOCK4 Attempt – Stream

http://idp.cyberoam.com/signatures/1100783.html

Cyberoam-signatures

External SOCK4 Attempt

http://idp.cyberoam.com/signatures/1100784.html

Cyberoam-signatures

External SOCK4 Attempt – Portbinding

http://idp.cyberoam.com/signatures/1100785.html

Cyberoam-signatures

External SOCK5 Attempt – Stream

http://idp.cyberoam.com/signatures/1100786.html

Cyberoam-signatures

External SOCK5 Attempt – Portbinding

http://idp.cyberoam.com/signatures/1100787.html

Cyberoam-signatures

External SOCK5 Attempt

http://idp.cyberoam.com/signatures/1100788.html

Cyberoam-signatures

 
 

Removal of Obsolete Signatures

Total signatures removed: 256
Risk level: Low                     
Signatures removed for the following vulnerabilities:
 
 
 

Name

Category

WEB-IIS cross-site scripting attempt

http://idp.cyberoam.com/signatures/1007.html

web access

WEB-IIS encoding access

http://idp.cyberoam.com/signatures/1010.html

web access

WEB-IIS scripts-browse access

http://idp.cyberoam.com/signatures/1029.html

web access

WEB-IIS Unauthorized IP Access Attempt

http://idp.cyberoam.com/signatures/1045.html

web access

WEB-MISC ftp attempt

http://idp.cyberoam.com/signatures/1057.html

web access

WEB-MISC xp_enumdsn attempt

http://idp.cyberoam.com/signatures/1058.html

web access

WEB-MISC xp_filelist attempt

http://idp.cyberoam.com/signatures/1059.html

web access

WEB-MISC xp_availablemedia attempt

http://idp.cyberoam.com/signatures/1060.html

web access

WEB-MISC xp_cmdshell attempt

http://idp.cyberoam.com/signatures/1061.html

web access

WEB-MISC xp_regread attempt

http://idp.cyberoam.com/signatures/1069.html

web access

BACKDOOR subseven DEFCON8 2.1 access

http://idp.cyberoam.com/signatures/107.html

backdoor

WEB-IIS postinfo.asp access

http://idp.cyberoam.com/signatures/1075.html

web access

WEB-IIS repost.asp access

http://idp.cyberoam.com/signatures/1076.html

web access

WEB-MISC queryhit.htm access

http://idp.cyberoam.com/signatures/1077.html

web access

WEB-MISC counter.exe access

http://idp.cyberoam.com/signatures/1078.html

web access

WEB-MISC whisker tab splice attack

http://idp.cyberoam.com/signatures/1087.html

web access

SCAN nmap XMAS

http://idp.cyberoam.com/signatures/1228.html

network attacks and anomaly

WEB-IIS ISAPI .ida access

http://idp.cyberoam.com/signatures/1242.html

web access

TELNET bsd exploit client finishing

http://idp.cyberoam.com/signatures/1253.html

telnet

DOS Winnuke attack

http://idp.cyberoam.com/signatures/1257.html

network attacks and anomaly

WEB-CGI store.cgi product directory traversal attempt

http://idp.cyberoam.com/signatures/1306.html

web access

WEB-CGI zsh access

http://idp.cyberoam.com/signatures/1309.html

web access

BAD-TRAFFIC 0 ttl

http://idp.cyberoam.com/signatures/1321.html

network attacks and anomaly

BAD-TRAFFIC bad frag bits

http://idp.cyberoam.com/signatures/1322.html

network attacks and anomaly

EXPLOIT ssh CRC32 overflow filler

http://idp.cyberoam.com/signatures/1325.html

exploit

FTP wu-ftp bad file completion attempt

http://idp.cyberoam.com/signatures/1378.html

ftp

WEB-IIS cross-site scripting attempt

http://idp.cyberoam.com/signatures/1380.html

web access

WEB-PHP PHP-Nuke remote file include attempt

http://idp.cyberoam.com/signatures/1399.html

web access

SNMP public access udp

http://idp.cyberoam.com/signatures/1411.html

snmp

SNMP request udp

http://idp.cyberoam.com/signatures/1417.html

snmp

SHELLCODE x86 0xEB0C NOOP

http://idp.cyberoam.com/signatures/1424.html

shellcode

WEB-PHP content-disposition

http://idp.cyberoam.com/signatures/1425.html

web access

TELNET Solaris memory mismanagement exploit attempt

http://idp.cyberoam.com/signatures/1430.html

telnet

BAD-TRAFFIC syn to multicast address

http://idp.cyberoam.com/signatures/1431.html

network attacks and anomaly

ATTACK-RESPONSES oracle one hour install

http://idp.cyberoam.com/signatures/1464.html

network attacks and anomaly

WEB-IIS mkilog.exe access

http://idp.cyberoam.com/signatures/1485.html

web access

WEB-IIS ctss.idc access

http://idp.cyberoam.com/signatures/1486.html

web access

WEB-MISC cross site scripting attempt

http://idp.cyberoam.com/signatures/1497.html

web access

WEB-MISC Cisco /%% DOS attempt

http://idp.cyberoam.com/signatures/1546.html

web access

BAD-TRAFFIC Unassigned/Reserved IP protocol

http://idp.cyberoam.com/signatures/1627.html

network attacks and anomaly

DOS DB2 dos attempt

http://idp.cyberoam.com/signatures/1641.html

network attacks and

anomaly

WEB-IIS trace.axd access

http://idp.cyberoam.com/signatures/1660.html

web access

ORACLE select union attempt

http://idp.cyberoam.com/signatures/1676.html

dbms

ORACLE select like '%' attempt

http://idp.cyberoam.com/signatures/1677.html

dbms

ORACLE select like '%' attempt backslash escaped

http://idp.cyberoam.com/signatures/1678.html

dbms

ORACLE describe attempt

http://idp.cyberoam.com/signatures/1679.html

dbms

ORACLE all_constraints access

http://idp.cyberoam.com/signatures/1680.html

dbms

ORACLE all_views access

http://idp.cyberoam.com/signatures/1681.html

dbms

ORACLE all_source access

http://idp.cyberoam.com/signatures/1682.html

dbms

ORACLE all_tables access

http://idp.cyberoam.com/signatures/1683.html

dbms

ORACLE all_tab_columns access

http://idp.cyberoam.com/signatures/1684.html

dbms

ORACLE all_tab_privs access

http://idp.cyberoam.com/signatures/1685.html

dbms

ORACLE dba_tablespace access

http://idp.cyberoam.com/signatures/1686.html

dbms

ORACLE dba_tables access

http://idp.cyberoam.com/signatures/1687.html

dbms

ORACLE user_tablespace access

http://idp.cyberoam.com/signatures/1688.html

dbms

ORACLE sys.all_users access

http://idp.cyberoam.com/signatures/1689.html

dbms

ORACLE grant attempt

http://idp.cyberoam.com/signatures/1690.html

dbms

ORACLE ALTER USER attempt

http://idp.cyberoam.com/signatures/1691.html

dbms

ORACLE drop table attempt

http://idp.cyberoam.com/signatures/1692.html

dbms

ORACLE create table attempt

http://idp.cyberoam.com/signatures/1693.html

dbms

ORACLE alter table attempt

http://idp.cyberoam.com/signatures/1694.html

dbms

ORACLE truncate table attempt

http://idp.cyberoam.com/signatures/1695.html

dbms

ORACLE create database attempt

http://idp.cyberoam.com/signatures/1696.html

dbms

ORACLE alter database attempt

http://idp.cyberoam.com/signatures/1697.html

dbms

WEB-CGI calendar-admin.pl access

http://idp.cyberoam.com/signatures/1701.html

web access

WEB-IIS users.xml access

http://idp.cyberoam.com/signatures/1750.html

web access

WEB-IIS as_web.exe access

http://idp.cyberoam.com/signatures/1753.html

web access

WEB-IIS as_web4.exe access

http://idp.cyberoam.com/signatures/1754.html

web access

WEB-IIS pbserver access

http://idp.cyberoam.com/signatures/1772.html

web access

NNTP return code buffer overflow attempt

http://idp.cyberoam.com/signatures/1792.html

nntp

WEB-IIS .asa HTTP header buffer overflow attempt

http://idp.cyberoam.com/signatures/1802.html

web access

WEB-IIS .cer HTTP header buffer overflow attempt

http://idp.cyberoam.com/signatures/1803.html

web access

WEB-IIS .cdx HTTP header buffer overflow attempt

http://idp.cyberoam.com/signatures/1804.html

web access

WEB-MISC mailman cross site scripting attempt

http://idp.cyberoam.com/signatures/1839.html

web access

WEB-CLIENT Javascript URL host spoofing attempt

http://idp.cyberoam.com/signatures/1841.html

web client access

FTP SITE NEWER attempt

http://idp.cyberoam.com/signatures/1864.html

ftp

MISC xdmcp info query

http://idp.cyberoam.com/signatures/1867.html

web access

ATTACK-RESPONSES id check returned userid

http://idp.cyberoam.com/signatures/1882.html

network attacks and anomaly

SCAN UPnP service discover attempt

http://idp.cyberoam.com/signatures/1917.html

network attacks and anomaly

RPC portmap proxy attempt UDP

http://idp.cyberoam.com/signatures/1923.html

rpc

DNS zone transfer UDP

http://idp.cyberoam.com/signatures/1948.html

dns

FTP DELE overflow attempt

http://idp.cyberoam.com/signatures/1975.html

ftp

MISC CVS missing cvsroot response

http://idp.cyberoam.com/signatures/2012.html

web access

WEB-MISC Lotus Notes .csp script source download attempt

http://idp.cyberoam.com/signatures/2064.html

web access

WEB-MISC Lotus Notes .csp script source download attempt

http://idp.cyberoam.com/signatures/2065.html

web access

WEB-MISC Lotus Notes .pl script source download attempt

http://idp.cyberoam.com/signatures/2066.html

web access

WEB-MISC Lotus Notes .exe script source download attempt

http://idp.cyberoam.com/signatures/2067.html

web access

WEB-IIS WEBDAV exploit attempt

http://idp.cyberoam.com/signatures/2090.html

web access

WEB-IIS Battleaxe Forum login.asp access

http://idp.cyberoam.com/signatures/2117.html

web access

FTP CWD Root directory transversal attempt

http://idp.cyberoam.com/signatures/2125.html

ftp

WEB-IIS MS BizTalk server access

http://idp.cyberoam.com/signatures/2133.html

web access

WEB-IIS register.asp access

http://idp.cyberoam.com/signatures/2134.html

web access

BAD-TRAFFIC IP Proto 53 SWIPE

http://idp.cyberoam.com/signatures/2186.html

network attacks and anomaly

BAD-TRAFFIC IP Proto 55 IP Mobility

http://idp.cyberoam.com/signatures/2187.html

network attacks and anomaly

BAD-TRAFFIC IP Proto 77 Sun ND

http://idp.cyberoam.com/signatures/2188.html

network attacks and anomaly

BAD-TRAFFIC IP Proto 103 PIM

http://idp.cyberoam.com/signatures/2189.html

network attacks and anomaly

IMAP login brute force attempt

http://idp.cyberoam.com/signatures/2273.html

imap

POP3 login brute force attempt

http://idp.cyberoam.com/signatures/2274.html

Pop

SHELLCODE x86 0x71FB7BAB NOOP

http://idp.cyberoam.com/signatures/2312.html

shellcode

SHELLCODE x86 0x71FB7BAB NOOP unicode

http://idp.cyberoam.com/signatures/2313.html

shellcode

NETBIOS DCERPC ISystemActivator path overflow attempt little

endian unicode

http://idp.cyberoam.com/signatures/2351.html

netbios

NETBIOS DCERPC ISystemActivator path overflow attempt big endian unicode

http://idp.cyberoam.com/signatures/2352.html

netbios

WEB-MISC schema overflow attempt

http://idp.cyberoam.com/signatures/2381.html

web access

NETBIOS SMB Session Setup AndX request username overflow attempt

http://idp.cyberoam.com/signatures/2401.html

netbios

NETBIOS SMB-DS Session Setup AndX request username overflow attempt

http://idp.cyberoam.com/signatures/2402.html

netbios

NETBIOS SMB Session Setup AndX request unicode username overflow attempt

http://idp.cyberoam.com/signatures/2403.html

netbios

NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt

http://idp.cyberoam.com/signatures/2404.html

netbios

DDOS shaft synflood

http://idp.cyberoam.com/signatures/241.html

network attacks and anomaly

WEB-CGI MDaemon form2raw.cgi overflow attempt

http://idp.cyberoam.com/signatures/2433.html

web access

WEB-CLIENT RealPlayer arbitrary javascript command attempt

http://idp.cyberoam.com/signatures/2437.html

web client access

WEB-CLIENT RealPlayer playlist file URL overflow attempt

http://idp.cyberoam.com/signatures/2438.html

web client access

WEB-CLIENT RealPlayer playlist http URL overflow attempt

http://idp.cyberoam.com/signatures/2439.html

web client access

WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt

http://idp.cyberoam.com/signatures/2440.html

web client access

DDOS mstream handler to client

http://idp.cyberoam.com/signatures/250.html

network attacks and anomaly

NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt

http://idp.cyberoam.com/signatures/2514.html

netbios

WEB-MISC PCT Client_Hello overflow attempt

http://idp.cyberoam.com/signatures/2515.html

web access

FTP MDTM overflow attempt

http://idp.cyberoam.com/signatures/2546.html

ftp

MISC HP Web JetAdmin remote file upload

attempthttp://idp.cyberoam.com/signatures/2547.html

web access

MISC HP Web JetAdmin setinfo access

http://idp.cyberoam.com/signatures/2548.html

web access

DNS zone transfer TCP

http://idp.cyberoam.com/signatures/255.html

dns

WEB-MISC server negative Content-Length attempt

http://idp.cyberoam.com/signatures/2580.html

web access

SMTP MAIL FROM overflow attempt

http://idp.cyberoam.com/signatures/2590.html

smtp

WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt

http://idp.cyberoam.com/signatures/2656.html

web access

WEB-MISC SSLv2 Client_Hello with pad Challenge Length

overflow attempt

http://idp.cyberoam.com/signatures/2657.html

web access

WEB-CLIENT JPEG parser heap overflow attempt

http://idp.cyberoam.com/signatures/2705.html

web client access

WEB-CLIENT JPEG parser multipacket heap overflow

http://idp.cyberoam.com/signatures/2707.html

web client access

DOS UDP echo+chargen bomb

http://idp.cyberoam.com/signatures/271.html

network attacks and anomaly

DOS NAPTHA

http://idp.cyberoam.com/signatures/275.html

network attacks and anomaly

DOS Real Server template.html

http://idp.cyberoam.com/signatures/277.html

network attacks and anomaly

DOS Real Server template.html

http://idp.cyberoam.com/signatures/278.html

network attacks and anomaly

DOS Bay/Nortel Nautica Marlin

http://idp.cyberoam.com/signatures/279.html

network attacks and anomaly

POP2 x86 Linux overflow

http://idp.cyberoam.com/signatures/284.html

pop

POP2 x86 Linux overflow

http://idp.cyberoam.com/signatures/285.html

pop

DNS UDP inverse query

http://idp.cyberoam.com/signatures/2921.html

dns

DNS TCP inverse query

http://idp.cyberoam.com/signatures/2922.html

dns

NNTP XPAT pattern overflow attempt

http://idp.cyberoam.com/signatures/2927.html

nntp

NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt

http://idp.cyberoam.com/signatures/2937.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt

http://idp.cyberoam.com/signatures/2938.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt

http://idp.cyberoam.com/signatures/2939.html

netbios

NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt

http://idp.cyberoam.com/signatures/2946.html

netbios

NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/2947.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt

http://idp.cyberoam.com/signatures/2948.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/2949.html

netbios

NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt

http://idp.cyberoam.com/signatures/2964.html

netbios

NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt

http://idp.cyberoam.com/signatures/2965.html

netbios

NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt

http://idp.cyberoam.com/signatures/2966.html

netbios

NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/2967.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt

http://idp.cyberoam.com/signatures/2968.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt

http://idp.cyberoam.com/signatures/2969.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt

http://idp.cyberoam.com/signatures/2970.html

netbios

NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/2971.html

netbios

EXPLOIT WINS overflow attempt

http://idp.cyberoam.com/signatures/3017.html

exploit

IMAP append literal overflow attempt

http://idp.cyberoam.com/signatures/3065.html

imap

NNTP SEARCH pattern overflow attempt

http://idp.cyberoam.com/signatures/3078.html

nntp

MISC Unreal Tournament secure overflow attempt

http://idp.cyberoam.com/signatures/3080.html

web access

NETBIOS SMB llsrconnect little endian overflow attempt

http://idp.cyberoam.com/signatures/3115.html

netbios

NETBIOS SMB llsrconnect unicode overflow attempt

http://idp.cyberoam.com/signatures/3116.html

netbios

NETBIOS SMB llsrconnect unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/3117.html

netbios

NETBIOS SMB llsrconnect andx overflow attempt

http://idp.cyberoam.com/signatures/3118.html

netbios

NETBIOS SMB llsrconnect little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3119.html

netbios

EXPLOIT ntpdx overflow attempt

http://idp.cyberoam.com/signatures/312.html

exploit

NETBIOS SMB llsrconnect unicode andx overflow attempt

http://idp.cyberoam.com/signatures/3120.html

netbios

NETBIOS SMB llsrconnect unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3121.html

netbios

NETBIOS SMB-DS llsrconnect overflow attempt

http://idp.cyberoam.com/signatures/3122.html

netbios

NETBIOS SMB-DS llsrconnect little endian overflow attempt

http://idp.cyberoam.com/signatures/3123.html

netbios

NETBIOS SMB-DS llsrconnect unicode overflow attempt

http://idp.cyberoam.com/signatures/3124.html

netbios

NETBIOS SMB-DS llsrconnect unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/3125.html

netbios

NETBIOS SMB-DS llsrconnect andx overflow attempt

http://idp.cyberoam.com/signatures/3126.html

netbios

NETBIOS SMB-DS llsrconnect little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3127.html

netbios

NETBIOS SMB-DS llsrconnect unicode andx overflow attempt

http://idp.cyberoam.com/signatures/3128.html

netbios

NETBIOS SMB-DS llsrconnect unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3129.html

netbios

WEB-CLIENT PNG large image width download attempt

http://idp.cyberoam.com/signatures/3132.html

web client access

WEB-CLIENT PNG large image height download attempt

http://idp.cyberoam.com/signatures/3133.html

web client access

NETBIOS SMB CoGetInstanceFromFile overflow attempt

http://idp.cyberoam.com/signatures/3176.html

netbios

NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt

http://idp.cyberoam.com/signatures/3177.html

netbios

NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt

http://idp.cyberoam.com/signatures/3178.html

netbios

NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/3179.html

netbios

NETBIOS SMB CoGetInstanceFromFile andx overflow attempt

http://idp.cyberoam.com/signatures/3180.html

netbios

NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3181.html

netbios

NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt

http://idp.cyberoam.com/signatures/3182.html

netbios

NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3183.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt

http://idp.cyberoam.com/signatures/3184.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt

http://idp.cyberoam.com/signatures/3185.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt

http://idp.cyberoam.com/signatures/3186.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/3187.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt

http://idp.cyberoam.com/signatures/3188.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3189.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt

http://idp.cyberoam.com/signatures/3190.html

netbios

NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3191.html

netbios

NETBIOS name query overflow attempt TCP

http://idp.cyberoam.com/signatures/3195.html

netbios

NETBIOS name query overflow attempt UDP

http://idp.cyberoam.com/signatures/3196.html

netbios

NETBIOS DCERPC ISystemActivator path overflow attempt little endian

http://idp.cyberoam.com/signatures/3197.html

netbios

NETBIOS DCERPC ISystemActivator path overflow attempt big endian

http://idp.cyberoam.com/signatures/3198.html

netbios

NETBIOS SMB OpenKey little endian overflow attempt

http://idp.cyberoam.com/signatures/3219.html

netbios

NETBIOS SMB OpenKey unicode overflow attempt

http://idp.cyberoam.com/signatures/3220.html

netbios

NETBIOS SMB OpenKey unicode little endian overflow attempt

http://idp.cyberoam.com/signatures/3221.html

netbios

NETBIOS SMB OpenKey andx overflow attempt

http://idp.cyberoam.com/signatures/3222.html

netbios

NETBIOS SMB OpenKey little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3223.html

netbios

NETBIOS SMB OpenKey unicode andx overflow attempt

http://idp.cyberoam.com/signatures/3224.html

netbios

NETBIOS SMB OpenKey unicode little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3225.html

netbios

NETBIOS SMB-DS OpenKey overflow attempt

http://idp.cyberoam.com/signatures/3226.html

netbios

NETBIOS SMB-DS OpenKey little endian overflow attempt

http://idp.cyberoam.com/signatures/3227.html

netbios

NETBIOS SMB-DS OpenKey unicode overflow attemp

thttp://idp.cyberoam.com/signatures/3228.html

netbios

NETBIOS SMB-DS OpenKey andx overflow attempt

http://idp.cyberoam.com/signatures/3230.html

netbios

NETBIOS SMB-DS OpenKey little endian andx overflow attempt

http://idp.cyberoam.com/signatures/3231.html

netbios

NETBIOS Messenger message little endian overflow attempt

http://idp.cyberoam.com/signatures/3234.html

netbios

NETBIOS Messenger message overflow attempt

http://idp.cyberoam.com/signatures/3235.html

netbios

FINGER Query

http://idp.cyberoam.com/signatures/333.html

finger

MS-SQL DNS query with 1 requests

http://idp.cyberoam.com/signatures/3443.html

dbms

MS-SQL DNS query with 2 requests

http://idp.cyberoam.com/signatures/3444.html

dbms

MS-SQL DNS query with 3 requests

http://idp.cyberoam.com/signatures/3445.html

dbms

MS-SQL DNS query with 4 requests

http://idp.cyberoam.com/signatures/3446.html

dbms

MS-SQL DNS query with 5 requests

http://idp.cyberoam.com/signatures/3447.html

dbms

MS-SQL DNS query with 6 requests

http://idp.cyberoam.com/signatures/3448.html

dbms

MS-SQL DNS query with 7 requests

http://idp.cyberoam.com/signatures/3449.html

dbms

MS-SQL DNS query with 8 requests

http://idp.cyberoam.com/signatures/3450.html

dbms

MS-SQL DNS query with 9 requests

http://idp.cyberoam.com/signatures/3451.html

dbms

MS-SQL DNS query with 10 requests

http://idp.cyberoam.com/signatures/3452.html

dbms

FTP SITE EXEC attempt

http://idp.cyberoam.com/signatures/361.html

ftp

INFO FTP no password

http://idp.cyberoam.com/signatures/489.html

information

INFO TELNET login failed

http://idp.cyberoam.com/signatures/492.html

information

MISC Source Port 20 to <1024

http://idp.cyberoam.com/signatures/503.html

web access

MISC source port 53 to <1024

http://idp.cyberoam.com/signatures/504.html

web access

MISC gopher proxy

http://idp.cyberoam.com/signatures/508.html

web access

MISC Large UDP Packet

http://idp.cyberoam.com/signatures/521.html

web access

BAD-TRAFFIC ip reserved bit set

http://idp.cyberoam.com/signatures/523.html

network attacks and anomaly

BAD-TRAFFIC tcp port 0 traffic

http://idp.cyberoam.com/signatures/524.html

network attacks and anomaly

BAD-TRAFFIC udp port 0 traffic

http://idp.cyberoam.com/signatures/525.html

network attacks and anomaly

BAD-TRAFFIC data in TCP SYN packet

http://idp.cyberoam.com/signatures/526.html

network attacks and anomaly

NETBIOS NT NULL session

http://idp.cyberoam.com/signatures/530.html

netbios

POLICY FTP anonymous login attempt

http://idp.cyberoam.com/signatures/553.html

policy

RPC DOS ttdbserv Solaris

http://idp.cyberoam.com/signatures/572.html

rpc

RPC portmap ypserv request UDP

http://idp.cyberoam.com/signatures/590.html

rpc

SCAN cybercop os probe

http://idp.cyberoam.com/signatures/619.html

network attacks and anomaly

SCAN FIN

http://idp.cyberoam.com/signatures/621.html

network attacks and anomaly

SCAN ipEye SYN scan

http://idp.cyberoam.com/signatures/622.html

network attacks and anomaly

SCAN NULL

http://idp.cyberoam.com/signatures/623.html

network attacks and anomaly

SCAN SYN FIN

http://idp.cyberoam.com/signatures/624.html

network attacks and anomaly

SCAN XMAS

http://idp.cyberoam.com/signatures/625.html

network attacks and anomaly

SCAN synscan portscan

http://idp.cyberoam.com/signatures/630.html

network attacks and anomaly

SHELLCODE x86 stealth NOOP

http://idp.cyberoam.com/signatures/651.html

shellcode

SHELLCODE x86 0x90 unicode NOOP

http://idp.cyberoam.com/signatures/653.html

shellcode

SMTP RCPT TO overflow

http://idp.cyberoam.com/signatures/654.html

smtp

WEB-CGI whois_raw.cgi arbitrary command execution attempt

http://idp.cyberoam.com/signatures/809.html

web access

WEB-CGI csh access

http://idp.cyberoam.com/signatures/862.html

web access

WEB-CGI ksh access

http://idp.cyberoam.com/signatures/865.html

web access

WEB-CGI rsh access

http://idp.cyberoam.com/signatures/868.html

web access

WEB-CGI tcsh access

http://idp.cyberoam.com/signatures/872.html

web access

WEB-CGI rksh access

http://idp.cyberoam.com/signatures/877.html

web access

WEB-CGI bash access

http://idp.cyberoam.com/signatures/885.html

web access

WEB-IIS Directory transversal attempt

http://idp.cyberoam.com/signatures/974.html

web access

WEB-IIS .cnf access

http://idp.cyberoam.com/signatures/977.html

web access

WEB-IIS MSProxy access

http://idp.cyberoam.com/signatures/986.html

web access

WEB-IIS achg.htr access

http://idp.cyberoam.com/signatures/991.html

web access

WEB-IIS /scripts/iisadmin/default.htm access

http://idp.cyberoam.com/signatures/994.html

web access

WEB-IIS anot.htr access

http://idp.cyberoam.com/signatures/996.html

web access

 

 

Attachments
Article ID: 228