Signature names:
[0] FINGER: FingerD Probe:1
[1] RTSP: Transport Header Buffer Overflow:1
[2] RTSP: Transport Header Buffer Overflow:2
[3] FTP: WU-FTPD File Glob Heap Corruption:3
[4] FTP: WU-FTPD File Glob Heap Corruption:1
[5] FTP: WU-FTPD File Glob Heap Corruption:2
[6] HTTP: Buffer Overflow Attempt Detected in Header:1
[7] HTTP: Buffer Overflow Attempt Detected in Header:2
[8] HTTP: Buffer Overflow Attempt Detected in Header:3
[9] HTTP: Buffer Overflow Attempt Detected in Header:4
[10] HTTP: Buffer Overflow Attempt Detected in Header:5
[11] HTTP: Buffer Overflow Attempt Detected in Header:6
[12] HTTP: WebDAV PROPFIND List Directory:1
[13] HTTP: WebDAV PROPFIND List Directory:2
[14] TELNET: BSD Telnetd Telrcv() Exploit:1
[15] TELNET: BSD Telnetd Telrcv() Exploit:2
[16] TELNET: BSD Telnetd Telrcv() Exploit:3
[17] HTTP: EZShopper Command Execution:1
[18] HTTP: EZShopper Command Execution:2
[19] HTTP: W32/Mydoom@MM DoS:1
[20] BACKDOOR: Intruzzo:1
[21] BACKDOOR: NetBus Trojan:3
[22] BACKDOOR: NetBus Trojan:1
[23] BACKDOOR: NetBus Trojan:2
[24] BACKDOOR: NetBus Trojan:4
[25] WORM: W32/Bagle.bj@MM Worm:1
[26] WORM: W32/Bagle.bj@MM Worm:2
[27] WORM: W32/Bagle.bj@MM Worm:3
[28] HTTP: Siteserver site.csc File Read:1
[29] HTTP: Siteserver site.csc File Read:2
[30] FTP: Ftpd CWD ...:1
[31] HTTP: IIS newdsn.exe File Creation:1
[32] HTTP: IIS newdsn.exe File Creation:2
[33] HTTP: IIS newdsn.exe File Creation:4
[34] REXEC: Login Failed:1
[35] SNMP: MS NT WINS Vulnerability:1
[36] TFTP: 3CDaemon Reserved Device Name DOS:1
[37] IMAP: Overly Long EXAMINE Command Parameter:1
[38] NETBIOS-SS: Lioten Worm:1
[39] HTTP: Weblogic Show Code:1
[40] HTTP: Weblogic Show Code:2
[41] NETBIOS-SS: Windows Directory Traversal:1
[42] BACKDOOR: Digital RootBeer:1
[43] KERBEROS: Microsoft Kerberos 5 ASN.1 Double Free Encoding Error:1
[44] FTP: WU-FTP 244 Buffer Overflow:1
[45] FTP: WU-FTP 244 Buffer Overflow:2
[46] FTP: WU-FTP 244 Buffer Overflow:3
[47] HTTP: info2www Execute Arbitary Command:1
[48] HTTP: info2www Execute Arbitary Command:2
[49] DDoS: TFN Agent Response:1
[50] WORM: W32/Netsky.j@MM Worm:1
[51] WORM: W32/Netsky.j@MM Worm:2
[52] WORM: W32/Netsky.j@MM Worm:3
[53] DHCP: ISC DHCP Server NSUPDATE MiniRes Library Buffer Overflow:1
[54] DHCP: ISC DHCP Server NSUPDATE MiniRes Library Buffer Overflow:2
[55] DHCP: ISC DHCP Server NSUPDATE MiniRes Library Buffer Overflow:3
[56] IMAP: EXAMINE Buffer Overflow with Shellcode:1
[57] FTP: Overly Long PASS Parameters Buffer Overflow:1
[58] SHELLCODE: Shellcode Detectedfor HP PA-RISC Family CPUs:1
[59] SHELLCODE: Shellcode Detectedfor HP PA-RISC Family CPUs:2
[60] SHELLCODE: Shellcode Detectedfor HP PA-RISC Family CPUs:3
[61] BACKDOOR: Fore:1
[62] BACKDOOR: Fore:2
[63] MMS: Overly Large Packet Length:1
[64] HTTP: View Source Input Validation:1
[65] HTTP: View Source Input Validation:2
[66] RSH: Root Account Attempt:1
[67] POP3: Buffer Overflow Attempt With RETR Parameters:1
[68] WORM: W32/Bagle.aq@MM Worm:1
[69] WORM: W32/Bagle.aq@MM Worm:2
[70] WORM: W32/Bagle.aq@MM Worm:3
[71] IMAP: Buffer Overflow with Overly Long STATUS Command Parameters:1
[72] SSH: Cisco Catalyst SSH Mismatch Crash:1
[73] NETBIOS-SS: Microsoft License Logging Service Overflow Vulnerability:1
[74] NETBIOS-SS: Microsoft License Logging Service Overflow Vulnerability:2
[75] SSL: Session Allocation Error:1
[76] SSL: Session Allocation Error:2
[77] HTTP: Dragon Fire IDS Web Interface Remote Execution:1
[78] HTTP: Dragon Fire IDS Web Interface Remote Execution:2
[79] HTTP: Dragon Fire IDS Web Interface Remote Execution:3
[80] SMTP: Long MAIL Params With Shellcode Exploit:1
[81] HTTP: CCBill WhereAmI.CGI Remote Arbitrary Command Execution:1
[82] HTTP: CCBill WhereAmI.CGI Remote Arbitrary Command Execution:2
[83] P2P: BitTorrent File Transfer HandShaking:1
[84] P2P: BitTorrent File Transfer HandShaking:3
[85] P2P: BitTorrent File Transfer HandShaking:4
[86] P2P: BitTorrent File Transfer HandShaking:5
[87] FTP: Ftpd ADMhack Scan:1
[88] HTTP: Webtrends Probe:1
[89] POP3: SCO Popd Buffer Overflow:1
[90] WORM: W32/Bagle.j@MM Worm:1
[91] WORM: W32/Bagle.j@MM Worm:2
[92] WORM: W32/Bagle.j@MM Worm:3
[93] WORM: W32/Bagle.j@MM Worm:4
[94] WORM: W32/Bagle.j@MM Worm:5
[95] WORM: W32/Bagle.j@MM Worm:6
[96] TELNET: TTYPROMPT Remote Change:1
[97] TELNET: TTYPROMPT Remote Change:2
[98] TFTP: Get Sensitive File:1
[99] TFTP: Get Sensitive File:2
[100] TFTP: Get Sensitive File:3
[101] TFTP: Get Sensitive File:4
[102] RPC: STATD UNMONALL Generic Length Buffer Overflow:1
[103] MSSQL: Microsoft SQL Server TDS Packet Fragment Handling DoS:1
[104] HTTP: IIS Index Sever idq Read File:1
[105] HTTP: IIS Index Sever idq Read File:2
[106] HTTP: Anyform Execute Arbitrary Command:1
[107] HTTP: Anyform Execute Arbitrary Command:2
[108] HTTP: Anyform Execute Arbitrary Command:3
[109] ISS: ISS PAM_ICQ Module Buffer Overflow:1
[110] ISS: ISS PAM_ICQ Module Buffer Overflow:2
[111] XTACACS: CiscoSecure ACS Vulnerability:1
[112] WORM: W32/Bagle.aa@MM Worm:1
[113] WORM: W32/Bagle.aa@MM Worm:2
[114] WORM: W32/Bagle.aa@MM Worm:3
[115] WORM: W32/Bagle.aa@MM Worm:4
[116] WORM: W32/Bagle.aa@MM Worm:5
[117] WORM: W32/Bagle.aa@MM Worm:6
[118] WORM: W32/Bagle.aa@MM Worm:7
[119] WORM: W32/Bagle.aa@MM Worm:8
[120] WORM: W32/Bagle.aa@MM Worm:9
[121] TELNET: SGI Default Telnet Account Attempt:1
[122] HTTP: Samba 3.x SWAT Preauthentication Buffer Overflow:1
[123] HTTP: Samba 3.x SWAT Preauthentication Buffer Overflow:2
[124] IMAP: AUTH Buffer Overflow Exploit:1
[125] SENSOR: PREVDATA-NODES Exhausted:1
[126] SMTP: MercurMail DoS:1
[127] NETBIOS-NS: Symantec Multiple Firewall NBNS Response Processing Stack Overflow:1
[128] NETBIOS-NS: Symantec Multiple Firewall NBNS Response Processing Stack Overflow:2
[129] HTTP: KW Whois Remote Command Execution:1
[130] HTTP: KW Whois Remote Command Execution:2
[131] IM: AOL Instant Messenger Arbitrary File Creation Vulnerability:1
[132] DCERPC: Microsoft RPCSS Heap Overflow II:1
[133] DCERPC: Microsoft RPCSS Heap Overflow II:2
[134] DCERPC: Microsoft RPCSS Heap Overflow II:3
[135] DCERPC: Microsoft RPCSS Heap Overflow II:4
[136] FTP: Stor .forward:1
[137] SIP: Header Buffer Overflow in SIP Server:1
[138] SIP: Header Buffer Overflow in SIP Server:2
[139] SIP: Header Buffer Overflow in SIP Server:3
[140] NETBIOS-SS: Microsoft Negotiate SSP Vulnerability:1
[141] RPC: ypbind Generic Exploit:1
[142] P2P: Swapper Alive:1
[143] P2P: Swapper Alive:2
[144] DDoS: Stacheldraht Agent Spoof Test:1
[145] HTTP: IIS ism.dll/SSI Buffer Overflow:1
[146] HTTP: IIS ism.dll/SSI Buffer Overflow:2
[147] HTTP: IIS ism.dll/SSI Buffer Overflow:3
[148] HTTP: IIS ism.dll/SSI Buffer Overflow:4
[149] HTTP: IIS ism.dll/SSI Buffer Overflow:5
[150] HTTP: Phorum Sent Mail:1
[151] HTTP: Phorum Sent Mail:2
[152] WORM: W32/Bagle.b@MM Worm:1
[153] WORM: W32/Bagle.b@MM Worm:2
[154] WORM: W32/Bagle.b@MM Worm:3
[155] HTTP: IIS Index Server Overflow:1
[156] BACKDOOR: Web Serve CT Backdoor:1
[157] BACKDOOR: Web Serve CT Backdoor:2
[158] BACKDOOR: Web Serve CT Backdoor:3
[159] BACKDOOR: Web Serve CT Backdoor:4
[160] BACKDOOR: Web Serve CT Backdoor:5
[161] IM: Yahoo Messenger  File Transfer:1
[162] IM: Yahoo Messenger  File Transfer:3
[163] IM: Yahoo Messenger  File Transfer:4
[164] IM: MSN Messenger Server Lookup:1
[165] IM: MSN Messenger Server Lookup:2
[166] RTSP: Header Buffer Overflow:1
[167] RTSP: Header Buffer Overflow:2
[168] MSSQL: Resolution Service Data Too Long:1
[169] HTTP: Allaire JRun SSIFilter File Read:1
[170] HTTP: Allaire JRun SSIFilter File Read:2
[171] TELNET: Resolve Host Conf:1
[172] FTP: Overly Long UNLOCK Command Parameters:1
[173] FTP: Overly Long UNLOCK Command Parameters:2
[174] HTTP: Header Buffer Overflow Attempt:1
[175] HTTP: Header Buffer Overflow Attempt:2
[176] SMTP: Pipe Attack:1
[177] SMTP: Pipe Attack:2
[178] HTTP: Microsoft Media Service NSIISLOG.DLL Exploit:1
[179] HTTP: Microsoft Media Service NSIISLOG.DLL Exploit:2
[180] HTTP: Microsoft Media Service NSIISLOG.DLL Exploit:3
[181] RPC: snmpXdmid Solaris LSD Buffer Overflow:1
[182] RPC: snmpXdmid Solaris LSD Buffer Overflow:2
[183] RPC: snmpXdmid Solaris LSD Buffer Overflow:3
[184] BACKDOOR: Vampire:1
[185] UPnP: NOTIFY Buffer Overflow:1
[186] KERBEROS: Microsoft Kerberos 5 ASN.1 BitStr Encoding Error:1
[187] BACKDOOR: Blazer5 (Sockets De Troie v1):1
[188] BACKDOOR: Blazer5 (Sockets De Troie v1):2
[189] BACKDOOR: Blazer5 (Sockets De Troie v1):3
[190] RPC: Portmapper CALLIT Proxy Attempt:1
[191] P2P: Gnutella File Transferring:2
[192] P2P: Gnutella File Transferring:3
[193] MSSQL: SQL Server Resolution Stack Overflow:1
[194] MSSQL: SQL Server Resolution Stack Overflow:2
[195] FTP: Glob Exploit Denial of Service:1
[196] FTP: Glob Exploit Denial of Service:2
[197] FTP: Glob Exploit Denial of Service:3
[198] FTP: Glob Exploit Denial of Service:4
[199] HTTP: PHP Upload File Buffer Overflow:1
[200] HTTP: PHP Upload File Buffer Overflow:2
[201] REXEC: Account Login Attempt:1
[202] SNMP: OVActionD SNMP Trap Command Execution Vulnerability:1
[203] SNMP: OVActionD SNMP Trap Command Execution Vulnerability:2
[204] SNMP: OVActionD SNMP Trap Command Execution Vulnerability:3
[205] IRC: Trillian PRIVMSG Buffer Overflow:1
[206] MSRPC: Windows Registry Remote Write Attempt:1
[207] HTTP: BadBlue Null Byte File Disclosure:1
[208] HTTP: BadBlue Null Byte File Disclosure:2
[209] HTTP: Cisco Catalyst Remote Arbitrary Command Execution:1
[210] HTTP: Cisco Catalyst Remote Arbitrary Command Execution:2
[211] FTP: WFTPD Buffer Overflow:1
[212] FTP: WFTPD Buffer Overflow:2
[213] FTP: WFTPD Buffer Overflow:3
[214] DDoS: mstream Agent-to-Handler Communication:1
[215] IMAP: Buffer Overflow With Overly Long DELETE Command Parameters:2
[216] FTP: Ipswitch WS_FTP Server ALLO Error Buffer Overflow:1
[217] DCERPC: Microsoft Windows LSASS Buffer Overflow:1
[218] DCERPC: Microsoft Windows LSASS Buffer Overflow:2
[219] DCERPC: Microsoft Windows LSASS Buffer Overflow:3
[220] RPC: MOUNTD Lucysoft Buffer Overflow:1
[221] RPC: MOUNTD Lucysoft Buffer Overflow:2
[222] RPC: MOUNTD Lucysoft Buffer Overflow:3
[223] NMAP: XMAS with SYN Probe:1
[224] HTTP: Cisco HTTP Admin Authentication:1
[225] HTTP: Cisco HTTP Admin Authentication:2
[226] WORM: W32/Netsky.ag@MM Worm:1
[227] WORM: W32/Netsky.ag@MM Worm:2
[228] WORM: W32/Netsky.ag@MM Worm:3
[229] WORM: W32/Netsky.ag@MM Worm:4
[230] WORM: W32/Netsky.ag@MM Worm:5
[231] WORM: W32/Netsky.ag@MM Worm:6
[232] IMAP: Buffer Overflow With Overly Long FETCH Command Parameters:1
[233] HTTP: php.cgi Buffer Overflow:1
[234] HTTP: php.cgi Buffer Overflow:2
[235] SSL: Unsupported Diffie-Hellman Cipher Suite:1
[236] DTSPCD: CDE dtspcd Remote Buffer Overflow:2
[237] DTSPCD: CDE dtspcd Remote Buffer Overflow:3
[238] HTTP: WebCart webcart.cgi Command Execution:1
[239] HTTP: WebCart webcart.cgi Command Execution:2
[240] BACKDOOR: Swift:1
[241] BACKDOOR: Swift:2
[242] FTP: Ftpd Passwd Retrieval Attempt:1
[243] TCP: Illegal FIN Probe:1
[244] POP3: Qpop24 Buffer Overflow:1
[245] WORM: W32/Bagle.n@MM Worm:1
[246] WORM: W32/Bagle.n@MM Worm:2
[247] WORM: W32/Bagle.n@MM Worm:3
[248] WORM: W32/Bagle.n@MM Worm:4
[249] WORM: W32/Bagle.n@MM Worm:5
[250] WORM: W32/Bagle.n@MM Worm:6
[251] SMTP: Possible SSH Worm:1
[252] ICMP: Source Quench Option Set:1
[253] ICMP: Timestamp Probe:1
[254] BACKDOOR: ButtMan:1
[255] BACKDOOR: ButtMan:2
[256] RPC: AMD/AMQ Generic Length Buffer Overflow:1
[257] DMWARE: DMWare Remote Control Stack Buffer Overflow:1
[258] IGMP: Koc Attack:1
[259] HTTP: classified.cgi Input Validation:1
[260] HTTP: classified.cgi Input Validation:2
[261] HTTP: classified.cgi Input Validation:3
[262] POP3: AnalogX Denial of Service:1
[263] POP3: AnalogX Denial of Service:2
[264] POP3: AnalogX Denial of Service:3
[265] TELNET: Invalid Telnet Flow:1
[266] WORM: W32/Dabber Worm:1
[267] IMAP: SIMS LOGIN Buffer Overflow:1
[268] LPR: Format String Attack:1
[269] LPR: Format String Attack:2
[270] LPR: Format String Attack:3
[271] SMTP: SmartServer3 MAIL FROM Buffer Overflow:2
[272] SMTP: SmartServer3 MAIL FROM Buffer Overflow:1
[273] SMTP: SmartServer3 MAIL FROM Buffer Overflow:3
[274] HTTP: IIS ISM.DLL access:1
[275] HTTP: IIS ISM.DLL access:2
[276] IM: AOL Instant Messenger %s DoS Vulnerability:1
[277] DCERPC: Microsoft Message Queue Service Heap Overflow:1
[278] BACKDOOR: Connection/Host Control:1
[279] BACKDOOR: Connection/Host Control:2
[280] FTP: AIX Overflow:1
[281] FTP: AIX Overflow:2
[282] FTP: AIX Overflow:3
[283] FTP: AIX Overflow:4
[284] BACKDOOR: Cyn:1
[285] BACKDOOR: Cyn:2
[286] SMB: Samba Multiple Slash Arbitrary File Access:1
[287] SMB: Samba Multiple Slash Arbitrary File Access:2
[288] SYBASE: DROP DATABASE Command Used:1
[289] SYBASE: DROP DATABASE Command Used:2
[290] ARP: MAC Address Cloned:1
[291] BACKDOOR: Kuang2:1
[292] RPC: AUTOFS Remote Command Execution:1
[293] MSSQL: BULK INSERT Possible Buffer Overflow:1
[294] MSSQL: BULK INSERT Possible Buffer Overflow:2
[295] DDoS: Stacheldraht Master-Spoofworks:1
[296] HTTP: Microsoft Frontpage fp30reg.dll Buffer Overflow:1
[297] HTTP: Microsoft Frontpage fp30reg.dll Buffer Overflow:2
[298] HTTP: Microsoft Frontpage fp30reg.dll Buffer Overflow:4
[299] HTTP: w3-msql Execute Command:1
[300] HTTP: w3-msql Execute Command:2
[301] HTTP: w3-msql Execute Command:3
[302] WORM: W32/Netsky.c@MM Worm:1
[303] WORM: W32/Netsky.c@MM Worm:2
[304] WORM: W32/Netsky.c@MM Worm:3
[305] WORM: W32/Netsky.c@MM Worm:4
[306] WORM: W32/Netsky.c@MM Worm:5
[307] WORM: W32/Netsky.c@MM Worm:6
[308] BACKDOOR: WOW23:1
[309] SMB: Samba Trans2Open Buffer Overflow:1
[310] SMB: Samba Trans2Open Buffer Overflow:2
[311] MSSQL: sp_MScopyscript Command Execution:1
[312] MSSQL: sp_MScopyscript Command Execution:2
[313] HTTP: Axis StorPoint Auth Sidestep:1
[314] HTTP: Axis StorPoint Auth Sidestep:2
[315] TELNET: IAC Bomb:1
[316] TELNET: IAC Bomb:2
[317] BACKDOOR: Uploader:1
[318] BACKDOOR: Uploader:2
[319] DoS: ICMP-Based Jolt2 Attack:1
[320] SMTP: eXtremail Format String:1
[321] HTTP: IIS cmd.exe Execution:1
[322] HTTP: IIS cmd.exe Execution:2
[323] BACKDOOR: Xanadu:1
[324] BACKDOOR: Xanadu:2
[325] HTTP: Apache Tomcat DefaultServlet File Disclosure:1
[326] HTTP: Apache Tomcat DefaultServlet File Disclosure:2
[327] SMTP: MailMax Buffer Overflow:1
[328] HTTP: Auction Weaver Remote Command Execution:1
[329] HTTP: Auction Weaver Remote Command Execution:2
[330] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:1
[331] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:2
[332] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:3
[333] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:4
[334] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:5
[335] KERBEROS: Microsoft Kerberos 5 ASN.1 Message Field Length Encoding Error:6
[336] P2P: BearShare Alive:1
[337] P2P: BearShare Alive:2
[338] BACKDOOR: Hvl RAT:1
[339] BACKDOOR: Hvl RAT:2
[340] RPC: Rwalld Format String Vulnerability:1
[341] HTTP: Apache Win32 .Bat Exploit:1
[342] HTTP: Apache Win32 .Bat Exploit:2
[343] HTTP: Apache Win32 .Bat Exploit:3
[344] Oracle: HTTP Server mod_access Restriction Bypass Vulnerability:1
[345] Oracle: HTTP Server mod_access Restriction Bypass Vulnerability:2
[346] DDoS: Stacheldraht Handler-check-gag:1
[347] BACKDOOR: Remote Hack:1
[348] BACKDOOR: Remote Hack:2
[349] HTTP: Microsoft W3Who ISAPI DLL Buffer Overflow:1
[350] HTTP: Microsoft W3Who ISAPI DLL Buffer Overflow:2
[351] MSRPC: NT LSA Secrets Vulnerability:1
[352] HTTP: Hassan Consulting Shopping Cart Arbitrary Command Execution:1
[353] HTTP: Hassan Consulting Shopping Cart Arbitrary Command Execution:2
[354] BACKDOOR: Portal of Doom:1
[355] BACKDOOR: Portal of Doom:2
[356] RPC: CMSD Solaris ISS Buffer Overflow:1
[357] RPC: CMSD Solaris ISS Buffer Overflow:2
[358] FTP: IIS FTP STAT Glob Denial of Service:1
[359] MSSQL: xp_mergelineages Possible Buffer Overflow:1
[360] MSSQL: xp_mergelineages Possible Buffer Overflow:2
[361] FTP: WU-FTPD 2.6.0 Bobek  Buffer Overflow:1
[362] FTP: WU-FTPD 2.6.0 Bobek  Buffer Overflow:2
[363] BACKDOOR: Tcc:1
[364] HTTP: Mail Manage EX PHP Include Exploit:1
[365] FTP: OpenFTPD MSG Format String Exploit:1
[366] HTTP: IIS WebDAV propfind Server DoS:1
[367] HTTP: IIS WebDAV propfind Server DoS:2
[368] SHELLCODE: Shellcode Exploit Detected for i386 Family CPUs:1
[369] SHELLCODE: Shellcode Exploit Detected for i386 Family CPUs:2
[370] SHELLCODE: Shellcode Exploit Detected for i386 Family CPUs:3
[371] SHELLCODE: Shellcode Exploit Detected for i386 Family CPUs:4
[372] SHELLCODE: Shellcode Exploit Detected for i386 Family CPUs:5
[373] IDENT: Suspiciously Long Response:1
[374] IDENT: Suspiciously Long Response:2
[375] IDENT: Suspiciously Long Response:3
[376] DCERPC: Microsoft Message Queuing Service Buffer Overflow:1
[377] DCERPC: Microsoft Message Queuing Service Buffer Overflow:2
[378] DCERPC: Microsoft Message Queuing Service Buffer Overflow:3
[379] BACKDOOR: Remote Windows  Shutdown:1
[380] RPC: STATD SMMON Format String Attack:1
[381] RPC: STATD SMMON Format String Attack:2
[382] RPC: STATD SMMON Format String Attack:3
[383] RPC: STATD SMMON Format String Attack:4
[384] RPC: STATD SMMON Format String Attack:5
[385] RPC: STATD SMMON Format String Attack:6
[386] SCAN: NULL Probe:1
[387] HTTP: PhpPhotoAlbum Directory Traversal:1
[388] HTTP: PhpPhotoAlbum Directory Traversal:2
[389] DoS: UDP Bomb:1
[390] DoS: UDP Bomb:2
[391] IMAP: Buffer Overflow With Overly Long UID Command Parameters:1
[392] TCP: Abnormal TCP Window Scaling Options:1
[393] SMTP: x86 Windows CSM Mail Buffer Overflow:1
[394] KERBEROS: Kerberos 5 ASN.1 Field Crafted BitString:1
[395] BACKDOOR: Total Eclypse:1
[396] FTP: Ftpd SATAN Scan:1
[397] HTTP: Cisco IOS HTTP DoS:1
[398] HTTP: Cisco IOS HTTP DoS:2
[399] ORACLE: MD2 Package SDO_CODE_SIZE Procedure Buffer Overflow:1
[400] SNMP: Invalid Bulk Request ID:1
[401] ICMP: Netmask Request:1
[402] HTTP: VBulletin Forumdisplay PHP Code Execution:1
[403] BACKDOOR: Priority:1
[404] DCERPC: Microsoft RPC DCOM Buffer Overflow:1
[405] DCERPC: Microsoft RPC DCOM Buffer Overflow:2
[406] DCERPC: Microsoft RPC DCOM Buffer Overflow:3
[407] DCERPC: Microsoft RPC DCOM Buffer Overflow:4
[408] BACKDOOR: Backdoor2 Trojan:1
[409] BACKDOOR: Backdoor2 Trojan:2
[410] BACKDOOR: Backdoor2 Trojan:3
[411] BACKDOOR: Backdoor2 Trojan:4
[412] RPC: TTDBServerD HPUX APK Buffer Overflow:1
[413] RPC: TTDBServerD HPUX APK Buffer Overflow:2
[414] MSSQL: xp_peekqueue Possible Buffer Overflow:1
[415] MSSQL: xp_peekqueue Possible Buffer Overflow:2
[416] SNMP: Microsoft Printer Query DoS Vulnerability:1
[417] TELNET: Telnet Client slc_add_reply Buffer Overflow Vulnerability:1
[418] TELNET: Telnet Client slc_add_reply Buffer Overflow Vulnerability:2
[419] TELNET: Telnet Client slc_add_reply Buffer Overflow Vulnerability:3
[420] IMAP: Imapscan.sh Exploit:1
[421] HTTP: Lotus Domino ReplicaID Access Vulnerability:1
[422] HTTP: Lotus Domino ReplicaID Access Vulnerability:2
[423] PPTP: MicroSoft PPTP Malformed Control Message:1
[424] LPR: PIC LPd Exploit:1
[425] HTTP: IIS Index Server query.dll Overflow:1
[426] HTTP: IIS Index Server query.dll Overflow:2
[427] HTTP: IIS Index Server query.dll Overflow:3
[428] DCERPC: Arnudp Attack:1
[429] BACKDOOR: Evil FTP:1
[430] HTTP: Windmail.exe Remote File Read:1
[431] HTTP: Windmail.exe Remote File Read:2
[432] ORACLE: Application Server Report Server Buffer Overflow:1
[433] ORACLE: Application Server Report Server Buffer Overflow:2
[434] ORACLE: Application Server Report Server Buffer Overflow:3
[435] BACKDOOR: Olive:1
[436] BACKDOOR: Duddie:1
[437] BACKDOOR: Duddie:2
[438] SMTP: TURN Command:1
[439] FINGER: ZKFingerd Format String Vulnerability:1
[440] FINGER: ZKFingerd Format String Vulnerability:2
[441] HTTP: Microsoft IIS HOST Header DoS:1
[442] HTTP: Microsoft IIS HOST Header DoS:2
[443] RDP: Microsoft Terminal Services RDP DoS:1
[444] ARP: ARP Spoofing with Different MAC Addresses:1
[445] BACKDOOR: BackConstruction Trojan:1
[446] MSSQL: DBCC Buffer Overflow:1
[447] MSSQL: DBCC Buffer Overflow:2
[448] MSSQL: DBCC Buffer Overflow:3
[449] MSSQL: DBCC Buffer Overflow:4
[450] MSSQL: DBCC Buffer Overflow:5
[451] MSSQL: DBCC Buffer Overflow:6
[452] MSSQL: DBCC Buffer Overflow:7
[453] MSSQL: DBCC Buffer Overflow:8
[454] MSSQL: DBCC Buffer Overflow:9
[455] MSSQL: DBCC Buffer Overflow:10
[456] MSSQL: DBCC Buffer Overflow:11
[457] MSSQL: DBCC Buffer Overflow:12
[458] MSSQL: DBCC Buffer Overflow:13
[459] MSSQL: DBCC Buffer Overflow:14
[460] HTTP: Nortel Contivity cgiproc DoS:1
[461] HTTP: Nortel Contivity cgiproc DoS:2
[462] SNMP: Integer Overflow Detected:1
[463] POP3: Qpopper Buffer Overflow:1
[464] POP3: Qpopper Buffer Overflow:2
[465] HTTP: Microsoft Office XP Word Long Filename Overflow:1
[466] WORM: W32/Bagle.e@MM Worm:1
[467] WORM: W32/Bagle.e@MM Worm:2
[468] WORM: W32/Bagle.e@MM Worm:3
[469] BACKDOOR: MyDoom/DoomJuice Activity:1
[470] BACKDOOR: MyDoom/DoomJuice Activity:2
[471] BACKDOOR: MyDoom/DoomJuice Activity:3
[472] BACKDOOR: MyDoom/DoomJuice Activity:4
[473] HTTP: FileSeek CGI Attack:1
[474] HTTP: FileSeek CGI Attack:2
[475] HTTP: FileSeek CGI Attack:3
[476] SMTP: Too Many Message Headers DoS:1
[477] RPC: CMSD Generic Length Buffer Overflow:1
[478] BACKDOOR: WinCrash Trojan:1
[479] BACKDOOR: WinCrash Trojan:2
[480] MSSQL: XP_LogAttach* Run on MSSQL:1
[481] MSSQL: XP_LogAttach* Run on MSSQL:2
[482] HTTP: Apache source.asp Writing File:1
[483] HTTP: Apache source.asp Writing File:2
[484] NNTP: AuthInfo Buffer Overflow:1
[485] BACKDOOR: Voodoo Doll:1
[486] HTTP: HP Openview Network Node Manager Code Execution:1
[487] HTTP: HP Openview Network Node Manager Code Execution:2
[488] HTTP: Htdig Arbitrary File Disclosure:1
[489] HTTP: Htdig Arbitrary File Disclosure:2
[490] IM: AOL Instant Messenger Buffer Overflow Vulnerability:1
[491] MSSQL: SQL Server Resolution Keep Alive DoS:1
[492] HTTP: gwweb Access File:1
[493] HTTP: gwweb Access File:2
[494] BACKDOOR: Quake Server Backdoor:1
[495] HTTP:  IIS root.exe Execute Command:1
[496] HTTP:  IIS root.exe Execute Command:2
[497] SMTP: Domino ENVID DoS:1
[498] SMTP: Domino ENVID DoS:2
[499] HTTP: CSVForm Remote Arbitrary Command Execution:1
[500] HTTP: CSVForm Remote Arbitrary Command Execution:2
[501] RPC: Portmapper XDR Fragment Decoding Buffer Overflow:1
[502] H.225: PROTO Destination Address H323-ID Length Anomaly:1
[503] BACKDOOR: Sygate Non-Authenticated RAE Activity:1
[504] HTTP: Microsoft Remote Data Services Attack:1
[505] HTTP: Microsoft Remote Data Services Attack:2
[506] HTTP: Microsoft Remote Data Services Attack:3
[507] HTTP: Microsoft Remote Data Services Attack:4
[508] Oracle: Application Server Reports Arbitrary System Command Execution:1
[509] SOCKS: SOCKS4 Username Buffer Overflow:1
[510] SOCKS: SOCKS4 Username Buffer Overflow:2
[511] SOCKS: SOCKS4 Username Buffer Overflow:3
[512] BACKDOOR: The Revenger:1
[513] HTTP: Request Path Too Long With Shellcode Detected:1
[514] HTTP: Request Path Too Long With Shellcode Detected:3
[515] BACKDOOR: G-Spot:1
[516] BACKDOOR: The Thing:1
[517] BACKDOOR: The Thing:2
[518] BACKDOOR: The Thing:3
[519] RPC: MOUNTD ADM Buffer Overflow:1
[520] RPC: MOUNTD ADM Buffer Overflow:2
[521] RPC: MOUNTD ADM Buffer Overflow:3
[522] MSSQL: xp_createqueue Possible Buffer Overflow:1
[523] MSSQL: xp_createqueue Possible Buffer Overflow:2
[524] TELNET: Too Many Bad IACs:1
[525] BACKDOOR: Trojan Cow:1
[526] SHELLCODE: Shellcode Exploit Detected for Motorola 68000 Family CPUs:1
[527] SHELLCODE: Shellcode Exploit Detected for Motorola 68000 Family CPUs:2
[528] HTTP: InterScan WebManager HttpSave.dll Buffer Overflow:1
[529] HTTP: InterScan WebManager HttpSave.dll Buffer Overflow:2
[530] HTTP: InterScan WebManager HttpSave.dll Buffer Overflow:3
[531] BACKDOOR: StealthSpy:1
[532] RPC: CACHEFSD Solaris LSD Buffer Overflow:1
[533] RPC: CACHEFSD Solaris LSD Buffer Overflow:2
[534] RPC: CACHEFSD Solaris LSD Buffer Overflow:3
[535] HTTP: Sojourn Input Validation Error:1
[536] HTTP: Sojourn Input Validation Error:2
[537] IRC: PTlink IRCD Denial of Service:1
[538] RLOGIN: User Name Too Long:1
[539] RLOGIN: User Name Too Long:2
[540] RLOGIN: User Name Too Long:3
[541] HTTP: e107 PHP Code Injection:1
[542] HTTP: e107 PHP Code Injection:2
[543] BACKDOOR: PC Invader:1
[544] BACKDOOR: PC Invader:2
[545] SMTP: Microsoft Web View Script Injection Vulnerability:1
[546] TCP: Requested MD5 Checksums Missing from TCP Flow:1
[547] SMTP: EXPN Root:1
[548] BACKDOOR: Ultors:1
[549] H.225: Microsoft ISA Server Source Address URL Length Buffer Overflow:1
[550] HTTP: IIS Translate F Read Source Code:1
[551] HTTP: IIS Translate F Read Source Code:2
[552] ORACLE: Buffer Overflow in SYS_CONTEXT():1
[553] HTTP: SGI pfdispaly.cgi Bug:1
[554] HTTP: SGI pfdispaly.cgi Bug:2
[555] HTTP: SGI pfdispaly.cgi Bug:3
[556] DoS: Axent Raptor Crash:1
[557] HTTP: Microsoft ASN.1 Memory Corruption:1
[558] MySQL: Change User Vulnerability:1
[559] BACKDOOR: Psychward:1
[560] BACKDOOR: Psychward:2
[561] HTTP: Microsoft Site Server Arbitrary ASP Code Execution Vulnerability:1
[562] HTTP: Microsoft Site Server Arbitrary ASP Code Execution Vulnerability:2
[563] SMTP: Microsoft Word Font Parsing Buffer Overflow Vulnerability:1
[564] SENSOR: TCP/UDP Control Blocks Resources Exhausted:1
[565] HTTP: checklogin.php Execute Command:1
[566] HTTP: checklogin.php Execute Command:2
[567] RPC: TTDBServerD AIX LSD Buffer Overflow:1
[568] RPC: TTDBServerD AIX LSD Buffer Overflow:2
[569] RPC: TTDBServerD AIX LSD Buffer Overflow:3
[570] RPC: TTDBServerD AIX LSD Buffer Overflow:4
[571] RPC: TTDBServerD AIX LSD Buffer Overflow:5
[572] HTTP: MailSite Buffer Overflow:1
[573] HTTP: MailSite Buffer Overflow:3
[574] ORACLE: 9i Default Configuration File Information Disclosure:1
[575] ORACLE: 9i Default Configuration File Information Disclosure:2
[576] SNMP: PROTOS Test Suite Invalid Version Attack:1
[577] TELNET: Linux In.telnetd Denial of Service:1
[578] HTTP: Cisco 600 Series Web Administration DoS:1
[579] HTTP: QShop Privilege Escalation:1
[580] HTTP: QShop Privilege Escalation:2
[581] LPR: Print Passwd HardCopy Attempt:1
[582] FINGER: Cfinger Search Probe:1
[583] HTTP: Virus Wall Overflow:1
[584] HTTP: Virus Wall Overflow:2
[585] HTTP: Virus Wall Overflow:3
[586] BACKDOOR: Gate Crasher:1
[587] DCERPC: Microsoft NTLM ASN.1 Heap Corruption:1
[588] DCERPC: Microsoft NTLM ASN.1 Heap Corruption:2
[589] ORACLE: Application Server Default Page Context-test:1
[590] SNMP: Invalid Tag Detected:1
[591] SNMP: Invalid Tag Detected:2
[592] SNMP: Invalid Tag Detected:3
[593] SNMP: Invalid Tag Detected:4
[594] SNMP: Invalid Tag Detected:5
[595] SNMP: Invalid Tag Detected:6
[596] SNMP: Invalid Tag Detected:7
[597] SNMP: Invalid Tag Detected:8
[598] HTTP: OmniHTTPd Range Header Remote Buffer Overflow:1
[599] HTTP: OmniHTTPd Range Header Remote Buffer Overflow:2
[600] BACKDOOR: Net Terrorist:1
[601] FINGER: Shellcode in Request Detected:1
[602] FINGER: Shellcode in Request Detected:2
[603] FINGER: Shellcode in Request Detected:3
[604] TCP: Indicated TCP Header Length is Larger than Packet:1
[605] BACKDOOR: Doly Trojan:1
[606] BACKDOOR: Doly Trojan:2
[607] BACKDOOR: Doly Trojan:3
[608] MSSQL: xp_setsqlsecurity Possible Buffer Overflow:1
[609] MSSQL: xp_setsqlsecurity Possible Buffer Overflow:2
[610] SNMP: Community String Length Too Long:1
[611] TELNET: Root Login with Wrong Password:1
[612] HTTP: Lotus Domino Web Server iNotes s_Viewname Overflow:1
[613] HTTP: Lotus Domino Web Server iNotes s_Viewname Overflow:2
[614] BACKDOOR: Moonpie:1
[615] SSL: PCT THCLame Challenge Buffer Overflow:1
[616] DCERPC: Malformed Request DoS:7
[617] HTTP: count.cgi Buffer Overflow:1
[618] HTTP: count.cgi Buffer Overflow:2
[619] HTTP: count.cgi Buffer Overflow:3
[620] HTTP: count.cgi Buffer Overflow:4
[621] HTTP: count.cgi Buffer Overflow:5
[622] ORACLE: Listener Input Validation Vulnerabilities:1
[623] SNMP: PROTOS Test Suite Buffer Overflow Attack:1
[624] SNMP: PROTOS Test Suite Buffer Overflow Attack:2
[625] SNMP: PROTOS Test Suite Buffer Overflow Attack:3
[626] SNMP: PROTOS Test Suite Buffer Overflow Attack:4
[627] SNMP: PROTOS Test Suite Buffer Overflow Attack:5
[628] SNMP: PROTOS Test Suite Buffer Overflow Attack:6
[629] SNMP: PROTOS Test Suite Buffer Overflow Attack:7
[630] SNMP: PROTOS Test Suite Buffer Overflow Attack:8
[631] SNMP: PROTOS Test Suite Buffer Overflow Attack:9
[632] SNMP: PROTOS Test Suite Buffer Overflow Attack:10
[633] SNMP: PROTOS Test Suite Buffer Overflow Attack:11
[634] SNMP: PROTOS Test Suite Buffer Overflow Attack:12
[635] DNS: Ethereal Name Expansion DoS Overflow:1
[636] SMTP: W32 Mimail.c Worm:1
[637] FINGER: In.fingerd Pipe Remote Command Execution:1
[638] FINGER: In.fingerd Pipe Remote Command Execution:2
[639] HTTP: Brown Orifice HTTPD Access:1
[640] HTTP: Brown Orifice HTTPD Access:2
[641] HTTP: Oracle Web Listener Batch Execute Command:1
[642] HTTP: Oracle Web Listener Batch Execute Command:2
[643] BACKDOOR: TeleCommando:1
[644] HTTP: ColdFusion fileexists Vulnerability:1
[645] HTTP: ColdFusion fileexists Vulnerability:2
[646] BACKDOOR: Dagger Trojan:1
[647] BACKDOOR: Dagger Trojan:2
[648] FTP: Directory Traversal Attempt:1
[649] MSSQL: xp_execresultset Possible Buffer Overflow:1
[650] MSSQL: xp_execresultset Possible Buffer Overflow:2
[651] HTTP: sample.exe Run Command:1
[652] HTTP: sample.exe Run Command:2
[653] HTTP: sample.exe Run Command:3
[654] HTTP: sample.exe Run Command:4
[655] HTTP: sample.exe Run Command:5
[656] WORM: W32/Bagle.bd@MM Worm:1
[657] WORM: W32/Bagle.bd@MM Worm:2
[658] WORM: W32/Bagle.bd@MM Worm:3
[659] WORM: W32/Bagle.bd@MM Worm:4
[660] WORM: W32/Bagle.bd@MM Worm:5
[661] WORM: W32/Bagle.bd@MM Worm:6
[662] DNS: NXT Buffer Overflow:1
[663] DNS: NXT Buffer Overflow:2
[664] DNS: NXT Buffer Overflow:3
[665] SENSOR: Inconclusive Protocol Identification:1
[666] SMTP: Heap Overflow in Windows Script:1
[667] SMTP: Heap Overflow in Windows Script:2
[668] BACKDOOR: Last2000/Singularity:1
[669] DoS: Windows ISA Service DoS:1
[670] SNMP: Cisco IOS Undocumented Community String:1
[671] TELNET: Authentication Name Too Long:2
[672] WORM: W32/Mydoom.bd@MM Worm:1
[673] WORM: W32/Mydoom.bd@MM Worm:2
[674] WORM: W32/Mydoom.bd@MM Worm:3
[675] BACKDOOR: Tron:1
[676] DoS: Bonk Attack:1
[677] HTTP: IDS Evading Attempt:1
[678] HTTP: IDS Evading Attempt:2
[679] NETBIOS-SS: Windows Password Guessing:1
[680] BOT: Agobot/Phatbot/Forbot/XtremBot IRC Activity:1
[681] BOT: Agobot/Phatbot/Forbot/XtremBot IRC Activity:2
[682] BOT: Agobot/Phatbot/Forbot/XtremBot IRC Activity:3
[683] BOT: Agobot/Phatbot/Forbot/XtremBot IRC Activity:4
[684] BACKDOOR: Celine:1
[685] MSSQL: Xp_runwebtask Possible Buffer Overflow:1
[686] MSSQL: Xp_runwebtask Possible Buffer Overflow:2
[687] ORACLE: ctxsys.driload Access Validation Vulnerability:1
[688] IRC: IRCd-Hybrid Buffer Overflow:1
[689] IRC: IRCd-Hybrid Buffer Overflow:2
[690] RLOGIN: FROOT Account Attempt:1
[691] RLOGIN: FROOT Account Attempt:2
[692] HTTP: Ipswitch WhatsUp Gold Web Server Buffer Overflow:1
[693] HTTP: Ipswitch WhatsUp Gold Web Server Buffer Overflow:2
[694] BACKDOOR: The Prayer:1
[695] HTTP: RSA SecureID Web Agent Heap Overflow:1
[696] HTTP: RSA SecureID Web Agent Heap Overflow:2
[697] HTTP: Apache Tomcat System Path Info Disclosure:1
[698] HTTP: Apache Tomcat System Path Info Disclosure:2
[699] SMTP: Long SEND Parameters Buffer Overflow Attempt:1
[700] SMTP: Sendmail Debug Exploit:1
[701] SMTP: Sendmail Debug Exploit:2
[702] SMTP: Sendmail Debug Exploit:3
[703] BACKDOOR: Executor:1
[704] BACKDOOR: Executor:2
[705] H.225: Microsoft ISA Server Destination Address URL Buffer Overflow:1
[706] FTP: Glibc Glob Head Corruption:1
[707] MSSQL: Text Formatting Function Possible Buffers Overflow:1
[708] MSSQL: Text Formatting Function Possible Buffers Overflow:2
[709] MSSQL: Text Formatting Function Possible Buffers Overflow:3
[710] MSSQL: Text Formatting Function Possible Buffers Overflow:4
[711] MSSQL: Text Formatting Function Possible Buffers Overflow:5
[712] MSSQL: Text Formatting Function Possible Buffers Overflow:6
[713] ORACLE: Parameter/Statement Buffer Overflow Vulnerabilities:1
[714] WORM: W32/Bagle.af@MM Worm:1
[715] WORM: W32/Bagle.af@MM Worm:2
[716] WORM: W32/Bagle.af@MM Worm:3
[717] WORM: W32/Bagle.af@MM Worm:4
[718] WORM: W32/Bagle.af@MM Worm:5
[719] WORM: W32/Bagle.af@MM Worm:6
[720] MySQL: Version 4.1 and 5.0 Authentication Overflow:1
[721] BACKDOOR: Remote Computer Control Center:1
[722] HTTP: ColdFusion MX with Microsoft IIS Buffer Overflow:1
[723] HTTP: ColdFusion MX with Microsoft IIS Buffer Overflow:2
[724] HTTP: Lotus Domino Directory Traversal Vulnerability:1
[725] HTTP: Lotus Domino Directory Traversal Vulnerability:2
[726] HTTP: Netscape Enterprise Server Index Disclosure:1
[727] HTTP: Netscape Enterprise Server Index Disclosure:2
[728] SSL: Packet With No Connection:1
[729] RPC: CMSD Solaris Horizon Buffer Overflow:1
[730] RPC: CMSD Solaris Horizon Buffer Overflow:2
[731] RPC: CMSD Solaris Horizon Buffer Overflow:3
[732] RPC: CMSD Solaris Horizon Buffer Overflow:4
[733] RPC: CMSD Solaris Horizon Buffer Overflow:5
[734] DDoS: Stacheldraht Agent-to-Master:1
[735] MSSQL: xp_oledbinfo Possible Buffer Overflow:1
[736] MSSQL: xp_oledbinfo Possible Buffer Overflow:2
[737] ORACLE: 9iAS PL/SQL OWA UTIL Unauthorized Stored Procedure Access:1
[738] HTTP: cgitest.exe Buffer Overflow:1
[739] HTTP: cgitest.exe Buffer Overflow:2
[740] HTTP: cgitest.exe Buffer Overflow:3
[741] HTTP: cgitest.exe Buffer Overflow:4
[742] TELNET: Masquerading Client Login User:1
[743] HTTP: HP Web JetAdmin Command Execution:1
[744] HTTP: HP Web JetAdmin Command Execution:2
[745] HTTP: HP Web JetAdmin Command Execution:3
[746] HTTP: IIS Chunk Encoding Heap Overflow:1
[747] HTTP: IIS Chunk Encoding Heap Overflow:2
[748] HTTP: PDGSoft Shopping Cart Overflow:1
[749] HTTP: PDGSoft Shopping Cart Overflow:2
[750] HTTP: PDGSoft Shopping Cart Overflow:3
[751] BACKDOOR: BDDT:1
[752] BACKDOOR: BDDT:2
[753] BACKDOOR: HTTP Dansie:1
[754] FTP: SITE CPWD Buffer Overflow:1
[755] ORACLE: Application Server Default Page Server Information Leak:1
[756] ORACLE: Application Server Default Page Server Information Leak:2
[757] ORACLE: Application Server Default Page Server Information Leak:3
[758] SNMP: Indefinite Length Encoding Detected:1
[759] SNMP: Indefinite Length Encoding Detected:2
[760] SNMP: Indefinite Length Encoding Detected:3
[761] SNMP: Indefinite Length Encoding Detected:4
[762] SNMP: Indefinite Length Encoding Detected:5
[763] SNMP: Indefinite Length Encoding Detected:6
[764] SNMP: Indefinite Length Encoding Detected:7
[765] SNMP: Indefinite Length Encoding Detected:8
[766] P2P: eDonkey Client Connecting to Server:1
[767] P2P: eDonkey Client Connecting to Server:3
[768] WORM: W32/Bagle.p@MM Worm:1
[769] WORM: W32/Bagle.p@MM Worm:2
[770] WORM: W32/Bagle.p@MM Worm:3
[771] TELNET: Interaccess Telnetd Server 4.0 Terminal Configuration DoS:1
[772] HTTP: Squid NTLM Authentication Buffer Overflow:1
[773] HTTP: Squid NTLM Authentication Buffer Overflow:2
[774] HTTP: phpbb_root_path Remote File Include:1
[775] HTTP: phpbb_root_path Remote File Include:2
[776] TCP: TCP Urgent Data Pointer is Non-zero:1
[777] HTTP: IIS MDAC RDS Buffer Overflow Vulnerability:1
[778] HTTP: IIS MDAC RDS Buffer Overflow Vulnerability:2
[779] RPC: snmpXdmid Generic Length Buffer Overflow:1
[780] HTTP: Netscape Directory Indexing Browse Directory:1
[781] HTTP: Netscape Directory Indexing Browse Directory:2
[782] SNMP: Invalid Generic Trap Code:1
[783] TELNET: User Name Too Long:1
[784] TELNET: User Name Too Long:2
[785] HTTP: Macromedia JRun Admin Server Authentication Bypass:1
[786] HTTP: Macromedia JRun Admin Server Authentication Bypass:2
[787] WINS: Replication Validation Error:1
[788] WINS: Replication Validation Error:2
[789] WINS: Replication Validation Error:3
[790] SMTP: Ecartis Password Disclosure Vulnerability:1
[791] SSL: Client-Initiated Key Renegotiation Detected:1
[792] BACKDOOR: NetRaider:1
[793] BACKDOOR: RUX The TIc.K Backdoor:1
[794] BACKDOOR: RUX The TIc.K Backdoor:2
[795] IM: MSN (.NET) Messenger Alive:1
[796] IM: MSN (.NET) Messenger Alive:2
[797] IM: MSN (.NET) Messenger Alive:4
[798] IM: MSN (.NET) Messenger Alive:5
[799] ORACLE: 8i Dbsnmp Command Remote Denial Of Service:1
[800] HTTP: Phorum admin.php3 View File:1
[801] HTTP: Phorum admin.php3 View File:2
[802] HTTP: Phorum admin.php3 View File:3
[803] SNMP: Write Other Default Community String:1
[804] NNTP: LIST Response Parameter Overflow:1
[805] HTTP: Carello File Duplication/Disclosure:1
[806] HTTP: Carello File Duplication/Disclosure:2
[807] FINGER: Bomb Attack:1
[808] RTSP: URI Buffer Overflow in Real Server:1
[809] RTSP: URI Buffer Overflow in Real Server:2
[810] RTSP: URI Buffer Overflow in Real Server:3
[811] FTP: ProFTPD Format String:1
[812] HTTP: Buffer Overflow Attempt Detected in URL:1
[813] HTTP: Buffer Overflow Attempt Detected in URL:2
[814] HTTP: Buffer Overflow Attempt Detected in URL:3
[815] HTTP: Buffer Overflow Attempt Detected in URL:4
[816] HTTP: Buffer Overflow Attempt Detected in URL:5
[817] HTTP: Buffer Overflow Attempt Detected in URL:6
[818] HTTP: rpm_query List Installed Package:1
[819] HTTP: rpm_query List Installed Package:2
[820] TELNET: LD LIBRARY PATH Vulnerability:1
[821] TELNET: LD LIBRARY PATH Vulnerability:2
[822] TELNET: LD LIBRARY PATH Vulnerability:3
[823] TELNET: LD LIBRARY PATH Vulnerability:4
[824] HP: OpenView Omniback Unauthorized OmniBack Client Access:1
[825] IMAP: Buffer Overflow With Overly Long PROXY Command Parameters:1
[826] HTTP: EZMall Information Disclosure:1
[827] HTTP: EZMall Information Disclosure:2
[828] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:1
[829] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:2
[830] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:3
[831] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:4
[832] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:5
[833] SSL: Certificate Microsoft ASN.1 Message Field Length Encoding Error:6
[834] BACKDOOR: Insane Network:1
[835] BACKDOOR: Deep Throat Trojan:1
[836] BACKDOOR: Deep Throat Trojan:2
[837] BACKDOOR: Deep Throat Trojan:3
[838] BACKDOOR: Deep Throat Trojan:4
[839] FTP: SITE EXEC Exploit:1
[840] FTP: SITE EXEC Exploit:2
[841] FTP: SITE EXEC Exploit:3
[842] HTTP: Microsoft FrontPage Buffer Overflow:1
[843] HTTP: Microsoft FrontPage Buffer Overflow:2
[844] HTTP: Microsoft FrontPage Buffer Overflow:3
[845] POP3: Brute Force Login Attempt:1
[846] WORM: W32/Zafi.d@MM Worm:1
[847] WORM: W32/Zafi.d@MM Worm:2
[848] WORM: W32/Zafi.d@MM Worm:3
[849] WORM: W32/Zafi.d@MM Worm:4
[850] WORM: W32/Zafi.d@MM Worm:5
[851] WORM: W32/Zafi.d@MM Worm:6
[852] IMAP: Brute Force LOGIN Attempt:1
[853] HTTP: RaQ Bash History Read:1
[854] HTTP: RaQ Bash History Read:2
[855] BACKDOOR: Mantis:1
[856] FTP: WU-FTPD Tarparameters Exploit:1
[857] HTTP: IIS JET VBA Run Command Attempt:1
[858] HTTP: IIS JET VBA Run Command Attempt:3
[859] HTTP: IIS JET VBA Run Command Attempt:2
[860] HTTP: IIS JET VBA Run Command Attempt:4
[861] REXEC: Root Account Attempt:1
[862] Cisco: IOS Protocol DoS:1
[863] SNMP: TrapWatcher Msg Length Buffer Overflow:1
[864] SNMP: TrapWatcher Msg Length Buffer Overflow:2
[865] SNMP: TrapWatcher Msg Length Buffer Overflow:3
[866] HTTP: WWWThreads SQL Command Input:1
[867] HTTP: WWWThreads SQL Command Input:2
[868] BACKDOOR: Dfch:1
[869] HTTP: htmlscript Retrieve Infomation:1
[870] HTTP: htmlscript Retrieve Infomation:2
[871] DDoS: Trin00 Master-to-Agent Communication:1
[872] WORM: W32/Bagle.u@MM Worm:1
[873] WORM: W32/Bagle.u@MM Worm:2
[874] WORM: W32/Bagle.u@MM Worm:3
[875] DHCP: ISC DHCP Server Format String Vulnerability Exploit:1
[876] DHCP: ISC DHCP Server Format String Vulnerability Exploit:2
[877] DHCP: ISC DHCP Server Format String Vulnerability Exploit:3
[878] IMAP: Buffer Overflow Attempt Detected in Commands:1
[879] IMAP: Buffer Overflow Attempt Detected in Commands:2
[880] IMAP: Buffer Overflow Attempt Detected in Commands:3
[881] IMAP: Buffer Overflow Attempt Detected in Commands:4
[882] IMAP: Buffer Overflow Attempt Detected in Commands:5
[883] IMAP: Buffer Overflow Attempt Detected in Commands:6
[884] SMTP: Microsoft Outlook Date Field Buffer Overflow:1
[885] SMTP: Microsoft Outlook Date Field Buffer Overflow:2
[886] HTTP: phpBB Search.php SQL Injection:1
[887] HTTP: phpBB Search.php SQL Injection:2
[888] BACKDOOR: FileNail:1
[889] H.225: PROTO Source Address E164 Length Anomaly:1
[890] HTTP: uploader.exe Execute Program:1
[891] HTTP: uploader.exe Execute Program:2
[892] POP3: Buffer Overflow Attempt Detected in Command:1
[893] POP3: Buffer Overflow Attempt Detected in Command:2
[894] POP3: Buffer Overflow Attempt Detected in Command:3
[895] POP3: Buffer Overflow Attempt Detected in Command:4
[896] POP3: Buffer Overflow Attempt Detected in Command:5
[897] POP3: Buffer Overflow Attempt Detected in Command:6
[898] WORM: W32/Mydoom.o@MM Worm:1
[899] WORM: W32/Mydoom.o@MM Worm:2
[900] WORM: W32/Mydoom.o@MM Worm:3
[901] WORM: W32/Mydoom.o@MM Worm:4
[902] WORM: W32/Mydoom.o@MM Worm:5
[903] WORM: W32/Mydoom.o@MM Worm:6
[904] MySQL: MySQL Server for Windows Device Names DoS:1
[905] MySQL: MySQL Server for Windows Device Names DoS:2
[906] IMAP: Buffer Overflow With Overly Long LIST Command Parameters:1
[907] CVS: Revision Buffer Overflow:1
[908] SMB: Microsoft SMB Client Session Setup DoS:1
[909] SMB: Microsoft SMB Client Session Setup DoS:2
[910] SSL: Session Recycled:1
[911] HTTP: Dansie Shopping Cart Backdoor:1
[912] HTTP: Dansie Shopping Cart Backdoor:2
[913] SMTP: Long HELO Parameter Exploit:1
[914] HTTP: Biztalk Receive Buffer Overflow:1
[915] HTTP: Biztalk Receive Buffer Overflow:2
[916] HTTP: Biztalk Receive Buffer Overflow:3
[917] BACKDOOR: B.F.Evolution:1
[918] DCERPC: Microsoft Plug and Play Service Buffer Overflow:1
[919] DCERPC: Microsoft Plug and Play Service Buffer Overflow:2
[920] DDoS: Trin00 Attacker-to-Master Remote Password:1
[921] FTP: ProFTPD log_xfer() Buffer Overflow:1
[922] FTP: ProFTPD log_xfer() Buffer Overflow:2
[923] FTP: ProFTPD log_xfer() Buffer Overflow:3
[924] FTP: ProFTPD log_xfer() Buffer Overflow:4
[925] FTP: ProFTPD log_xfer() Buffer Overflow:5
[926] HTTP: Nessus Probe:1
[927] POP3: Qpopper LIST Exploit:1
[928] POP3: Qpopper LIST Exploit:2
[929] WORM: W32/Bagle.h@MM Worm:1
[930] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:1
[931] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:2
[932] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:3
[933] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:4
[934] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:5
[935] TELNET: Buffer Overflow Attempt Detected in Environment Negotiation:6
[936] SMTP: Shellcode Found in  SMTP Command:1
[937] SMTP: Shellcode Found in  SMTP Command:2
[938] SMTP: Shellcode Found in  SMTP Command:3
[939] SMTP: Shellcode Found in  SMTP Command:4
[940] SMTP: Shellcode Found in  SMTP Command:5
[941] SMTP: Shellcode Found in  SMTP Command:6
[942] HTTP: NewsPHP Input Validation Vulnerability:1
[943] HTTP: NewsPHP Input Validation Vulnerability:2
[944] RPC: MOUNTD Generic Length Buffer Overflow:1
[945] BACKDOOR: Black Angel:1
[946] HTTP: IIS3 ASP dot2e:1
[947] HTTP: IIS3 ASP dot2e:2
[948] ORACLE: Oracle Web Cache HTTP Heap Overflow:1
[949] HTTP: Anaconda Directory Traversal Attempt:1
[950] HTTP: Anaconda Directory Traversal Attempt:2
[951] POP3: Internet Anywhere RETR Denial of Service:1
[952] POP3: Internet Anywhere RETR Denial of Service:2
[953] POP3: Internet Anywhere RETR Denial of Service:3
[954] XTACACS: Denial of Service Attack:1
[955] WORM: W32/Netsky.y@MM Worm:1
[956] WORM: W32/Netsky.y@MM Worm:2
[957] WORM: W32/Netsky.y@MM Worm:3
[958] HTTP: Cisco Collaboration Server Upload Vulnerability:1
[959] HTTP: Cisco Collaboration Server Upload Vulnerability:2
[960] TELNET: Microsoft Windows 2000 Telnet Server Denial of Service:1
[961] BACKDOOR: One Windows Trojan:1
[962] IMAP: Login Buffer Overflow Exploit:1
[963] SMTP: MS05-021 Microsoft Exchange Code Execution:1
[964] HTTP: Htgrep Arbitrary File Disclosure:1
[965] HTTP: Htgrep Arbitrary File Disclosure:2
[966] RPC: TTDBServerD Create File Bufferoverflow:1
[967] RPC: TTDBServerD Create File Bufferoverflow:2
[968] IM: AOL Instant Messenger AddExternalApp Buffer Overflow:1
[969] SCAN: SYN FIN Based Probes:1
[970] SCAN: SYN FIN Based Probes:2
[971] SCAN: SYN FIN Based Probes:3
[972] MSSQL: xp_cmdshell Program Execution:1
[973] MSSQL: xp_cmdshell Program Execution:2
[974] SIP: URI Buffer Overflow in SIP Server:1
[975] SIP: URI Buffer Overflow in SIP Server:2
[976] SIP: URI Buffer Overflow in SIP Server:3
[977] SIP: URI Buffer Overflow in SIP Server:4
[978] SIP: URI Buffer Overflow in SIP Server:5
[979] HTTP: iPlanet Remote File Viewing Vulnerability:1
[980] HTTP: iPlanet Remote File Viewing Vulnerability:2
[981] HTTP: Windows Media Services ISAPI BO:1
[982] HTTP: Windows Media Services ISAPI BO:2
[983] P2P: Phex Alive:1
[984] P2P: Phex Alive:2
[985] RPC: CDE ToolTalk Generic Exploit:1
[986] BACKDOOR: Sockets De Troie Trojan(v2.3):1
[987] BACKDOOR: Sockets De Troie Trojan(v2.3):2
[988] DDoS: Trin00 Daemon-to-Master:1
[989] HTTP: Phorum SQL read.php3 Attack:1
[990] HTTP: Phorum SQL read.php3 Attack:2
[991] WORM: W32/Mydoom.b@MM Worm:1
[992] WORM: W32/Mydoom.b@MM Worm:2
[993] WORM: W32/Mydoom.b@MM Worm:3
[994] WORM: W32/Mydoom.b@MM Worm:4
[995] WORM: W32/Mydoom.b@MM Worm:5
[996] WORM: W32/Mydoom.b@MM Worm:6
[997] BACKDOOR: Phoenix II:1
[998] FINGER: User Information Probe:1
[999] FINGER: User Information Probe:2
[1000] P2P: WinMX File Transferring:1
[1001] P2P: WinMX File Transferring:2
[1002] BACKDOOR: Crazzy Net:1
[1003] RTSP: Real Server View-Source DoS:1
[1004] SNMP: Write Public Community String:1
[1005] TELNET: Linker Options Execute Malicious Code:1
[1006] TELNET: Linker Options Execute Malicious Code:2
[1007] TELNET: Linker Options Execute Malicious Code:3
[1008] SMTP: Sendmail Address Buffer Overflow:1
[1009] SMTP: Sendmail Address Buffer Overflow:2
[1010] SMTP: Sendmail Address Buffer Overflow:3
[1011] SMTP: Sendmail Address Buffer Overflow:4
[1012] SMTP: Sendmail Address Buffer Overflow:5
[1013] SMTP: Sendmail Address Buffer Overflow:6
[1014] SMTP: Sendmail Address Buffer Overflow:7
[1015] SMTP: Sendmail Address Buffer Overflow:8
[1016] SMTP: Sendmail Address Buffer Overflow:9
[1017] SMTP: Sendmail HELO Bomb:1
[1018] HTTP: Microsoft Commerce Server AuthFile ISAPI Filter Buffer Overflow:1
[1019] HTTP: Microsoft Commerce Server AuthFile ISAPI Filter Buffer Overflow:2
[1020] DNS: Antisniff Overflow:1
[1021] DNS: Antisniff Overflow:2
[1022] DNS: Antisniff Overflow:3
[1023] DNS: Antisniff Overflow:4
[1024] DNS: Antisniff Overflow:5
[1025] IMAP: Parameters Length Overly Large:1
[1026] HTTP: Attempt to Read Password File:1
[1027] HTTP: Attempt to Read Password File:2
[1028] HTTP: Attempt to Read Password File:3
[1029] HTTP: Attempt to Read Password File:4
[1030] UPnP: Generic Buffer Overflow:1
[1031] UPnP: Generic Buffer Overflow:2
[1032] BACKDOOR: Microspy:1
[1033] P2P: KaZaA File Transferring:1
[1034] P2P: KaZaA File Transferring:2
[1035] P2P: KaZaA File Transferring:3
[1036] P2P: KaZaA File Transferring:4
[1037] FTP: Ftpd Mkdcwd Buffer Overflow:3
[1038] FTP: Ftpd Mkdcwd Buffer Overflow:1
[1039] FTP: Ftpd Mkdcwd Buffer Overflow:2
[1040] REXEC: User Password Too Long:1
[1041] REXEC: User Password Too Long:2
[1042] SNMP: Cisco VCO Password Leak:1
[1043] MSRPC: Windows LSARPC Buffer Overflow:1
[1044] HTTP: .htaccess File Read Attempt:1
[1045] HTTP: .htaccess File Read Attempt:2
[1046] HTTP: DCForum DCShop File Disclosure:1
[1047] HTTP: DCForum DCShop File Disclosure:2
[1048] HTTP: Read UNIX History File:1
[1049] HTTP: Read UNIX History File:2
[1050] DDoS: Shaft Agent-to-Handler Communication:1
[1051] WORM: W32/Lovgate.ad@MM Worm:1
[1052] WORM: W32/Lovgate.ad@MM Worm:2
[1053] WORM: W32/Lovgate.ad@MM Worm:3
[1054] DHCP: ISC DHCPD Hostname Overflow:1
[1055] IMAP: Buffer Overflow with Overly Long CREATE Command Parameters:1
[1056] RADIUS: Memory Exhaustion Exploit:1
[1057] SHELLCODE: Shellcode Detected for Intel Alpha Family CPUs:1
[1058] SHELLCODE: Shellcode Detected for Intel Alpha Family CPUs:2
[1059] SMTP: MaZ Worm Email:1
[1060] SMTP: MaZ Worm Email:2
[1061] HTTP: NETObserve Security Bypass Vulnerability:1
[1062] HTTP: NETObserve Security Bypass Vulnerability:2
[1063] HTTP: NETObserve Security Bypass Vulnerability:3
[1064] BACKDOOR: Ghost:1
[1065] DCERPC: Microsoft Windows RPCSS Memory Leak DoS:1
[1066] RPC: MOUNTD Humpdee2 Buffer Overflow:1
[1067] RPC: MOUNTD Humpdee2 Buffer Overflow:2
[1068] HTTP: Tatantella TTAWebTop View File:1
[1069] HTTP: Tatantella TTAWebTop View File:2
[1070] HTTP: WEBgais Input Validation:1
[1071] HTTP: WEBgais Input Validation:2
[1072] HTTP: WEBgais Input Validation:3
[1073] RSH: User Name Too Long:1
[1074] RSH: User Name Too Long:2
[1075] RSH: User Name Too Long:3
[1076] POP3: Buffer Overflow Attempt With LIST Parameters:2
[1077] WORM: W32/Bagle.az@MM Worm:1
[1078] WORM: W32/Bagle.az@MM Worm:2
[1079] WORM: W32/Bagle.az@MM Worm:3
[1080] WORM: W32/Bagle.az@MM Worm:4
[1081] WORM: W32/Bagle.az@MM Worm:5
[1082] WORM: W32/Bagle.az@MM Worm:6
[1083] IMAP: Buffer Overflow With Overly Long SEARCH Command Parameters:1
[1084] SSL: Unsupported Export Cipher:1
[1085] HTTP: PDGSoft Shopping Cart Orders Exposure:1
[1086] HTTP: PDGSoft Shopping Cart Orders Exposure:2
[1087] BACKDOOR: Balistix:1
[1088] BACKDOOR: Balistix:2
[1089] DCERPC: Microsoft SPOOLSS Service Buffer Overflow:1
[1090] BACKDOOR: Event Horizon:1
[1091] FTP: Ftpd Wh00tscan:1
[1092] POP3: Qpop.c LIST Buffer Overflow:1
[1093] WORM: W32/Sober.d@MM Worm:1
[1094] WORM: W32/Sober.d@MM Worm:2
[1095] WORM: W32/Sober.d@MM Worm:3
[1096] WORM: W32/Sober.d@MM Worm:4
[1097] WORM: W32/Sober.d@MM Worm:5
[1098] WORM: W32/Sober.d@MM Worm:6
[1099] TFTP: Directory Traversal Exploit:1
[1100] BACKDOOR: Buschtrommel:1
[1101] BACKDOOR: Buschtrommel:2
[1102] RPC: Cachefsd Generic Length Buffer Overflow:1
[1103] HTTP: Possible Authentication Buffer Overflow:1
[1104] HTTP: Possible Authentication Buffer Overflow:2
[1105] HTTP: campas.cgi Web Access:1
[1106] HTTP: campas.cgi Web Access:2
[1107] HTTP: campas.cgi Web Access:3
[1108] IGMP: Fawx Attack:1
[1109] POP3: Winproxy Buffer Overflow:1
[1110] WORM: W32/Netsky.AB@MM Worm:1
[1111] WORM: W32/Netsky.AB@MM Worm:2
[1112] WORM: W32/Netsky.AB@MM Worm:3
[1113] IMAP: SELECT Buffer Overflow Exploit:1
[1114] SENSOR: PREVDATA Buffers Exhausted:1
[1115] LPR: Stack Buffer Overflow:1
[1116] SMTP: Buffer Overflow Attempted with Overly Long VRFY Parameters:1
[1117] HTTP: IIS Index Server Directory Disclosure:1
[1118] HTTP: IIS Index Server Directory Disclosure:2
[1119] IM: AOL Instant Messenger AddGame Buffer Overflow Vulnerability:1
[1120] FTP: CWD ~root:1
[1121] FTP: CWD ~root:2
[1122] BACKDOOR: QAZ:1
[1123] SMB: Samba Mangling Method Buffer Overflow:1
[1124] SMB: Samba Mangling Method Buffer Overflow:2
[1125] SMB: Samba Mangling Method Buffer Overflow:3
[1126] SMB: Samba Mangling Method Buffer Overflow:4
[1127] SMB: Samba Mangling Method Buffer Overflow:5
[1128] SMB: Samba Mangling Method Buffer Overflow:6
[1129] SMB: Samba Mangling Method Buffer Overflow:7
[1130] SMB: Samba Mangling Method Buffer Overflow:8
[1131] SMB: Samba Mangling Method Buffer Overflow:9
[1132] SMB: Samba Mangling Method Buffer Overflow:10
[1133] SMB: Samba Mangling Method Buffer Overflow:11
[1134] SMB: Samba Mangling Method Buffer Overflow:12
[1135] SMB: Samba Mangling Method Buffer Overflow:13
[1136] SMB: Samba Mangling Method Buffer Overflow:14
[1137] SMB: Samba Mangling Method Buffer Overflow:15
[1138] SYBASE: DBCC CHECKVERIFY Command Used:1
[1139] SYBASE: DBCC CHECKVERIFY Command Used:2
[1140] SMTP: Skyfull Mail Server Buffer Overflow:1
[1141] XFS: fs.auto Remote Buffer Overflow Vulnerability:1
[1142] XFS: fs.auto Remote Buffer Overflow Vulnerability:2
[1143] HTTP: Analogx Proxy Overly Long URL Vulnerability:1
[1144] ARP: MAC Address Flip-Flop:1
[1145] MSSQL: PWDENCRYPT Possible Buffer Overflow:1
[1146] MSSQL: PWDENCRYPT Possible Buffer Overflow:2
[1147] MSSQL: PWDENCRYPT Possible Buffer Overflow:3
[1148] MSSQL: PWDENCRYPT Possible Buffer Overflow:4
[1149] DDoS: Stacheldraht Master-Response:1
[1150] WORM: W32/Mydoom.f@MM Worm:1
[1151] WORM: W32/Mydoom.f@MM Worm:2
[1152] WORM: W32/Mydoom.f@MM Worm:3
[1153] WORM: W32/Mydoom.f@MM Worm:4
[1154] WORM: W32/Mydoom.f@MM Worm:5
[1155] WORM: W32/Mydoom.f@MM Worm:6
[1156] BACKDOOR: Remote Explorer:1
[1157] SMTP: MERCUR SMTP EXPN Buffer Overflow:1
[1158] IM: Yahoo Messenger Server Lookup:1
[1159] IM: Yahoo Messenger Server Lookup:2
[1160] IM: AIM(ICQ) File  Transfer:1
[1161] IM: AIM(ICQ) File  Transfer:2
[1162] IM: AIM(ICQ) File  Transfer:3
[1163] IM: AIM(ICQ) File  Transfer:4
[1164] TELNET: BSD Tgetent Exploit:1
[1165] TELNET: BSD Tgetent Exploit:2
[1166] TELNET: BSD Tgetent Exploit:3
[1167] TELNET: BSD Tgetent Exploit:4
[1168] HTTP: ColdFusion MX on IIS File Contents Disclosure Vulnerability:1
[1169] MSRPC: NT RAS Administration Registry Key Vulnerability:1
[1170] SMTP: SMI User Bin Access:1
[1171] HTTP: WebSPIRS Input Validation Error:1
[1172] HTTP: WebSPIRS Input Validation Error:2
[1173] NTP: NTPD Remote Buffer Overflow:1
[1174] NTP: NTPD Remote Buffer Overflow:2
[1175] NTP: NTPD Remote Buffer Overflow:3
[1176] BACKDOOR: Windows Mite:1
[1177] HTTP: Apache Tomcat Sensitive Information Disclosure:1
[1178] HTTP: Apache Tomcat Sensitive Information Disclosure:2
[1179] HTTP: Apache Tomcat Sensitive Information Disclosure:3
[1180] DCERPC: RFPoison DoS Attack:1
[1181] SMTP: Sendmail 8.6.9 Exploit:1
[1182] SMTP: Sendmail 8.6.9 Exploit:2
[1183] SMTP: Sendmail 8.6.9 Exploit:3
[1184] UPnP: Netgear ProSafe Router Information Leak:1
[1185] KERBEROS: Microsoft Kerberos 5 ASN.1 Length Encoding Error:1
[1186] P2P: Morpheus Alive:1
[1187] P2P: Morpheus Alive:2
[1188] BACKDOOR: Serveme:1
[1189] HTTP: Code Red Worm - IIS Index Server Overflow:1
[1190] IRC: Trillian Numeric Buffer Overflow:1
[1191] IP: Abnormally High Number of Small Fragments:1
[1192] HTTP: Forms.exe Buffer Overflow:1
[1193] HTTP: Forms.exe Buffer Overflow:2
[1194] DDoS: Stacheldraht Master-to-Agent (niggahbitch):1
[1195] BACKDOOR: NetMonitor (NetSpy):1
[1196] BACKDOOR: NetMonitor (NetSpy):2
[1197] RPC: CMSD Solaris LSD Buffer Overflow:1
[1198] RPC: CMSD Solaris LSD Buffer Overflow:2
[1199] FTP: IIS FTP Wildcard Denial of Service:1
[1200] FTP: Bftpd SITE CHOWN Buffer Overflow:1
[1201] HTTP: Thttpd Stack Overflow:1
[1202] HTTP: Thttpd Stack Overflow:2
[1203] HTTP: Thttpd Stack Overflow:3
[1204] DDoS: mstream Handler Ping to Agent:1
[1205] BACKDOOR: School Bus:1
[1206] IDENT: Suspiciously Long Request:1
[1207] IDENT: Suspiciously Long Request:2
[1208] IDENT: Suspiciously Long Request:3
[1209] IDENT: Suspiciously Long Request:4
[1210] HTTP: Cisco Secure ACS Web Management Interface Buffer Overflow:1
[1211] HTTP: Cisco Secure ACS Web Management Interface Buffer Overflow:2
[1212] BACKDOOR: Prosiak:1
[1213] BACKDOOR: Prosiak:2
[1214] BACKDOOR: Prosiak:3
[1215] BACKDOOR: Prosiak:4
[1216] RPC: STATD SMMON Buffer Overflow:1
[1217] RPC: STATD SMMON Buffer Overflow:2
[1218] RPC: STATD SMMON Buffer Overflow:3
[1219] RPC: STATD SMMON Buffer Overflow:4
[1220] DCERPC: Microsoft RPC Information Disclosure and DoS:1
[1221] DCERPC: Microsoft RPC Information Disclosure and DoS:2
[1222] MSSQL: xp_displayqueuemesgs Possible Buffer Overflow:1
[1223] MSSQL: xp_displayqueuemesgs Possible Buffer Overflow:2
[1224] TCP: Bare Push Probe:1
[1225] FTP: FTPD x86 Linux Buffer Overflow:1
[1226] FTP: FTPD x86 Linux Buffer Overflow:3
[1227] FTP: FTPD x86 Linux Buffer Overflow:2
[1228] HTTP: Auktion Directory Traversal:1
[1229] HTTP: Auktion Directory Traversal:2
[1230] RSH: Null Login:1
[1231] SRCP: Buffer Overflows in Srcpd:1
[1232] POP3: Buffer Overflow Attempt With TOP Parameters:1
[1233] IRC: BitchX Format String  Exploit:1
[1234] IRC: BitchX Format String  Exploit:2
[1235] DNS: OPT Denial of Service:1
[1236] IMAP: Buffer Overflow With Overly Long COPY Command Parameters:1
[1237] HTTP: Quikstore Config File Exposure:1
[1238] HTTP: Quikstore Config File Exposure:2
[1239] TCP: Urgent Pointer is Set but Ack is Zero:1
[1240] SMTP: Lotus RCPT TO Overflow:1
[1241] SMTP: Lotus RCPT TO Overflow:2
[1242] HTTP: Weblogic Plugin Overflow:1
[1243] HTTP: Weblogic Plugin Overflow:2
[1244] HTTP: Weblogic Plugin Overflow:3
[1245] BACKDOOR: Tini:1
[1246] FTP: Overly Long USER Parameters with Shellcode:1
[1247] FTP: Ftpd SAINT Scan:1
[1248] HTTP: Piranha Execute Command:1
[1249] HTTP: Piranha Execute Command:2
[1250] ORACLE: Server String Conversion Function Buffer Overflow:1
[1251] BACKDOOR: Internal Revise:1
[1252] SMTP: Microsoft Outlook Web Access Cross Site Scripting:1
[1253] SMTP: Microsoft Outlook Web Access Cross Site Scripting:2
[1254] BACKDOOR: Asylum Trojan:1
[1255] BACKDOOR: Asylum Trojan:2
[1256] BACKDOOR: Asylum Trojan:3
[1257] BACKDOOR: Asylum Trojan:4
[1258] DCERPC: DCOM RemoteGetClassObject DoS:1
[1259] DCERPC: DCOM RemoteGetClassObject DoS:2
[1260] MSSQL: xp_showcolv Possible Buffer Overflow:1
[1261] MSSQL: xp_showcolv Possible Buffer Overflow:2
[1262] HTTP: WEBactive HTTP Server File Disclosure:1
[1263] HTTP: WEBactive HTTP Server File Disclosure:2
[1264] POP3: WinGate Popd Denial of Service:1
[1265] WORM: W32/Stdbot.B Worm:1
[1266] IMAP: wu-imapd LSUB Buffer Overflow Exploit:1
[1267] IMAP: wu-imapd LSUB Buffer Overflow Exploit:2
[1268] LPR: Remove File as Root Exploit:1
[1269] LPR: Remove File as Root Exploit:2
[1270] SMTP: CMail Buffer Overflow:1
[1271] IDENT: Xinetd Buffer Overflow Vulnerability:1
[1272] IDENT: Xinetd Buffer Overflow Vulnerability:2
[1273] IDENT: Xinetd Buffer Overflow Vulnerability:3
[1274] BACKDOOR: Delta Source:1
[1275] BACKDOOR: Delta Source:2
[1276] BACKDOOR: Delta Source:3
[1277] DCERPC: Project1 Exploit:1
[1278] FTP: Ftpd Mkd Buffer Overflow:1
[1279] FTP: Ftpd Mkd Buffer Overflow:2
[1280] FTP: Ftpd Mkd Buffer Overflow:3
[1281] HTTP: Webdist.cgi Execute Command:1
[1282] HTTP: Webdist.cgi Execute Command:2
[1283] HTTP: Webdist.cgi Execute Command:3
[1284] DNS: Looping Compression Pointer:1
[1285] BACKDOOR: Net Controller:1
[1286] IP: IP Fragment too Large:1
[1287] SMTP: Too Many Long Commands DoS:1
[1288] RDP: Microsoft Windows RDP Server Abnormal Termination:1
[1289] ARP: Reply with Broadcast Destination MAC Address:1
[1290] BACKDOOR: Alvgus:1
[1291] BACKDOOR: Alvgus:2
[1292] MSSQL: Hello DoS:1
[1293] MSSQL: Hello DoS:2
[1294] HTTP: Nortel Contivity File View:1
[1295] HTTP: Nortel Contivity File View:2
[1296] SNMP: OID Length Too Long:1
[1297] IRC: mIRC Userhost Buffer Overflow:1
[1298] HTTP: Windows Sharepoint Services Cross-Site Scripting:1
[1299] WORM: W32/Bagle.c@MM Worm:1
[1300] WORM: W32/Bagle.c@MM Worm:2
[1301] WORM: W32/Bagle.c@MM Worm:3
[1302] BACKDOOR: Beast:1
[1303] BACKDOOR: Beast:2
[1304] SMTP: Sendmail WIZ Privileged Access:1
[1305] HTTP: Talkback CGI Traversal:1
[1306] HTTP: Talkback CGI Traversal:2
[1307] RPC: TTDBServerD Generic Length Buffer Overflow:1
[1308] RTSP: Denial of Service Vulnerability:1
[1309] RTSP: Denial of Service Vulnerability:2
[1310] BACKDOOR: GirlFriend Trojan:1
[1311] HTTP: iCat Carbo.dll File Disclosure:1
[1312] HTTP: iCat Carbo.dll File Disclosure:2
[1313] BACKDOOR: Vagr Noker:1
[1314] SMTP: All-Mail Buffer Overflow:1
[1315] HTTP: IIS fpcount.exe Buffer Overflow:1
[1316] HTTP: IIS fpcount.exe Buffer Overflow:2
[1317] HTTP: IIS fpcount.exe Buffer Overflow:3
[1318] IM: Microsoft MSN Messenger Font Tag DoS Vulnerability:1
[1319] HTTP: mlog.phtml Access Files:1
[1320] HTTP: mlog.phtml Access Files:2
[1321] Subversion: Date Parsing Buffer Overflow:1
[1322] BACKDOOR: YAT:1
[1323] BACKDOOR: YAT:2
[1324] HTTP:  IIS .BAT Execute Command:1
[1325] HTTP:  IIS .BAT Execute Command:2
[1326] NETBIOS-SS: Bugbear Virus Worm:1
[1327] SMTP: McAfee WebShield SMTP Trailing Period DoS:1
[1328] HTTP: Compaq Web Admin Buffer Overflow:1
[1329] HTTP: Compaq Web Admin Buffer Overflow:2
[1330] H.225: PROTO Source Address H323-ID Length Anomaly:1
[1331] BACKDOOR: Millenium:1
[1332] RPC: XDR Fragment Decoding Buffer Overflow:1
[1333] P2P: Grokster Alive:1
[1334] P2P: Grokster Alive:2
[1335] HTTP: IIS .printer Buffer Overflow:1
[1336] HTTP: IIS .printer Buffer Overflow:2
[1337] HTTP: IIS .printer Buffer Overflow:3
[1338] HTTP: IIS .printer Buffer Overflow:4
[1339] HTTP: IIS .printer Buffer Overflow:5
[1340] Oracle: Application Server Forms Arbitrary System Command Execution:1
[1341] SOCKS: SOCKS5 Hostname Buffer Overflow:1
[1342] SOCKS: SOCKS5 Hostname Buffer Overflow:2
[1343] SOCKS: SOCKS5 Hostname Buffer Overflow:3
[1344] BACKDOOR: Remote Revise:1
[1345] SMB: Unix Password File Access Attempt:1
[1346] SMB: Unix Password File Access Attempt:2
[1347] RPC: SADMIND X86 Buffer Overflow:1
[1348] RPC: SADMIND X86 Buffer Overflow:2
[1349] RPC: SADMIND X86 Buffer Overflow:3
[1350] MSSQL: xp_createprivatequeue Possible Buffer Overflow:1
[1351] MSSQL: xp_createprivatequeue Possible Buffer Overflow:2
[1352] HTTP: SuSE Apache Information Leak:1
[1353] HTTP: SuSE Apache Information Leak:2
[1354] HTTP: Microsoft FrontPage shtml.exe Path Disclosure:1
[1355] HTTP: Microsoft FrontPage shtml.exe Path Disclosure:2
[1356] DoS: UDP Land Attack:1
[1357] HTTP: IIS File Fragment Disclosure Vulnerability:1
[1358] HTTP: IIS File Fragment Disclosure Vulnerability:2
[1359] SHELLCODE: Shellcode Exploit Detected for PowerPC Family CPUs:1
[1360] SHELLCODE: Shellcode Exploit Detected for PowerPC Family CPUs:2
[1361] SHELLCODE: Shellcode Exploit Detected for PowerPC Family CPUs:3
[1362] SHELLCODE: Shellcode Exploit Detected for PowerPC Family CPUs:4
[1363] SHELLCODE: Shellcode Exploit Detected for PowerPC Family CPUs:5
[1364] BACKDOOR: Y3K ICQ Pager:1
[1365] BACKDOOR: SniperNet:1
[1366] BACKDOOR: SniperNet:2
[1367] RPC: Portmap Dump Request:1
[1368] MSSQL: Xp_readpkfromvarbin Possible Buffer Overflow:1
[1369] MSSQL: Xp_readpkfromvarbin Possible Buffer Overflow:2
[1370] HTTP: BigBrother Access Validation Error:1
[1371] HTTP: BigBrother Access Validation Error:2
[1372] ORACLE: TO_TIMESTAMP_TZ Buffer Overflow:1
[1373] CA: License Server Remote Buffer Overflow:1
[1374] CA: License Server Remote Buffer Overflow:2
[1375] CA: License Server Remote Buffer Overflow:3
[1376] CA: License Server Remote Buffer Overflow:4
[1377] CA: License Server Remote Buffer Overflow:5
[1378] IRC: BNC Proxy Buffer  Overflow:1
[1379] IRC: BNC Proxy Buffer  Overflow:2
[1380] RLOGIN: Failed Login:1
[1381] BACKDOOR: Optix:1
[1382] SMTP: Microsoft IE Long Hostname Heap Corruption:1
[1383] TCP: Timestamp Option:1
[1384] SMTP: Decode Exploit:1
[1385] SMTP: Decode Exploit:2
[1386] SMTP: Decode Exploit:3
[1387] HTTP: PHP MyAdmin Eval Execute:1
[1388] HTTP: PHP MyAdmin Eval Execute:2
[1389] HTTP: PHP MyAdmin Eval Execute:3
[1390] HTTP: PHP MyAdmin Eval Execute:4
[1391] H.225: Microsoft ISA server Source Address Email Buffer Overflow:1
[1392] BACKDOOR: Truva/tRuVa:1
[1393] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:1
[1394] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:2
[1395] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:3
[1396] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:4
[1397] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:5
[1398] MSSQL: Buffer Overflow Shellcode ACTIVE ATTACK:6
[1399] HTTP: PCCS MySQL Database Obtain Sensitive Infomation:1
[1400] HTTP: PCCS MySQL Database Obtain Sensitive Infomation:2
[1401] ORACLE: Buffer Overflow in DBMS_SYSTEM.KSDWRT():1
[1402] SNMP: Protocol Anomaly Invalid Bulk Request MaxRepetitions:1
[1403] DoS: WinNuke/Out-of-Band DoS:1
[1404] TFTP: Dabber Worm:1
[1405] HTTP: Apache apr-util IPv6 Uri Parsing Exploit:1
[1406] HTTP: Apache apr-util IPv6 Uri Parsing Exploit:2
[1407] MySQL: Login Failed:1
[1408] MySQL: Login Failed:2
[1409] BACKDOOR: Project Next:1
[1410] HTTP: IIS Double Byte Code Page Vulnerability:1
[1411] HTTP: IIS Double Byte Code Page Vulnerability:2
[1412] SMTP: Microsoft Color Management Modules Vulnerability:1
[1413] ICMP: Modem +++ATH0 DoS:1
[1414] BACKDOOR: Chupacabra Trojan:1
[1415] RPC: TTDBServerD APK Solaris Buffer Overflow:1
[1416] RPC: TTDBServerD APK Solaris Buffer Overflow:2
[1417] RPC: TTDBServerD APK Solaris Buffer Overflow:3
[1418] MSSQL: Possible Extended Stored Procedure Buffer Overflow:1
[1419] MSSQL: Possible Extended Stored Procedure Buffer Overflow:3
[1420] ORACLE: 9iAS Apache PL/SQL Module Web Administration Access Vulnerability:1
[1421] TELNET: WinGate Denial of Service:1
[1422] TELNET: WinGate Denial of Service:2
[1423] HTTP: Apache Log File Overwrite:1
[1424] HTTP: Apache Log File Overwrite:2
[1425] PPTP: MicroSoft PPTP Server Buffer Overflow:1
[1426] LPR: OS Detection Attempt:1
[1427] SMTP: Microsoft Outlook mailto URL Exploit:1
[1428] SMTP: Microsoft Outlook mailto URL Exploit:2
[1429] FINGER: Root Information Probe:1
[1430] IDENT: Stunnel Local Arbitrary Command Execution:1
[1431] IDENT: Stunnel Local Arbitrary Command Execution:2
[1432] IDENT: Stunnel Local Arbitrary Command Execution:3
[1433] HTTP: IIS Index Server Source Disclosure:1
[1434] HTTP: IIS Index Server Source Disclosure:2
[1435] DCERPC: Microsoft Workstation Service Buffer Overflow:1
[1436] DCERPC: Microsoft Workstation Service Buffer Overflow:2
[1437] DCERPC: Microsoft Workstation Service Buffer Overflow:3
[1438] BACKDOOR: Frenzy:1
[1439] BACKDOOR: Frenzy:2
[1440] BACKDOOR: Frenzy:3
[1441] FTP: Solaris2.8 Format String:1
[1442] FTP: Solaris2.8 Format String:2
[1443] HTTP: Shtml Exe DoS:1
[1444] HTTP: Shtml Exe DoS:2
[1445] ORACLE: Application Server Printenv Information Disclosure:1
[1446] HTTP: SurgeLDAP 1.0g Web Service user.cgi Directory Traversal:1
[1447] HTTP: SurgeLDAP 1.0g Web Service user.cgi Directory Traversal:2
[1448] RSYNC: Checksum Heap Overflow:1
[1449] BACKDOOR: NetTrash/WinRAT/Oxon:1
[1450] BACKDOOR: NetTrash/WinRAT/Oxon:2
[1451] HTTP: PHPBB Admin Authentication Bypass:1
[1452] HTTP: PHPBB Admin Authentication Bypass:2
[1453] FINGER: FingerD Information Disclosure:1
[1454] TCP: TCP Header Abnormally Small:1
[1455] BACKDOOR: Satan's BackDoor Trojan:1
[1456] BACKDOOR: Satan's BackDoor Trojan:2
[1457] MSSQL: xp_displayparamstmt Possible Buffer Overflow:1
[1458] MSSQL: xp_displayparamstmt Possible Buffer Overflow:2
[1459] HTTP: WebSpeed Sensitive Info Disclosure:1
[1460] HTTP: WebSpeed Sensitive Info Disclosure:2
[1461] DNS: SIG Buffer Overflow:1
[1462] DNS: SIG Buffer Overflow:2
[1463] HTTP: FUDforum Script Exploit:1
[1464] HTTP: FUDforum Script Exploit:2
[1465] HTTP: FUDforum Script Exploit:3
[1466] BACKDOOR: Mneah:1
[1467] BACKDOOR: Mneah:2
[1468] SSL: Microsoft ASN.1 Double Free Code Execution:1
[1469] BACKDOOR: Windows Command Shell Running:1
[1470] BACKDOOR: Windows Command Shell Running:2
[1471] BACKDOOR: Windows Command Shell Running:3
[1472] BACKDOOR: Windows Command Shell Running:4
[1473] BACKDOOR: Windows Command Shell Running:5
[1474] FTP: Serv-U MDTM Buffer Overflow:1
[1475] FTP: Serv-U MDTM Buffer Overflow:2
[1476] MSSQL: Microsoft Data Access Components Buffer Overflow:1
[1477] MSSQL: Microsoft Data Access Components Buffer Overflow:2
[1478] MSSQL: Microsoft Data Access Components Buffer Overflow:3
[1479] MSSQL: Microsoft Data Access Components Buffer Overflow:4
[1480] MSSQL: Microsoft Data Access Components Buffer Overflow:5
[1481] HTTP: Convert.bas Retrieval Files:1
[1482] HTTP: Convert.bas Retrieval Files:2
[1483] ORACLE: Web Listener Batch File Vulnerability:1
[1484] SNMP: Empty UDP Attack DoS:1
[1485] TCP: TCP Fragments Overlap with Data Mismatch:1
[1486] SMTP: Microsoft Exchange XEXCH50 Heap Overflow:1
[1487] SMTP: Microsoft Exchange XEXCH50 Heap Overflow:2
[1488] FINGER: Ffingerd User:1
[1489] HTTP: nph-test-cgi Browse File System:1
[1490] HTTP: nph-test-cgi Browse File System:2
[1491] BACKDOOR: Remote Storm:1
[1492] BACKDOOR: Remote Storm:2
[1493] HTTP: ColdFusion CFCACHE Vulnerability:1
[1494] HTTP: ColdFusion CFCACHE Vulnerability:2
[1495] SSL: Apache SSL Slapper Worm:1
[1496] SSL: Apache SSL Slapper Worm:2
[1497] SSL: Apache SSL Slapper Worm:3
[1498] SSL: Apache SSL Slapper Worm:4
[1499] SSL: Apache SSL Slapper Worm:5
[1500] BACKDOOR: Hellz Addiction:1
[1501] BACKDOOR: Theef Trojan:1
[1502] BACKDOOR: Theef Trojan:2
[1503] BACKDOOR: Theef Trojan:3
[1504] FTP: Generic Format String Attack:1
[1505] FTP: Generic Format String Attack:2
[1506] FTP: Generic Format String Attack:3
[1507] FTP: Generic Format String Attack:4
[1508] HTTP: wguest.exe Input Validation:1
[1509] HTTP: wguest.exe Input Validation:2
[1510] SOCKS: SOCKS Server Running on Non-Standard Port:1
[1511] SOCKS: SOCKS Server Running on Non-Standard Port:2
[1512] SOCKS: SOCKS Server Running on Non-Standard Port:3
[1513] SOCKS: SOCKS Server Running on Non-Standard Port:4
[1514] DNS: IQUERY Buffer Overflow:1
[1515] DNS: IQUERY Buffer Overflow:2
[1516] DNS: IQUERY Buffer Overflow:3
[1517] DNS: IQUERY Buffer Overflow:4
[1518] DNS: IQUERY Buffer Overflow:5
[1519] BACKDOOR: Schneckenkorn:1
[1520] HTTP: ocPortal Arbitrary File Inclusion Vulnerability:1
[1521] SMTP:  VirusWall SMTP HELO Buffer Overflow:1
[1522] HTTP: Request Parameters Overly Long with Shellcode Detected:2
[1523] HTTP: Request Parameters Overly Long with Shellcode Detected:3
[1524] BACKDOOR: Konik:1
[1525] MSSQL: xp_deleteprivatequeue Possible Buffer Overflow:1
[1526] MSSQL: xp_deleteprivatequeue Possible Buffer Overflow:2
[1527] HTTP: Microsoft IIS Alternator Data Streams Source Disclosure:1
[1528] HTTP: Microsoft IIS Alternator Data Streams Source Disclosure:2
[1529] SNMP: System.sysName.0 Bufferoverflow:1
[1530] SNMP: System.sysName.0 Bufferoverflow:2
[1531] SNMP: System.sysName.0 Bufferoverflow:3
[1532] WORM: W32/Mydoom.bc@MM Worm:1
[1533] WORM: W32/Mydoom.bc@MM Worm:2
[1534] WORM: W32/Mydoom.bc@MM Worm:3
[1535] WORM: W32/Mydoom.bc@MM Worm:4
[1536] WORM: W32/Mydoom.bc@MM Worm:5
[1537] WORM: W32/Mydoom.bc@MM Worm:6
[1538] TELNET: User Local Exploit Attempt:1
[1539] BACKDOOR: Ullysse:1
[1540] HTTP: Sybase EAServer TreeAction.do Buffer Overflow:1
[1541] HTTP: Sybase EAServer TreeAction.do Buffer Overflow:2
[1542] DoS: SynDrop Attack:1
[1543] HTTP: Apache Tomcat Servlet Mapping Cross Site Scripting:1
[1544] HTTP: Apache Tomcat Servlet Mapping Cross Site Scripting:2
[1545] HTTP: Weblogic File Source Read:1
[1546] HTTP: Weblogic File Source Read:2
[1547] NETBIOS-SS: Samba File Creation:1
[1548] NETBIOS-SS: Samba File Creation:2
[1549] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:1
[1550] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:2
[1551] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:3
[1552] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:4
[1553] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:5
[1554] BOT: RxBot/SDBot/UrxBot Worm IRC Activity:6
[1555] HTTP: Netscape PageServices Directory Listing:1
[1556] HTTP: Netscape PageServices Directory Listing:2
[1557] RPC: Portmap Set Request:1
[1558] RPC: Portmap Set Request:2
[1559] MSSQL: Xp_unpackcab Possible Buffer Overflow:1
[1560] MSSQL: Xp_unpackcab Possible Buffer Overflow:2
[1561] ORACLE: Oracle 10g iSQLPLus Service heap overflow:1
[1562] ORACLE: Oracle 10g iSQLPLus Service heap overflow:2
[1563] CA: BrightStor ARCserve Backup Universal Agent Buffer Overflow:1
[1564] IRC: Fujitsu CHOCOA Buffer  Overflow:1
[1565] RLOGIN: Trusted Account Attempt:1
[1566] HTTP: Linksys DoS Vulnerability:1
[1567] HTTP: Linksys DoS Vulnerability:2
[1568] BOOTP: Buffer Overflow Exploit:1
[1569] BOOTP: Buffer Overflow Exploit:2
[1570] BOOTP: Buffer Overflow Exploit:3
[1571] BACKDOOR: Pitfall:1
[1572] BACKDOOR: Pitfall:2
[1573] HTTP: Apache Win32 PHP.EXE Remote File Disclosure:1
[1574] HTTP: Apache Win32 PHP.EXE Remote File Disclosure:2
[1575] SMTP: Sendmail Invalid mail from Exploit:1
[1576] HTTP: PHP Includedir Include Code Execution:1
[1577] HTTP: PHP Includedir Include Code Execution:2
[1578] BACKDOOR: DTr:1
[1579] H.225: Microsoft ISA Server Destination Address Email Buffer Overflow:1
[1580] BACKDOOR: Y3K RAT:1
[1581] BACKDOOR: Y3K RAT:2
[1582] BACKDOOR: Y3K RAT:3
[1583] BACKDOOR: Y3K RAT:4
[1584] FTP: PIPE Vulnerability:1
[1585] MSSQL: Xp_updatecolvbm Possible Buffer Overflow:1
[1586] MSSQL: Xp_updatecolvbm Possible Buffer Overflow:2
[1587] HTTP: ScriptAlias Retrieve Information:1
[1588] HTTP: ScriptAlias Retrieve Information:2
[1589] ORACLE: XDB Buffer Overflow:1
[1590] ORACLE: XDB Buffer Overflow:2
[1591] ORACLE: XDB Buffer Overflow:3
[1592] WORM: W32/Bagle.ad@MM Worm:1
[1593] WORM: W32/Bagle.ad@MM Worm:2
[1594] WORM: W32/Bagle.ad@MM Worm:3
[1595] WORM: W32/Bagle.ad@MM Worm:4
[1596] WORM: W32/Bagle.ad@MM Worm:5
[1597] WORM: W32/Bagle.ad@MM Worm:6
[1598] HTTP: phpBB Viewtopic.php Remote Command Execution:1
[1599] HTTP: phpBB Viewtopic.php Remote Command Execution:2
[1600] MySQL: Version 4.1 and 5.0 Authentication Bypass:1
[1601] BACKDOOR: R0Xr4t:1
[1602] BACKDOOR: R0Xr4t:2
[1603] HTTP: HTTP Request Smuggling Attack:1
[1604] HTTP: HTTP Request Smuggling Attack:2
[1605] HTTP: HTTP Request Smuggling Attack:3
[1606] HTTP: HTTP Request Smuggling Attack:4
[1607] HTTP: HTTP Request Smuggling Attack:5
[1608] HTTP: Format String Detected in URI Path:1
[1609] HTTP: Format String Detected in URI Path:2
[1610] HTTP: Format String Detected in URI Path:3
[1611] SMTP: Microsoft Msdds.dll Memory Corruption:1
[1612] SSL: Bad State Transition:1
[1613] SENSOR: Attack Marker Resources Exhausted:1
[1614] HTTP: DCForum GetAdmin Attempt:1
[1615] HTTP: DCForum GetAdmin Attempt:2
[1616] RPC: TTDBServerD Solaris LSD Buffer Overflow:1
[1617] RPC: TTDBServerD Solaris LSD Buffer Overflow:2
[1618] MSSQL: xp_repl_encrypt Possible Buffer Overflow:1
[1619] MSSQL: xp_repl_encrypt Possible Buffer Overflow:2
[1620] ORACLE: 8i TNS Listener Buffer Overflow:1
[1621] ORACLE: 8i TNS Listener Buffer Overflow:2
[1622] TELNET: System V Derived Login Buffer Overflow:1
[1623] TELNET: System V Derived Login Buffer Overflow:2
[1624] TELNET: System V Derived Login Buffer Overflow:3
[1625] SMB: Microsoft MS05-027 SMB Buffer Overflow:1
[1626] HTTP: IIS HTR Chunk Encoding Heap Overflow:1
[1627] HTTP: IIS HTR Chunk Encoding Heap Overflow:2
[1628] IDENT: Invalid IDENT Flow:1
[1629] IDENT: Invalid IDENT Flow:2
[1630] IDENT: Invalid IDENT Flow:3
[1631] IDENT: Invalid IDENT Flow:4
[1632] HTTP: Mambo Site Server PHPSESSID Exploit:1
[1633] HTTP: Mambo Site Server PHPSESSID Exploit:2
[1634] BACKDOOR: Basic Hell:1
[1635] BACKDOOR: Glacier:1
[1636] NMAP: XMAS Probe:1
[1637] HTTP: whois_raw.cgi Run Command:1
[1638] HTTP: whois_raw.cgi Run Command:2
[1639] ORACLE: Application Server Default Page showdetails:1
[1640] TELNET: Sun Telnet Daemon Denial of Service:2
[1641] BACKDOOR: Nirvana:1
[1642] BACKDOOR: Nirvana:2
[1643] BACKDOOR: Nirvana:3
[1644] BACKDOOR: NetSphere Trojan:1
[1645] BACKDOOR: NetSphere Trojan:2
[1646] HTTP: InfoSearch Run Command:1
[1647] HTTP: InfoSearch Run Command:2
[1648] SNMP: Invalid Trap Agent Address:1
[1649] TELNET: Login Brute Force:1
[1650] DNS: Information Leak:1
[1651] HTTP: Mantis Configuration Remote File Include Exploit:1
[1652] HTTP: Mantis Configuration Remote File Include Exploit:2
[1653] HTTP: Mantis Configuration Remote File Include Exploit:3
[1654] WINS: Long Name Buffer Overflow:1
[1655] SMTP: Microsoft SMTP Service Encapsulated Address Exploit:1
[1656] SSL: NSS Heap Overflow:1
[1657] BACKDOOR: Net Administrator:1
[1658] BACKDOOR: Net Administrator:2
[1659] BACKDOOR: Net Administrator:3
[1660] IM: AOL Instant Messenger (or ICQ) Alive:1
[1661] IM: AOL Instant Messenger (or ICQ) Alive:2
[1662] IM: AOL Instant Messenger (or ICQ) Alive:5
[1663] IM: AOL Instant Messenger (or ICQ) Alive:6
[1664] IM: AOL Instant Messenger (or ICQ) Alive:7
[1665] SCAN: WebTrends Scanner UDP Probe:1
[1666] HTTP: Handler Execute Command Attempt:1
[1667] HTTP: Handler Execute Command Attempt:2
[1668] ORACLE: 9i Application Server PL/SQL Apache Module Directory Traversal Vulnerability:1
[1669] SNMP: PROTOS Test Suite Format String DoS:1
[1670] SNMP: PROTOS Test Suite Format String DoS:2
[1671] SNMP: PROTOS Test Suite Format String DoS:3
[1672] SNMP: PROTOS Test Suite Format String DoS:4
[1673] NNTP: XPAT Parameter Overflow:1
[1674] HTTP: PHPix Gallery Remote Command Execution:1
[1675] HTTP: PHPix Gallery Remote Command Execution:2
[1676] IMAP: Overly Long STATUS Command Parameter:1
[1677] HTTP: Allaire JRun JSP Execute:1
[1678] HTTP: Allaire JRun JSP Execute:2
[1679] SMTP: PINE Message Parsing Integer Overflow:1
[1680] FINGER: Redirection Attempt:1
[1681] FINGER: Redirection Attempt:2
[1682] TELNET: IRIX Telnetd RLD Format String Vunerability:1
[1683] TELNET: IRIX Telnetd RLD Format String Vunerability:2
[1684] ARKEIA: Knox Arkeia Request Message Buffer Overflow:1
[1685] ARKEIA: Knox Arkeia Request Message Buffer Overflow:2
[1686] SSL: Certificate Microsoft ASN.1 Length Encoding Error:1
[1687] BACKDOOR: Infra/Le guardien:1
[1688] BACKDOOR: Infra/Le guardien:2
[1689] BACKDOOR: Back Orifice Trojan:1
[1690] BACKDOOR: Back Orifice Trojan:2
[1691] BACKDOOR: Back Orifice Trojan:3
[1692] BACKDOOR: Back Orifice Trojan:4
[1693] BACKDOOR: Back Orifice Trojan:5
[1694] BACKDOOR: Back Orifice Trojan:7
[1695] BACKDOOR: Back Orifice Trojan:8
[1696] FTP: Unix Command Shell Running:1
[1697] FTP: Unix Command Shell Running:2
[1698] FTP: Unix Command Shell Running:3
[1699] HTTP: Expression Calculator Input Validation:1
[1700] HTTP: Expression Calculator Input Validation:2
[1701] HTTP: Expression Calculator Input Validation:4
[1702] HTTP: Expression Calculator Input Validation:3
[1703] HTTP: Expression Calculator Input Validation:5
[1704] HTTP: Expression Calculator Input Validation:6
[1705] POP3: Buffer Overflow Attempt With XTND Command Parameters:1
[1706] WORM: W32/Sober.j@MM Worm:1
[1707] WORM: W32/Sober.j@MM Worm:2
[1708] WORM: W32/Sober.j@MM Worm:3
[1709] WORM: W32/Sober.j@MM Worm:4
[1710] WORM: W32/Sober.j@MM Worm:5
[1711] WORM: W32/Sober.j@MM Worm:6
[1712] WORM: W32/Sober.j@MM Worm:7
[1713] WORM: W32/Sober.j@MM Worm:8
[1714] WORM: W32/Sober.j@MM Worm:9
[1715] WORM: W32/Sober.j@MM Worm:10
[1716] WORM: W32/Sober.j@MM Worm:11
[1717] WORM: W32/Sober.j@MM Worm:12
[1718] HTTP: CGI nlog Exploit:1
[1719] HTTP: CGI nlog Exploit:2
[1720] SMTP: Sendmail Prescan Overflow:1
[1721] BACKDOOR: M2 Trojan:1
[1722] HTTP: IIS iisadmpwd Proxied Password Attack Attempt:1
[1723] HTTP: IIS iisadmpwd Proxied Password Attack Attempt:2
[1724] POP3: Buffer Overflow Attempt With PASS Parameters Attack:1
[1725] DoS: Ping-of-Death Attack:1
[1726] HTTP: Selena Sol Webstore Order Log Exposure:1
[1727] HTTP: Selena Sol Webstore Order Log Exposure:2
[1728] NETBIOS-SS: Windows DDN DoS:1
[1729] HTTP: Foxweb 2.5 Buffer Overflow:1
[1730] HTTP: Foxweb 2.5 Buffer Overflow:2
[1731] HTTP: Foxweb 2.5 Buffer Overflow:3
[1732] BOT: IRC SCAN Activity:1
[1733] BOT: IRC SCAN Activity:2
[1734] BACKDOOR: Danton:1
[1735] FTP: Pwd Format String:1
[1736] FTP: Pwd Format String:2
[1737] HTTP: FormMail Execute Arbitrary Command:1
[1738] HTTP: FormMail Execute Arbitrary Command:2
[1739] HTTP: FormMail Execute Arbitrary Command:3
[1740] POP3: IRIX popd Buffer Overflow:1
[1741] POP3: IRIX popd Buffer Overflow:2
[1742] WORM: W32/Zafi.b@MM Worm:1
[1743] WORM: W32/Zafi.b@MM Worm:2
[1744] WORM: W32/Zafi.b@MM Worm:3
[1745] SENSOR: Invalid Quote Encoding:1
[1746] HTTP: Jason Maloney's CGI Guestbook Command Execution:1
[1747] HTTP: Jason Maloney's CGI Guestbook Command Execution:2
[1748] BACKDOOR: F-Backdoor:1
[1749] H.225: PROTO Destination Address Sequence Anomaly:1
[1750] FTP: Firewall State Table Corruption Expliot:1
[1751] HTTP: Interpreter Access Attempt:1
[1752] HTTP: Interpreter Access Attempt:2
[1753] Oracle: SQL Query Directory Traversal Vulnerability:1
[1754] WORM: W32/Bagle.ai@MM Worm:1
[1755] WORM: W32/Bagle.ai@MM Worm:2
[1756] WORM: W32/Bagle.ai@MM Worm:3
[1757] MySQL: Create Function Arbitrary Code Execution:1
[1758] MySQL: Create Function Arbitrary Code Execution:2
[1759] BACKDOOR: Remote Boot Tool:1
[1760] BACKDOOR: Remote Boot Tool:2
[1761] IMAP: Buffer Overflow With Overly Long UNSUBSCRIBE Command Parameters:1
[1762] NETBIOS-SS: Microsoft Indexing Service Query Handling Buffer Overflow:1
[1763] HTTP: ColdFusion viewexample.cfm File Disclosure:1
[1764] HTTP: ColdFusion viewexample.cfm File Disclosure:2
[1765] HTTP: ColdFusion viewexample.cfm File Disclosure:3
[1766] SSL: Connections Exhausted:1
[1767] BACKDOOR: AOL Admin:1
[1768] BACKDOOR: AOL Admin:2
[1769] DDoS: Trin00 Daemon-to-Master (PONG):1
[1770] MSSQL: xp_sqlinventory Possible Buffer Overflow:1
[1771] MSSQL: xp_sqlinventory Possible Buffer Overflow:2
[1772] WORM: W32/Netsky.d@MM Worm:1
[1773] TELNET: Buffer Overflow Attempt Detected in User Login:1
[1774] TELNET: Buffer Overflow Attempt Detected in User Login:2
[1775] TELNET: Buffer Overflow Attempt Detected in User Login:3
[1776] TELNET: Buffer Overflow Attempt Detected in User Login:4
[1777] TELNET: Buffer Overflow Attempt Detected in User Login:5
[1778] TELNET: Buffer Overflow Attempt Detected in User Login:6
[1779] HTTP: IIS 5.0 In-Process Table Privilege Escalation:1
[1780] HTTP: IIS 5.0 In-Process Table Privilege Escalation:2
[1781] SMTP: Buffer Overflow Attempt with Overly Long EXPN Parameters:1
[1782] HTTP: Poster.version:two Setup Vulnerability:1
[1783] HTTP: Poster.version:two Setup Vulnerability:2
[1784] P2P: SoftEther Alive:1
[1785] P2P: SoftEther Alive:2
[1786] P2P: SoftEther Alive:3
[1787] P2P: SoftEther Alive:5
[1788] BACKDOOR: Bla:2
[1789] RPC: SADMIND Generic Length Buffer Overflow:1
[1790] HTTP: IIS3 ASP Dot Bug:1
[1791] HTTP: IIS3 ASP Dot Bug:2
[1792] ORACLE: ISQLPLUS Buffer Overflow Vulnerability:1
[1793] ORACLE: ISQLPLUS Buffer Overflow Vulnerability:2
[1794] ORACLE: ISQLPLUS Buffer Overflow Vulnerability:3
[1795] HTTP: aglimpse Run Arbitrary Commands:1
[1796] HTTP: aglimpse Run Arbitrary Commands:2
[1797] ICMP: Nachi Ping:1
[1798] POP3: Vpop3 Buffer Overflow:1
[1799] POP3: Vpop3 Buffer Overflow:2
[1800] POP3: Vpop3 Buffer Overflow:3
[1801] WORM: W32/Sober.f@MM Worm:1
[1802] WORM: W32/Sober.f@MM Worm:2
[1803] WORM: W32/Sober.f@MM Worm:3
[1804] WORM: W32/Sober.f@MM Worm:4
[1805] WORM: W32/Sober.f@MM Worm:5
[1806] WORM: W32/Sober.f@MM Worm:6
[1807] TELNET: Windows 2000 Telnetd NTLM Information Leak Vulnerability:1
[1808] BACKDOOR: Osiris:1
[1809] NETBIOS-SS: Windows XP Shell Buffer Overflow:1
[1810] NETBIOS-SS: Windows XP Shell Buffer Overflow:2
[1811] SMTP: Foxmail From: Field Buffer Overflow:1
[1812] IM: AOL Link Special Character Remote Heap Overflow:1
[1813] RPC: NIS Generic Length Buffer Overflow:1
[1814] MSSQL: Xp_reg* Registry Access:1
[1815] MSSQL: Xp_reg* Registry Access:2
[1816] SNMP: Invalid Version Detected:1
[1817] SSH: OpenSSH Challenge-Response Buffer Overflow:1
[1818] SSH: OpenSSH Challenge-Response Buffer Overflow:2
[1819] SSH: OpenSSH Challenge-Response Buffer Overflow:3
[1820] SSH: OpenSSH Challenge-Response Buffer Overflow:4
[1821] HTTP: iPlanet Search Buffer Overflow:1
[1822] HTTP: iPlanet Search Buffer Overflow:2
[1823] SMTP: Pine From: Field Heap Corruption:1
[1824] HTTP: Mnogosearch Buffer Overflow:1
[1825] HTTP: Mnogosearch Buffer Overflow:2
[1826] BACKDOOR: Secret Service/Hell Driver:1
[1827] BACKDOOR: Secret Service/Hell Driver:2
[1828] DDoS: TFN2k ICMP Possible Communication:1
[1829] ORACLE: 9iAS Apache PL/SQL Module Multiple Buffer Overflows:1
[1830] ORACLE: 9iAS Apache PL/SQL Module Multiple Buffer Overflows:2
[1831] ORACLE: 9iAS Apache PL/SQL Module Multiple Buffer Overflows:3
[1832] HTTP: Phorum code.php3 View File:1
[1833] HTTP: Phorum code.php3 View File:2
[1834] WORM: W32/Mydoom@MM Worm:1
[1835] WORM: W32/Mydoom@MM Worm:2
[1836] WORM: W32/Mydoom@MM Worm:3
[1837] WORM: W32/Mydoom@MM Worm:4
[1838] WORM: W32/Mydoom@MM Worm:5
[1839] WORM: W32/Mydoom@MM Worm:6
[1840] HTTP: Cart32 cart32clientlist Information Disclosure:1
[1841] HTTP: Cart32 cart32clientlist Information Disclosure:2
[1842] FINGER: FingerD Global File Access Attempt:1
[1843] P2P: eDonkey File Transferring:1
[1844] P2P: eDonkey File Transferring:2
[1845] P2P: eDonkey File Transferring:3
[1846] RTSP: Novell BorderManager RTSP Proxy DoS:1
[1847] TELNET: Generic Telnetd Telrcv() Buffer Overflow Attack:1
[1848] TELNET: Generic Telnetd Telrcv() Buffer Overflow Attack:2
[1849] TELNET: Generic Telnetd Telrcv() Buffer Overflow Attack:3
[1850] HTTP: WebDAV Large Body DoS:1
[1851] HTTP: WebDAV Large Body DoS:2
[1852] BACKDOOR: Hack'a'Tack Trojan:1
[1853] BACKDOOR: Hack'a'Tack Trojan:2
[1854] FTP: wu-ftpd SITE NEWER Command DoS:1
[1855] WORM: W32/Sober.k@MM Worm:1
[1856] WORM: W32/Sober.k@MM Worm:2
[1857] WORM: W32/Sober.k@MM Worm:3
[1858] BACKDOOR: Michal:1
[1859] P2P: KaZaA Client Connected to Server:1
[1860] P2P: KaZaA Client Connected to Server:2
[1861] P2P: KaZaA Client Connected to Server:3
[1862] P2P: KaZaA Client Connected to Server:4
[1863] FTP: Broker Ftpd Vulnerability:1
[1864] FTP: Broker Ftpd Vulnerability:2
[1865] FTP: Broker Ftpd Vulnerability:3
[1866] FTP: Broker Ftpd Vulnerability:4
[1867] HTTP: IPlanet Shtml Exploit:1
[1868] HTTP: IPlanet Shtml Exploit:2
[1869] HTTP: IPlanet Shtml Exploit:3
[1870] REXEC: User Name Too Long:1
[1871] REXEC: User Name Too Long:2
[1872] HTTP: IIS Multiple Sample ASP Script View File Attempt:1
[1873] HTTP: IIS Multiple Sample ASP Script View File Attempt:2
[1874] HTTP: IIS Multiple Sample ASP Script View File Attempt:3
[1875] SNMP: 3Com SuperStack Community String Leak:1
[1876] TFTP: Wvtftp Remote Heap Overflow:1
[1877] MSRPC: Windows Locator Service Buffer Overflow:1
[1878] NETBIOS-SS: Windows 2000 ADMIN$ Access:1
[1879] HTTP: BOOZT! Index.cgi Buffer Overflow:1
[1880] HTTP: BOOZT! Index.cgi Buffer Overflow:2
[1881] HTTP: BOOZT! Index.cgi Buffer Overflow:3
[1882] BACKDOOR: Drat:1
[1883] FTP: WU-FTP 2.6.0 Buffer Overflow:1
[1884] FTP: WU-FTP 2.6.0 Buffer Overflow:2
[1885] FTP: WU-FTP 2.6.0 Buffer Overflow:3
[1886] FTP: WU-FTP 2.6.0 Buffer Overflow:4
[1887] DDoS: Shaft Handler-to-Agent Communication:1
[1888] WORM: W32/Netsky.s@MM Worm:1
[1889] WORM: W32/Netsky.s@MM Worm:2
[1890] WORM: W32/Netsky.s@MM Worm:3
[1891] DHCP: Option Suspiciously Long:1
[1892] DHCP: Option Suspiciously Long:2
[1893] RADIUS: Message Digest Calculation Buffer Overflow:1
[1894] SHELLCODE: Shellcode Detected for MIPS Family CPUs:1
[1895] SHELLCODE: Shellcode Detected for MIPS Family CPUs:2
[1896] SMTP: Friend Greeting Worm Email:1
[1897] HTTP: Mdaemon Mail Server FORM2RAW.exe Buffer Overflow:1
[1898] HTTP: Mdaemon Mail Server FORM2RAW.exe Buffer Overflow:2
[1899] BACKDOOR: GiFt:1
[1900] DCERPC: W32/Gaobot.worm Detected:1
[1901] DCERPC: W32/Gaobot.worm Detected:2
[1902] FTP: WU-FTPD Linux Buffer Overflow:1
[1903] FTP: WU-FTPD Linux Buffer Overflow:2
[1904] FTP: WU-FTPD Linux Buffer Overflow:3
[1905] RSH: Login Failed:1
[1906] POP3: Buffer Overflow Attempt with UIDL Parameters:1
[1907] WORM: W32/Mydoom.s@MM Worm:1
[1908] WORM: W32/Mydoom.s@MM Worm:2
[1909] WORM: W32/Mydoom.s@MM Worm:3
[1910] IMAP: Buffer Overflow Attempt with APPEND Command Parameters:1
[1911] SMB: Microsoft SMB Client Transaction2 FirstFind2 Dos:1
[1912] SMB: Microsoft SMB Client Transaction2 FirstFind2 Dos:2
[1913] SSL: Unsupported or Unknown Cipher:1
[1914] SSL: Unsupported or Unknown Cipher:2
[1915] SMTP: Long RCPT Params with Shellcode Attack:1
[1916] BACKDOOR: Backage:1
[1917] BACKDOOR: Backage:2
[1918] DCERPC: Microsoft TAPI Service Buffer Overflow:1
[1919] DDoS: Trin00 Attacker-to-Master Default mdie Password:1
[1920] FTP: Ftpd ISS Scan:1
[1921] HTTP: L3 Retriever Probe:1
[1922] POP3: Qpop241  Buffer Overflow:1
[1923] TELNET: User Root Activity:1
[1924] TELNET: User Root Activity:2
[1925] TFTP: Nimda Worm Attack:1
[1926] WORM: W32/Bagle.k@MM Worm:1
[1927] WORM: W32/Bagle.k@MM Worm:2
[1928] WORM: W32/Bagle.k@MM Worm:3
[1929] RPC: STATD SMMON Generic Length Buffer Overflow:1
[1930] IGMP: Fragmented IGMP Packet Attack:1
[1931] WORM: W32/Bagle.z@MM Worm:1
[1932] WORM: W32/Bagle.z@MM Worm:2
[1933] WORM: W32/Bagle.z@MM Worm:3
[1934] IMAP: LIST Command Parameter Buffer Overflow Attempt:1
[1935] SMB: Samba reply_ntrans2 Buffer Overflow:1
[1936] SMTP: Avirt Mail Server Directory Creation:1
[1937] NETBIOS-NS: Symantec Firewall NBNS Response Heap Overflow:1
[1938] HTTP: IIS ASP Server Side Buffer Overflow:2
[1939] HTTP: IIS ASP Server Side Buffer Overflow:3
[1940] P2P: Groove Virtual Office Groove.Net Agent Detected:1
[1941] P2P: Groove Virtual Office Groove.Net Agent Detected:2
[1942] P2P: Groove Virtual Office Groove.Net Agent Detected:3
[1943] RPC: SADMIND Weak Authentication Vulnerability:1
[1944] RPC: SADMIND Weak Authentication Vulnerability:2
[1945] RPC: SADMIND Weak Authentication Vulnerability:3
[1946] RPC: SADMIND Weak Authentication Vulnerability:4
[1947] FTP: Stor .rhosts  Attempt:1
[1948] SIP: GNU oSIP URI Parsing Heap Overflow:1
[1949] SIP: GNU oSIP URI Parsing Heap Overflow:2
[1950] BACKDOOR: Schwindler:1
[1951] NETBIOS-SS: MS Explorer and IE Long Share Name Buffer Overflow:1
[1952] SYBASE: Login Failed:1
[1953] SMTP: Buffer Overflow Attemtped with Overly Long SAML/SOML Parameters:1
[1954] HTTP: Wordpress PHP File Include Vulnerability:1
[1955] NFS: SunOS Large UID Mismatch:1
[1956] NFS: SunOS Large UID Mismatch:2
[1957] ARP: ARP Spoofing Detected:1
[1958] P2P: XoloX Alive:1
[1959] P2P: XoloX Alive:2
[1960] BACKDOOR: libpcap and tcpdump Trojan:1
[1961] BACKDOOR: libpcap and tcpdump Trojan:2
[1962] MSSQL: OpenRowSet Possible Buffer Overflow:1
[1963] MSSQL: OpenRowSet Possible Buffer Overflow:2
[1964] DDoS: Stacheldraht Agent-response-gag:1
[1965] HTTP: Apache Chunked Encoding Exploit:1
[1966] HTTP: Apache Chunked Encoding Exploit:2
[1967] HTTP: Apache Chunked Encoding Exploit:3
[1968] HTTP: Apache Chunked Encoding Exploit:4
[1969] HTTP: Snork Probe:1
[1970] HTTP: Snork Probe:2
[1971] WORM: W32/Netsky.b@MM Worm:1
[1972] WORM: W32/Netsky.b@MM Worm:2
[1973] WORM: W32/Netsky.b@MM Worm:3
[1974] WORM: W32/Netsky.b@MM Worm:4
[1975] WORM: W32/Netsky.b@MM Worm:5
[1976] WORM: W32/Netsky.b@MM Worm:6
[1977] BACKDOOR: Net Metropolitan:1
[1978] MSRPC: Malformed LSARPC LookupName DoS:1
[1979] SMTP: McAfee WebShield SMTP Invalid Outgoing Recipient Field DoS:1
[1980] IM: AOL Messenger Server Lookup:1
[1981] IM: MSN (.NET)  Messenger File Transfer:1
[1982] IM: MSN (.NET)  Messenger File Transfer:2
[1983] IM: MSN (.NET)  Messenger File Transfer:3
[1984] RTSP: Darwin Streaming Server Integer Overflow:1
[1985] HTTP: Allaire JRun WEB-INF Disclosure:1
[1986] HTTP: Allaire JRun WEB-INF Disclosure:2
[1987] HTTP: Allaire JRun WEB-INF Disclosure:3
[1988] HTTP: Allaire JRun WEB-INF Disclosure:4
[1989] TELNET: Livingston DoS:1
[1990] FTP: Overly Long UNLOCK Command Parameters with Shellcode:2
[1991] NETBIOS-SS: Copy Executable File Attempt:1
[1992] NETBIOS-SS: Copy Executable File Attempt:2
[1993] RADIUS: FreeRADIUS Heap Corruption DoS:1
[1994] SMTP: Sendmail ETRN DoS:1
[1995] HTTP: Textportal Default Editor Password:1
[1996] HTTP: Textportal Default Editor Password:2
[1997] FTP: WFTPD Buffer Overflow Vulnerability:1
[1998] FTP: WFTPD Buffer Overflow Vulnerability:2
[1999] HTTP: ESdotOne Input Validation Error:1
[2000] HTTP: ESdotOne Input Validation Error:2
[2001] BACKDOOR: War Trojan:1
[2002] SMTP: Incorrect MIME Header with Executable Attachment Found:1
[2003] UPnP: SSDP Denial of Service Attack:1
[2004] BACKDOOR: Bugs:1
[2005] BACKDOOR: Bugs:2
[2006] P2P: Gnucleus Alive:1
[2007] P2P: Gnucleus Alive:2
[2008] P2P: Gnucleus Alive:3
[2009] P2P: Gnucleus Alive:4
[2010] KERBEROS: Non-Kerberos Traffic Detected:1
[2011] HTTP: Nimda Worm - IIS Extended Unicode Directory Traversal Attack:1
[2012] HTTP: Nimda Worm - IIS Extended Unicode Directory Traversal Attack:2
[2013] IRC: Trillian JOIN Buffer Overflow:1
[2014] MSRPC: NT RASMAN Pathname Registry Exploit:1
[2015] HTTP: BadBlue Unencrypted Password File Read Attempt:1
[2016] HTTP: BadBlue Unencrypted Password File Read Attempt:2
[2017] HTTP: Vibechild Directory Manager Command Execution:1
[2018] HTTP: Vibechild Directory Manager Command Execution:2
[2019] BACKDOOR: ICMP Chat:1
[2020] RPC: CMSD SolarisX86 Cmsdex Buffer Overflow:1
[2021] RPC: CMSD SolarisX86 Cmsdex Buffer Overflow:2
[2022] DDoS: mstream Handler-to-Agent Communication:1
[2023] BACKDOOR: Scarab:1
[2024] HTTP: Mercantec SoftCart CGI Overflow:1
[2025] HTTP: Mercantec SoftCart CGI Overflow:2
[2026] HTTP: Mercantec SoftCart CGI Overflow:3
[2027] IMAP: Buffer Overflow with Overly Long RENAME Command Parameters:1
[2028] BACKDOOR: Progenic:1
[2029] RPC: STATD UNMONALL Buffer Overflow:1
[2030] RPC: STATD UNMONALL Buffer Overflow:2
[2031] RPC: STATD UNMONALL Buffer Overflow:3
[2032] DCERPC: Microsoft Windows NETDDE Buffer Overflow:1
[2033] DCERPC: Microsoft Windows NETDDE Buffer Overflow:2
[2034] DCERPC: Microsoft Windows NETDDE Buffer Overflow:3
[2035] DCERPC: Microsoft Windows NETDDE Buffer Overflow:4
[2036] DCERPC: Microsoft Windows NETDDE Buffer Overflow:5
[2037] MSSQL: xp_deletequeue Possible Buffer Overflow:1
[2038] MSSQL: xp_deletequeue Possible Buffer Overflow:2
[2039] HTTP: Altavista Search Engine View File:1
[2040] HTTP: Altavista Search Engine View File:2
[2041] RSH: Trusted Account Attempt:1
[2042] POP3: Buffer Overflow Attempt With DELE Parameters:1
[2043] WORM: W32/Bagle.bb@MM Worm:1
[2044] WORM: W32/Bagle.bb@MM Worm:2
[2045] WORM: W32/Bagle.bb@MM Worm:3
[2046] WORM: W32/Bagle.bb@MM Worm:4
[2047] WORM: W32/Bagle.bb@MM Worm:5
[2048] WORM: W32/Bagle.bb@MM Worm:6
[2049] IMAP: Buffer Overflow With Overly Long STOR Command Parameters:1
[2050] HTTP: Merchant Order Form 1.2 Order Log Exposure:1
[2051] HTTP: Merchant Order Form 1.2 Order Log Exposure:2
[2052] BACKDOOR: Syphillis/Syphilis:1
[2053] BACKDOOR: Syphillis/Syphilis:2
[2054] FTP: Ftpd Piss Scan:1
[2055] HTTP: Web+ Read File:1
[2056] HTTP: Web+ Read File:2
[2057] POP3: Qpop3 Xtnd Exploit:1
[2058] SENSOR: Packet Buffers Running Low:1
[2059] SMTP: Possible Virus Attachment File with Double Extension:1
[2060] DoS: Jolt Attack:1
[2061] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:1
[2062] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:2
[2063] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:3
[2064] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:4
[2065] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:5
[2066] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:6
[2067] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:7
[2068] SNMP: Protocol Anomaly Indefinite Length Encoding 2nd Part:8
[2069] POP3: APOP Command Buffer Overflow:1
[2070] POP3: APOP Command Buffer Overflow:3
[2071] TELNET: Cisco 677/678 Buffer Overflow:1
[2072] WORM: W32/Lovgate.ab@MM Worm:1
[2073] WORM: W32/Lovgate.ab@MM Worm:2
[2074] WORM: W32/Lovgate.ab@MM Worm:3
[2075] WORM: W32/Lovgate.ab@MM Worm:4
[2076] WORM: W32/Lovgate.ab@MM Worm:5
[2077] WORM: W32/Lovgate.ab@MM Worm:6
[2078] IMAP: wu-imapd Core File Password Leak:1
[2079] LPR: Mailoption Exploit:1
[2080] SENSOR: Shellcode Detection State Nodes Exhausted:1
[2081] SMTP: Mail Relay Attempt:1
[2082] HTTP: IIS Bdir access:1
[2083] HTTP: IIS Bdir access:2
[2084] DCERPC: Microsoft Messenger Service Buffer Overflow:1
[2085] DCERPC: Microsoft Messenger Service Buffer Overflow:2
[2086] DCERPC: Microsoft Messenger Service Buffer Overflow:3
[2087] BACKDOOR: Devil:1
[2088] BACKDOOR: Devil:2
[2089] BACKDOOR: Devil:3
[2090] BACKDOOR: Devil:4
[2091] BACKDOOR: Devil:5
[2092] SIP: Multiple Buffer Overflow in Cisco SIP Server:1
[2093] SIP: Multiple Buffer Overflow in Cisco SIP Server:2
[2094] SIP: Multiple Buffer Overflow in Cisco SIP Server:3
[2095] BACKDOOR: Meet the Lamer:1
[2096] BACKDOOR: Meet the Lamer:2
[2097] SYBASE: Xp_freedll Command Used:1
[2098] SYBASE: Xp_freedll Command Used:2
[2099] SMTP: DMail Buffer Overflow:1
[2100] SMTP: DMail Buffer Overflow:3
[2101] SMTP: DMail Buffer Overflow:2
[2102] HTTP: PHPBB quick_reply.php Remote File Include Exploit:1
[2103] HTTP: PHPBB quick_reply.php Remote File Include Exploit:2
[2104] AFS: TCPDUMP Buffer Overflow on AFS-ACL:1
[2105] ARP: Broadcast Sender MAC Address:1
[2106] RPC: Automountd Remote Command Execution:1
[2107] RPC: Automountd Remote Command Execution:2
[2108] BACKDOOR: iGLOO:1
[2109] BACKDOOR: iGLOO:2
[2110] BACKDOOR: iGLOO:3
[2111] MSSQL: OpenDataSource Possible Buffer Overflow:1
[2112] MSSQL: OpenDataSource Possible Buffer Overflow:2
[2113] DDoS: TFN Client Command:1
[2114] HTTP: IIS Escape Character Parsing:1
[2115] HTTP: IIS Escape Character Parsing:2
[2116] HTTP: Alibaba Run Arbitrary Commands:1
[2117] HTTP: Alibaba Run Arbitrary Commands:2
[2118] IRC: Ezbounce Format String Exploit:1
[2119] WORM: Possible Worm Detected in Attachment:1
[2120] WORM: Possible Worm Detected in Attachment:2
[2121] WORM: Possible Worm Detected in Attachment:3
[2122] WORM: Possible Worm Detected in Attachment:4
[2123] WORM: Possible Worm Detected in Attachment:5
[2124] WORM: Possible Worm Detected in Attachment:6
[2125] BACKDOOR: Acid Battery:1
[2126] BACKDOOR: Acid Battery:2
[2127] SMTP: Sendmail MIME Overflow:1
[2128] IM: MSN Messenger Information Disclosure Vulnernability:1
[2129] IM: MSN Messenger Information Disclosure Vulnernability:2
[2130] BACKDOOR: PhaseZero Trojan:1
[2131] HTTP: cachemgr.cgi Unauthorized Connection:1
[2132] HTTP: cachemgr.cgi Unauthorized Connection:2
[2133] DoS: UDP-Based Jolt2  Attack:1
[2134] IM: Microsoft MSN Messenger Malformed Invite Flow DoS:1
[2135] HTTP: ICQ Webserver Directory Traversal Attempt:1
[2136] HTTP: ICQ Webserver Directory Traversal Attempt:2
[2137] DistCC: Arbitrary Command Execution:1
[2138] DoS: Cisco Syslog DoS:1
[2139] IRC: Trinity DDoS:1
[2140] IRC: Trinity DDoS:2
[2141] IRC: Trinity DDoS:3
[2142] IRC: Trinity DDoS:4
[2143] BACKDOOR: XLog:1
[2144] HTTP: Bugbear Virus Worm:1
[2145] HTTP: Bugbear Virus Worm:2
[2146] NETBIOS-SS: User Enumeration:1
[2147] SMTP: Check Point Firewall-1 DoS:1
[2148] HTTP: Kruse Calender Remote Command Execution:1
[2149] HTTP: Kruse Calender Remote Command Execution:2
[2150] H.225: PROTO Destination Address E164 Length Anomaly:1
[2151] RPC: IRIX xfsmd Export:1
[2152] P2P: LimeWire Alive:1
[2153] P2P: LimeWire Alive:2
[2154] BACKDOOR: Masters Paradise:1
[2155] HTTP: IIS ASP Buffer Overflow:1
[2156] HTTP: IIS ASP Buffer Overflow:2
[2157] HTTP: IIS ASP Buffer Overflow:3
[2158] HTTP: IIS ASP Buffer Overflow:4
[2159] Oracle: DBMS_METADATA Package SQL Injection:1
[2160] SOCKS: SOCKS5 Username/Password Buffer Overflow:1
[2161] SOCKS: SOCKS5 Username/Password Buffer Overflow:2
[2162] SOCKS: SOCKS5 Username/Password Buffer Overflow:3
[2163] BACKDOOR: Remote Process Monitor:1
[2164] SMB: Windows Password File Access Attempt:1
[2165] SENSOR: TCP/UDP Unfinished Connection Tracking Resources Exhausted:1
[2166] SMTP: SLmail DoS:1
[2167] SMTP: SLmail DoS:2
[2168] SMTP: SLmail DoS:3
[2169] SMTP: SLmail DoS:4
[2170] RPC: SADMIND SPARC Buffer Overflow:1
[2171] RPC: SADMIND SPARC Buffer Overflow:2
[2172] RPC: SADMIND SPARC Buffer Overflow:3
[2173] BACKDOOR: SubSeven 2.1 and SubSeven 2.1 Bonus Trojans:1
[2174] BACKDOOR: SubSeven 2.1 and SubSeven 2.1 Bonus Trojans:2
[2175] MSSQL: xp_controlqueueservice Possible Buffer Overflow:1
[2176] MSSQL: xp_controlqueueservice Possible Buffer Overflow:2
[2177] HTTP: Apache Win32 Directory Listing:1
[2178] HTTP: Apache Win32 Directory Listing:2
[2179] BACKDOOR: The Flu:1
[2180] HTTP: TrackerCam PHP Argument Buffer Overflow:1
[2181] HTTP: TrackerCam PHP Argument Buffer Overflow:2
[2182] HTTP: IIS WebDAV Server DoS:1
[2183] HTTP: IIS WebDAV Server DoS:2
[2184] SHELLCODE: Shellcode Exploit Detected for Sparc Family CPUs:1
[2185] SHELLCODE: Shellcode Exploit Detected for Sparc Family CPUs:2
[2186] SHELLCODE: Shellcode Exploit Detected for Sparc Family CPUs:3
[2187] ICMP: LOKI2 Tunnel Detected:1
[2188] RPC: STATD MON NOTIFY:1
[2189] RPC: STATD MON NOTIFY:2
[2190] RPC: STATD MON NOTIFY:3
[2191] BACKDOOR: Snid:1
[2192] BACKDOOR: Snid:2
[2193] MSSQL: Xp_readpkfromqueue Possible Buffer Overflow:1
[2194] MSSQL: Xp_readpkfromqueue Possible Buffer Overflow:2
[2195] HTTP: Netauth Input Validation Error:1
[2196] HTTP: Netauth Input Validation Error:2
[2197] ORACLE: TZOFFSET Buffer Overflow:1
[2198] RLOGIN: Root Account Attempt:1
[2199] BACKDOOR: Peanut Brittle:1
[2200] HTTP: Apache PHP3 File Disclosure:1
[2201] HTTP: Apache PHP3 File Disclosure:2
[2202] SMTP: Microsoft MSHTA Script Execution:1
[2203] TCP: T/TCP Option:1
[2204] SMTP: Help Command Buffer Overflow:2
[2205] HTTP: PlanetIntra pi Buffer Overflow:1
[2206] HTTP: PlanetIntra pi Buffer Overflow:2
[2207] HTTP: PlanetIntra pi Buffer Overflow:3
[2208] H.225: PROTO Invalid Source Address Choice:1
[2209] BACKDOOR: Transmission Scout:1
[2210] MSSQL: User Login Failed:1
[2211] MSSQL: User Login Failed:2
[2212] FTP: Servu Directory Traversal:1
[2213] HTTP: CGI Bugzilla Execute Command:1
[2214] HTTP: CGI Bugzilla Execute Command:2
[2215] ORACLE: MD2 Package VALIDATE_GEOM Procedure Buffer Overflow:1
[2216] ORACLE: MD2 Package VALIDATE_GEOM Procedure Buffer Overflow:2
[2217] SNMP: Invalid Bulk Request NonRepeaters:1
[2218] DoS: Land Attack:1
[2219] TFTP: W32/Blaster Worm:1
[2220] TFTP: W32/Blaster Worm:2
[2221] TFTP: W32/Blaster Worm:3
[2222] HTTP: Microsoft IIS WebDAV XML Attribute Expansion DoS:1
[2223] BACKDOOR: Private Port:1
[2224] SMTP: Microsoft Jview Profile Vulnerability:1
[2225] SENSOR: Re-assembly Buffer Memory Exhausted:1
[2226] DCERPC: Microsoft RPCSS Heap Overflow I:1
[2227] DCERPC: Microsoft RPCSS Heap Overflow I:2
[2228] DCERPC: Microsoft RPCSS Heap Overflow I:3
[2229] DCERPC: Microsoft RPCSS Heap Overflow I:4
[2230] RPC: TTDBServerD IRIX APK Buffer Overflow:1
[2231] RPC: TTDBServerD IRIX APK Buffer Overflow:2
[2232] BACKDOOR: BigGluck Trojan:1
[2233] BACKDOOR: BigGluck Trojan:2
[2234] MSSQL: Xp_proxiedmetadata Possible Buffer Overflow:1
[2235] MSSQL: Xp_proxiedmetadata Possible Buffer Overflow:2
[2236] SNMP: Cisco IOS Trap Message Handling DoS:1
[2237] TELNET: Telnet Client env_opt_add() Buffer Overflow Vulnerability:1
[2238] TELNET: Telnet Client env_opt_add() Buffer Overflow Vulnerability:2
[2239] TELNET: Telnet Client env_opt_add() Buffer Overflow Vulnerability:3
[2240] HTTP: Abyss Web Server Malicious HTTP Request Information Disclosure Vulnerability:1
[2241] PPTP: Windows NT Denial of Service:1
[2242] LPR: Lprng Extend Command Exploit:1
[2243] LPR: Lprng Extend Command Exploit:2
[2244] FINGER: FingerD Backdoor:1
[2245] IDENT: Cfingerd Buffer Overflow:1
[2246] IDENT: Cfingerd Buffer Overflow:2
[2247] IDENT: Cfingerd Buffer Overflow:3
[2248] HTTP: IIS ASP/HTR Backslash Source Disclosure:1
[2249] HTTP: IIS ASP/HTR Backslash Source Disclosure:2
[2250] BACKDOOR: Forced Entry:1
[2251] BACKDOOR: Forced Entry:2
[2252] DoS: TCP RST BGP Denial of Service:1
[2253] BACKDOOR: Net Taxi:1
[2254] HTTP: AWStats  Remote Code Execution:1
[2255] HTTP: AWStats  Remote Code Execution:2
[2256] UDP: Size of Field Mismatch:1
[2257] HTTP: Apache Jakarta Tomcat URL Parsing Vulnerability:1
[2258] HTTP: Apache Jakarta Tomcat URL Parsing Vulnerability:2
[2259] RDP: Microsoft Remote Desktop Protocol Denial of Service:1
[2260] RDP: Microsoft Remote Desktop Protocol Denial of Service:2
[2261] RDP: Microsoft Remote Desktop Protocol Denial of Service:3
[2262] BACKDOOR: The Infector Trojan:1
[2263] MSSQL: sp_start_job Program Execution:1
[2264] MSSQL: sp_start_job Program Execution:2
[2265] HTTP: Microsoft Index Sever Directory Traversal:1
[2266] HTTP: Microsoft Index Sever Directory Traversal:2
[2267] HTTP: Microsoft Index Sever Directory Traversal:3
[2268] SNMP: Null Field Length Greater Than Zero:1
[2269] POP3: Qpopper Sprintf Buffer Overflow:1
[2270] POP3: Qpopper Sprintf Buffer Overflow:2
[2271] HTTP: Microsoft ASP.NET Path Validation Vulnerability :1
[2272] HTTP: Microsoft ASP.NET Path Validation Vulnerability :2
[2273] DNS: BitchX Buffer Overflow:1
[2274] DNS: BitchX Buffer Overflow:2
[2275] DNS: BitchX Buffer Overflow:3
[2276] DNS: BitchX Buffer Overflow:4
[2277] DNS: BitchX Buffer Overflow:5
[2278] SSL: Overly Long PCT Client Hello Challenge:1
[2279] BACKDOOR: Oblivion:1
[2280] BACKDOOR: Oblivion:2
[2281] BACKDOOR: Unix Command Shell Running:1
[2282] BACKDOOR: Unix Command Shell Running:2
[2283] BACKDOOR: Unix Command Shell Running:3
[2284] FTP: SITE CHMOD Buffer Overflow:1
[2285] MSSQL: Named Pipe Denial of Service:1
[2286] HTTP: jj Sample CGI Access:1
[2287] HTTP: jj Sample CGI Access:2
[2288] BACKDOOR: WanRemote:1
[2289] BACKDOOR: WanRemote:2
[2290] DNS: Ethereal Endless Decompression DoS:1
[2291] HTTP: Microsoft NTLM ASN.1 Heap Corruption:1
[2292] HTTP: Microsoft NTLM ASN.1 Heap Corruption:2
[2293] HTTP: Microsoft NTLM ASN.1 Heap Corruption:3
[2294] IP: IP Fragments Overlap:1
[2295] SMTP: Exchange Server X-LINK2STATE Buffer Overflow Attempt:1
[2296] FINGER: Solaris In.fingerd Information Disclosure Vulnerability:1
[2297] FINGER: Solaris In.fingerd Information Disclosure Vulnerability:2
[2298] FINGER: Solaris In.fingerd Information Disclosure Vulnerability:3
[2299] HTTP: Bizdb-Search Remote Command Execution:1
[2300] HTTP: Bizdb-Search Remote Command Execution:2
[2301] MSSQL: SQL Server Worm Slammer:1
[2302] MSSQL: SQL Server Worm Slammer:2
[2303] HTTP: gwweb Buffer Overflow:1
[2304] HTTP: gwweb Buffer Overflow:2
[2305] HTTP: gwweb Buffer Overflow:3
[2306] HTTP: gwweb Buffer Overflow:4
[2307] HTTP: Internet Media Tunneling through HTTP:1
[2308] HTTP: Internet Media Tunneling through HTTP:2
[2309] HTTP: Internet Media Tunneling through HTTP:3
[2310] HTTP: Internet Media Tunneling through HTTP:4
[2311] HTTP: Internet Media Tunneling through HTTP:5
[2312] HTTP: Internet Media Tunneling through HTTP:6
[2313] HTTP: Internet Media Tunneling through HTTP:7
[2314] HTTP: Internet Media Tunneling through HTTP:8
[2315] HTTP: Internet Media Tunneling through HTTP:9
[2316] BACKDOOR: Freak88:1
[2317] DHCP: Request Vulnerability in DHCP Could Allow Code Execution:1
[2318] DHCP: Request Vulnerability in DHCP Could Allow Code Execution:2
[2319] HTTP: IIS Command Execution:1
[2320] HTTP: IIS Command Execution:2
[2321] HTTP: IIS Command Execution:3
[2322] HTTP: IIS Command Execution:4
[2323] HTTP: IIS Command Execution:5
[2324] HTTP: IIS Command Execution:6
[2325] HTTP: IIS Command Execution:7
[2326] HTTP: ColdFusion Start/Stop Vulnerability:1
[2327] HTTP: ColdFusion Start/Stop Vulnerability:2
[2328] SMTP: Vintra Mail Server EXPN DoS:1
[2329] HTTP: Cobalt Raq Appliance SHP Command Execution:1
[2330] HTTP: Cobalt Raq Appliance SHP Command Execution:2
[2331] HTTP: Cobalt Raq Appliance SHP Command Execution:3
[2332] H.225: PROTO Test Suite Scan:1
[2333] RPC: Sun rpc.yppasswd Buffer Overflow:1
[2334] RPC: Sun rpc.yppasswd Buffer Overflow:2
[2335] RPC: Sun rpc.yppasswd Buffer Overflow:3
[2336] RPC: Sun rpc.yppasswd Buffer Overflow:4
[2337] LDAP: Active Directory BO:1
[2338] BACKDOOR: Sub Seven Trojan 2.2:1
[2339] BACKDOOR: Sub Seven Trojan 2.2:2
[2340] HTTP: WEBgais Websendmail Remote Command Execution:1
[2341] HTTP: WEBgais Websendmail Remote Command Execution:2
[2342] HTTP: WEBgais Websendmail Remote Command Execution:3
[2343] SOCKS: SOCKS4A Hostname Buffer Overflow:1
[2344] SOCKS: SOCKS4A Hostname Buffer Overflow:2
[2345] BACKDOOR: Ruler:1
[2346] DNS: Infoleak TSIG Buffer Overflow:1
[2347] DNS: Infoleak TSIG Buffer Overflow:2
[2348] DNS: Infoleak TSIG Buffer Overflow:3
[2349] DNS: Infoleak TSIG Buffer Overflow:4
[2350] HTTP: XMLRPC Remote Code Execution:1
[2351] HTTP: XMLRPC Remote Code Execution:2
[2352] HTTP: Parameter Value Too Long with Shellcode Detected:2
[2353] HTTP: Parameter Value Too Long with Shellcode Detected:3
[2354] BACKDOOR: Kid Terro:1
[2355] MSSQL: xp_decodequeuecmd Possible Buffer Overflow:1
[2356] MSSQL: xp_decodequeuecmd Possible Buffer Overflow:2
[2357] HTTP: Microsoft IIS ..SLASH..DenialofService:1
[2358] HTTP: Microsoft IIS ..SLASH..DenialofService:2
[2359] WORM: W32/Mydoom.bb@MM Worm:1
[2360] WORM: W32/Mydoom.bb@MM Worm:2
[2361] WORM: W32/Mydoom.bb@MM Worm:3
[2362] WORM: W32/Mydoom.bb@MM Worm:4
[2363] WORM: W32/Mydoom.bb@MM Worm:5
[2364] WORM: W32/Mydoom.bb@MM Worm:6
[2365] TELNET: User Privilege Upgrade Attempt:1
[2366] TELNET: User Privilege Upgrade Attempt:2
[2367] TELNET: User Privilege Upgrade Attempt:3
[2368] BACKDOOR: Spirit:1
[2369] DoS: NewTear Attack:1
[2370] HTTP: Apache 2.0 Path Disclosure:1
[2371] NETBIOS-NS: Windows Name Conflict:1
[2372] HTTP: WebLogic Java/JSP Insertion:1
[2373] HTTP: WebLogic Java/JSP Insertion:2
[2374] RPC: AMD/AMQ Buffer Overflow:1
[2375] RPC: AMD/AMQ Buffer Overflow:2
[2376] RPC: AMD/AMQ Buffer Overflow:3
[2377] RPC: AMD/AMQ Buffer Overflow:4
[2378] RPC: AMD/AMQ Buffer Overflow:5
[2379] RPC: AMD/AMQ Buffer Overflow:6
[2380] RPC: AMD/AMQ Buffer Overflow:7
[2381] MSSQL: Xp_resetqueue Possible Buffer Overflow:1
[2382] MSSQL: Xp_resetqueue Possible Buffer Overflow:2
[2383] HTTP: MailStudio Design Error:1
[2384] HTTP: MailStudio Design Error:2
[2385] CA: BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow:1
[2386] CA: BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow:2
[2387] RLOGIN: User Password Too Long:1
[2388] RLOGIN: User Password Too Long:2
[2389] DNS: Microsoft SMTP Service DNS resolver overflow:1
[2390] DHCP: Root Exploit in DHCP Client:1
[2391] DHCP: Root Exploit in DHCP Client:2
[2392] BACKDOOR: Pest/Hydroleak/Latinus:1
[2393] BACKDOOR: Pest/Hydroleak/Latinus:2
[2394] HTTP: SuSE Apache CGI Source Code Viewing:1
[2395] HTTP: SuSE Apache CGI Source Code Viewing:2
[2396] SMTP: Majordomo Ifs:1
[2397] HTTP: SquirrelMail load_prefs.php Code Execution:1
[2398] HTTP: SquirrelMail load_prefs.php Code Execution:2
[2399] BACKDOOR: Dark Connection Inside:1
[2400] H.225: PROTO Invalid Destination Address Choice:1
[2401] BACKDOOR: Unexplained:1
[2402] BACKDOOR: Unexplained:2
[2403] BACKDOOR: Unexplained:3
[2404] FTP: Access Windows Password File Attempt:1
[2405] MSSQL: xp_printstatements Possible Buffer Overflow:1
[2406] MSSQL: xp_printstatements Possible Buffer Overflow:2
[2407] ORACLE: Buffer Overflows in EXTPROC:1
[2408] HTTP: Phf Execute Arbitrary Command:1
[2409] HTTP: Phf Execute Arbitrary Command:2
[2410] BACKDOOR: QwerTOS:1
[2411] BACKDOOR: QwerTOS:2
[2412] HTTP: Sun AnswerBook2 Administrative Script Access Vulnerability:1
[2413] HTTP: Sun AnswerBook2 Administrative Script Access Vulnerability:2
[2414] SMTP: Microsoft COM Object Instantiation Memory Corruption:1
[2415] SMTP: Microsoft COM Object Instantiation Memory Corruption:2
[2416] HTTP: ColdFusion Sample Application Usage:1
[2417] HTTP: ColdFusion Sample Application Usage:2
[2418] BACKDOOR: COMA:1
[2419] BACKDOOR: COMA:2
[2420] RPC: TTDBServerD IRIX LSD Buffer Overflow:1
[2421] RPC: TTDBServerD IRIX LSD Buffer Overflow:2
[2422] ORACLE: 9iAS XSQL Servlet File Permission Bypass:1
[2423] TELNET: Cisco 675 Root Privilege Gained:1
[2424] SMB: Microsoft SMB Client NT_Transaction Setupcount Overflow:1
[2425] LPR: Solaris lpd Buffer Overflow:1
[2426] LPR: Solaris lpd Buffer Overflow:2
[2427] HTTP: LISTSERV wa.exe Buffer Overflow:1
[2428] HTTP: LISTSERV wa.exe Buffer Overflow:2
[2429] HTTP: LISTSERV wa.exe Buffer Overflow:3
[2430] BACKDOOR: GayOL:1
[2431] HTTP: Imagemap Buffer Overflow:1
[2432] HTTP: Imagemap Buffer Overflow:2
[2433] HTTP: Imagemap Buffer Overflow:3
[2434] HTTP: Imagemap Buffer Overflow:4
[2435] ORACLE: Application Server Default Page SQL:1
[2436] ORACLE: Application Server Default Page SQL:2
[2437] HTTP: PHP Strings Exploit Buffer Overflow:1
[2438] HTTP: PHP Strings Exploit Buffer Overflow:2
[2439] HTTP: PHP Strings Exploit Buffer Overflow:3
[2440] HTTP: PHP Strings Exploit Buffer Overflow:4
[2441] P2P: KaZaA Client Connecting to Server:1
[2442] P2P: KaZaA Client Connecting to Server:2
[2443] P2P: KaZaA Client Connecting to Server:3
[2444] P2P: KaZaA Client Connecting to Server:4
[2445] P2P: KaZaA Client Connecting to Server:5
[2446] P2P: KaZaA Client Connecting to Server:6
[2447] SNMP: Inconsistent Data Length Specified:1
[2448] SNMP: Inconsistent Data Length Specified:2
[2449] SNMP: Inconsistent Data Length Specified:3
[2450] SNMP: Inconsistent Data Length Specified:4
[2451] SNMP: Inconsistent Data Length Specified:5
[2452] SNMP: Inconsistent Data Length Specified:6
[2453] SNMP: Inconsistent Data Length Specified:7
[2454] SNMP: Inconsistent Data Length Specified:8
[2455] DDoS: mstream Master-to-Handler Communication:1
[2456] HTTP: Microsoft Visual Studio .NET Crystal Reports Vulnerability:1
[2457] HTTP: Microsoft Visual Studio .NET Crystal Reports Vulnerability:2
[2458] BACKDOOR: New Silencer:1
[2459] TCP: TCP Window Withdrawl:1
[2460] P2P: BitTorrent Meta-Info Retrieving:1
[2461] P2P: BitTorrent Meta-Info Retrieving:2
[2462] BACKDOOR: Matrix Backdoor:1
[2463] MSSQL: xp_enumresultset Possible Buffer Overflow:1
[2464] MSSQL: xp_enumresultset Possible Buffer Overflow:2
[2465] SNMP: Length of Length Too Long:1
[2466] SNMP: Length of Length Too Long:2
[2467] SNMP: Length of Length Too Long:3
[2468] SNMP: Length of Length Too Long:4
[2469] SNMP: Length of Length Too Long:5
[2470] SNMP: Length of Length Too Long:6
[2471] SNMP: Length of Length Too Long:7
[2472] SNMP: Length of Length Too Long:8
[2473] TELNET: Root Account Remote Attempt:1
[2474] HTTP: Zeus Search Engine CGI File Disclosure:1
[2475] HTTP: Zeus Search Engine CGI File Disclosure:2
[2476] SMTP: Sendmail mail.local Exploit:1
[2477] DCERPC: Microsoft RPC Denial of Service:1
[2478] DCERPC: Microsoft RPC Denial of Service:2
[2479] IM: Yahoo Messenger Alive:1
[2480] IM: Yahoo Messenger Alive:2
[2481] IM: Yahoo Messenger Alive:3
[2482] IM: Yahoo Messenger Alive:5
[2483] IM: Yahoo Messenger Alive:6
[2484] HTTP: Guestbook Execute Command Attempt:1
[2485] HTTP: Guestbook Execute Command Attempt:2
[2486] ORACLE: Application Server Ndwfn4.so Buffer Overflow:1
[2487] ORACLE: Application Server Ndwfn4.so Buffer Overflow:3
[2488] ORACLE: Application Server Ndwfn4.so Buffer Overflow:2
[2489] SNMP: Common Format String Attack:1
[2490] SNMP: Common Format String Attack:2
[2491] SNMP: Common Format String Attack:3
[2492] SNMP: Common Format String Attack:4
[2493] SNMP: Common Format String Attack:5
[2494] SNMP: Common Format String Attack:6
[2495] SNMP: Common Format String Attack:7
[2496] SNMP: Common Format String Attack:8
[2497] SNMP: Common Format String Attack:9
[2498] SNMP: Common Format String Attack:10
[2499] SNMP: Common Format String Attack:11
[2500] SNMP: Common Format String Attack:12
[2501] SNMP: Common Format String Attack:13
[2502] SNMP: Common Format String Attack:14
[2503] SNMP: Common Format String Attack:15
[2504] NETBIOS-SS: SMB DoS Exploit:1
[2505] FINGER: Server Pipe Remote Command Execution:1
[2506] HTTP: PageServices Directory Disclosure:1
[2507] HTTP: PageServices Directory Disclosure:2
[2508] HTTP: ColdFusion sourcewindow File Disclosure:1
[2509] HTTP: ColdFusion sourcewindow File Disclosure:2
[2510] HTTP: ColdFusion sourcewindow File Disclosure:3
[2511] HTTP: Microsoft SQLXML ISAPI Buffer Overflow:1
[2512] HTTP: Microsoft SQLXML ISAPI Buffer Overflow:2
[2513] SSL: Certificate Microsoft ASN.1 BitStr Encoding Error:1
[2514] BACKDOOR: InCommand:1
[2515] BACKDOOR: InCommand:2
[2516] BACKDOOR: InCommand:3
[2517] BACKDOOR: InCommand:4
[2518] BACKDOOR: BioNet Trojan:2
[2519] BACKDOOR: BioNet Trojan:3
[2520] FTP: Buffer Overflow Attempt Detected:1
[2521] FTP: Buffer Overflow Attempt Detected:2
[2522] FTP: Buffer Overflow Attempt Detected:3
[2523] FTP: Buffer Overflow Attempt Detected:4
[2524] FTP: Buffer Overflow Attempt Detected:5
[2525] FTP: Buffer Overflow Attempt Detected:6
[2526] HTTP: SGI wrap Input Validation:1
[2527] HTTP: SGI wrap Input Validation:2
[2528] POP3: Buffer Overflow Attempt With AUTH Parameters:1
[2529] WORM: W32/Mydoom.ah@MM Worm:1
[2530] WORM: W32/Mydoom.ah@MM Worm:2
[2531] WORM: W32/Mydoom.ah@MM Worm:3
[2532] WORM: W32/Mydoom.ah@MM Worm:4
[2533] WORM: W32/Mydoom.ah@MM Worm:5
[2534] WORM: W32/Mydoom.ah@MM Worm:6
[2535] WORM: W32/Mydoom.ah@MM Worm:7
[2536] WORM: W32/Mydoom.ah@MM Worm:8
[2537] WORM: W32/Mydoom.ah@MM Worm:9
[2538] SMTP: RPMMail Remote Root Exploit:1
[2539] BACKDOOR: Lithium:1
[2540] HTTP: CGImail.exe Access File:1
[2541] HTTP: CGImail.exe Access File:2
[2542] WORM: W32/Mydoom.be@MM Worm:1
[2543] WORM: W32/Mydoom.be@MM Worm:2
[2544] WORM: W32/Mydoom.be@MM Worm:3
[2545] TELNET: Subnegotiation Parameter Too Long:1
[2546] TELNET: Subnegotiation Parameter Too Long:2
[2547] TELNET: Subnegotiation Parameter Too Long:3
[2548] BACKDOOR: UltimateRAT:1
[2549] DoS: TearDrop Attack:1
[2550] NetBIOS-SS: Windows 95/98 NULL Source Name:1
[2551] BOT: Floodnet IRC Activity:2
[2552] BACKDOOR: Cero 1.0:1
[2553] MSSQL: Xp_dirtree Possible Buffer Overflow:1
[2554] MSSQL: Xp_dirtree Possible Buffer Overflow:2
[2555] FTP: PASV Passwd Disclosure:1
[2556] HTTP: Faxsurvey Execute Command:1
[2557] HTTP: Faxsurvey Execute Command:2
[2558] HTTP: Faxsurvey Execute Command:3
[2559] EpicGames: Unreal Engine Secure Query Overflow :1
[2560] WORM: W32/Netsky.Q@MM Worm:1
[2561] WORM: W32/Netsky.Q@MM Worm:2
[2562] WORM: W32/Netsky.Q@MM Worm:3
[2563] WORM: W32/Netsky.Q@MM Worm:4
[2564] WORM: W32/Netsky.Q@MM Worm:5
[2565] WORM: W32/Netsky.Q@MM Worm:6
[2566] HTTP: WebDAV Method URL Overly Long:1
[2567] HTTP: WebDAV Method URL Overly Long:2
[2568] HTTP: WebDAV Method URL Overly Long:3
[2569] HTTP: Apache Tomcat Servlet Path Disclosure:1
[2570] HTTP: Apache Tomcat Servlet Path Disclosure:2
[2571] SMTP: AMaVis Arbitrary Command Execution:2
[2572] SMTP: Sendmail Exploit:1
[2573] SMTP: Sendmail Exploit:2
[2574] BACKDOOR: Exploiter:1
[2575] H.225: PROTO Source Address Sequence Anomaly:1
[2576] FTP: Glob Implementation Exploit:1
[2577] ORACLE: BFILENAME Buffer Overflow:1
[2578] HTTP: test-cgi Directory Listing:1
[2579] HTTP: test-cgi Directory Listing:2
[2580] POP3: Unusually Long Username with shellcode:10
[2581] WORM: W32/Bagle.ag@MM Worm:1
[2582] WORM: W32/Bagle.ag@MM Worm:2
[2583] WORM: W32/Bagle.ag@MM Worm:3
[2584] WORM: W32/Bagle.ag@MM Worm:4
[2585] WORM: W32/Bagle.ag@MM Worm:5
[2586] WORM: W32/Bagle.ag@MM Worm:6
[2587] IMAP: Buffer Overflow With Overly Long SUBSCRIBE Command Parameters:1
[2588] SSL: Connection Recycled:1
[2589] HTTP: Novell Netware Web Server 3.x files.pl Exploit:1
[2590] HTTP: Novell Netware Web Server 3.x files.pl Exploit:2
[2591] BACKDOOR: Amanda:1
[2592] BACKDOOR: Amanda:2
[2593] MSSQL: xp_dsninfo Possible Buffer Overflow:1
[2594] MSSQL: xp_dsninfo Possible Buffer Overflow:2
[2595] ORACLE: TNS Denial Of Service Vulnerability:1
[2596] ORACLE: TNS Denial Of Service Vulnerability:2
[2597] HTTP: IIS dvwssr.dll View File:1
[2598] HTTP: IIS dvwssr.dll View File:2
[2599] HTTP: HAHTSite Server Buffer Overflow:1
[2600] HTTP: HAHTSite Server Buffer Overflow:2
[2601] HTTP: ActivePerl perlIIS.dll Buffer Overflow:1
[2602] HTTP: ActivePerl perlIIS.dll Buffer Overflow:2
[2603] HTTP: ActivePerl perlIIS.dll Buffer Overflow:3
[2604] HTTP: Buffer Overflow in NGSSoftware Webadmin:1
[2605] HTTP: Buffer Overflow in NGSSoftware Webadmin:2
[2606] HTTP: Buffer Overflow in NGSSoftware Webadmin:3
[2607] HTTP: PostQuery CGI Overflow:1
[2608] HTTP: PostQuery CGI Overflow:2
[2609] BACKDOOR: Bigorna:1
[2610] BACKDOOR: Bigorna:2
[2611] HTTP: IIS htr Obtain Code:1
[2612] HTTP: IIS htr Obtain Code:2
[2613] HTTP: WebDAV Search Buffer Overflow:1
[2614] HTTP: WebDAV Search Buffer Overflow:2
[2615] HTTP: WebDAV Search Buffer Overflow:3
[2616] POP3: Fusemail Exploit:1
[2617] TELNET: Cisco IOS Software Telnet Option Handling DoS:1
[2618] WORM: W32/Netsky.p@MM Worm:1
[2619] WORM: W32/Netsky.p@MM Worm:2
[2620] WORM: W32/Netsky.p@MM Worm:3
[2621] WORM: W32/Netsky.p@MM Worm:4
[2622] WORM: W32/Netsky.p@MM Worm:5
[2623] WORM: W32/Netsky.p@MM Worm:6
[2624] BACKDOOR: NOSecure:1
[2625] HTTP: ARSC Chat Path Disclosure:1
[2626] HTTP: ARSC Chat Path Disclosure:2
[2627] TCP: Urgent Data Pointer Points Beyond The Length of the Packet:1
[2628] P2P: SoulSeek Alive:1
[2629] P2P: SoulSeek Alive:2
[2630] RPC: Stated Notify Generic Length Buffer Overflow:1
[2631] SCAN: SMTP CyberCop EHLO Probe:1
[2632] NTALK: talkd Name Parsing Exploit:1
[2633] MSSQL: sp_adduser  Database User Creation:1
[2634] MSSQL: sp_adduser  Database User Creation:2
[2635] DoS: Cisco Catalyst Supervisor Remote Reload:1
[2636] TELNET: Password Too Long:1
[2637] SSH: CRC 32 Compensation Attack:1
[2638] SSH: CRC 32 Compensation Attack:2
[2639] NETBIOS-SS: Microsoft NTLM ASN.1 Heap Corruption:1
[2640] NETBIOS-SS: Microsoft NTLM ASN.1 Heap Corruption:2
[2641] HTTP: Microsoft FrontPage htimage.exe Path Disclosure:1
[2642] HTTP: Microsoft FrontPage htimage.exe Path Disclosure:2
[2643] SMTP: Shellcode by Invalid Command:1
[2644] HTTP: CA Unicenter File Upload:1
[2645] HTTP: CA Unicenter File Upload:2
[2646] SSL: Server-Initiated Key Renegotiation Detected:1
[2647] BACKDOOR: Maverick's Matrix Backdoor:1
[2648] P2P: Gnutella Connected to Server:3
[2649] ORACLE: 9iAS OracleJSP Information Disclosure Vulnerability:1
[2650] HTTP: Phorum auth.php3 Access File:1
[2651] HTTP: Phorum auth.php3 Access File:2
[2652] ORACLE: Brute Force Login:1
[2653] HTTP: Cart32 Admin Password Vulnerability:1
[2654] HTTP: Cart32 Admin Password Vulnerability:2
Regular expressions:
[0] ip-fragment-too-large
[1] udp-length-mismatch
[2] tcp-hdr-too-small
[3] tcp-hdr-beyond-pkt
[4] tcp-window-withdrawl
[5] tcp-urgent-ptr-zero
[6] tcp-urgent-ptr-beyond-pkt
[7] tcp-urgent-set-ack-zero
[8] tcp-window-scale-options
[9] tcp-t-tcp-option
[10] tcp-timestamps-option
[11] tcp-md5
[12] icmp-source-quench-set
[13] sibyte-pkt-buffers-low
[14] sibyte-reassembly-buffers-exhausted
[15] sibyte-tcp-udp-control-blocks-exhausted
[16] sibyte-attack-markers-exhausted
[17] ip-too-many-small-fragments
[18] sibyte-tcp-udp-unfinished-conn-blocks-exhausted
[19] binary-char-count-threshold-exceeded
[20] shellcode-detected-for-arch-i386
[21] shellcode-detected-for-arch-sparc
[22] shellcode-detected-for-arch-powerpc
[23] sibyte-prevdata-nodes-exhausted
[24] sibyte-prevdata-bufs-exhausted
[25] sibyte-shellcode-detect-state-nodes-exhausted
[26] invalid-quote-encoding
[27] tcp-xmas-nmap-probe
[28] tcp-xmas-syn-probe
[29] tcp-bare-push-probe
[30] land-attack-pkt
[31] winnuke-attack-pkt
[32] raptor-dos-pkt
[33] tcp-fin-no-ack-probe
[34] tcp-syn-fin-probe
[35] tcp-cybercop-os-probe1
[36] tcp-ms-syn-fin-probe
[37] stackeldraht-agent-spoof-test
[38] tcp-null-probe
[39] ip-new-tear-attack
[40] ip-syn-drop-attack
[41] ip-bonk-attack
[42] ip-tear-drop-attack
[43] ping-of-death-attack
[44] jolt2-icmp-attack
[45] jolt2-udp-attack
[46] ip-fragment-overlap
[47] udp-land-attack-pkt
[48] tcp-segment-overlap-data-mismatch
[49] cisco-syslog-dos
[50] nortel-empty-snmp-dos
[51] shellcode-detected-for-arch-mips
[52] shellcode-detected-for-arch-hppa
[53] jolt-icmp-attack
[54] cisco-ios-protocol-dos
[55] icmp-nachi-sysevent
[56] arp-addr-flip-flop-sysevent
[57] arp-mac-cloned-sysevent
[58] arp-spoofed-sysevent
[59] arp-spoofed-with-dup-mac-captured
[60] arp-bcast-sender-addr-sysevent
[61] arp-bcast-destn-mac-sysevent
[62] fragmented-igmp-packet
[63] igmp-fawx-attack
[64] igmp-koc-attack
[65] ssl-bad-state-transition
[66] ssl-pkt-with-no-connection
[67] tcp-invalid-rst-bgp
[68] ssl-connection-recycled
[69] ssl-connections-exhausted
[70] ssl-session-recycled
[71] ssl-sessions-exhausted
[72] ssl-session-refs-exhausted
[73] ssl-unsupported-cipher
[74] ssl-unknown-cipher
[75] ssl-unsupported-export-cipher
[76] ssl-unsupported-diffie-hellman
[77] slammer-data-seen
[78] inconclusive-protocol-identification
[79] string-match:finger-client-data-text:\x0A     (fcase =no)
[80] unsigned-gt:rtsp-req-transport-header-len:0xffffffff:1024:no
[81] string-match:ftp-cwd-cmd-param: ~{(fcase =no)
[82] string-match:ftp-stor-cmd-param: ~{(fcase =no)
[83] string-match:ftp-dele-cmd-param: ~{(fcase =no)
[84] string-match:ftp-stat-cmd-param: ~{(fcase =no)
[85] string-match:ftp-list-cmd-param: ~{(fcase =no)
[86] string-match:ftp-site-cmd-param: ~{(fcase =no)
[87] unsigned-gt:ftp-cwd-cmd-param-length:0xffffffff:128:no
[88] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:128:no
[89] string-match:http-req-header:\x0a\xf7\x02\x97(fcase =no)
[90] string-match:http-req-header:\x0b\x18\x02\x98(fcase =no)
[91] string-match:http-req-header:\x0b\x39\x02\x99(fcase =no)
[92] string-match:http-req-header:\x0b\x5a\x02\x9a(fcase =no)
[93] string-match:http-req-header:\x20\x20\x08\x01(fcase =no)
[94] string-match:http-req-header:\xe4\x20\xe0\x08(fcase =no)
[95] string-match:http-req-header:\x24\x02\x04\x53(fcase =no)
[96] string-match:http-req-header:\x24\x02\x03\xf3(fcase =no)
[97] string-match:http-req-header:\x24\x02\x04\x25(fcase =no)
[98] string-match:http-req-header:\x24\x02\x03\xee(fcase =no)
[99] string-match:http-req-header:\x24\x02\x03\xeb(fcase =no)
[100] string-match:http-req-header:\x03\xff\xff\xcc(fcase =no)
[101] string-match:http-req-header:\x02..\x0c(fcase =no)
[102] string-match:http-req-header:\x01\x01\x01\x0c(fcase =no)
[103] string-match:http-req-header:\x13\x74\xf0\x47(fcase =no)
[104] string-match:http-req-header:\x12\x74\xf0\x47(fcase =no)
[105] string-match:http-req-header:\x11\x74\xf0\x47(fcase =no)
[106] string-match:http-req-header:/bin/sh(fcase =no)
[107] string-match:http-req-header:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[108] string-match:http-req-header:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[109] string-match:http-req-header:h....X5....H..PP..PPa(fcase =no)
[110] string-match:http-req-header:PQX-....-....-....PQX(fcase =no)
[111] string-match:http-req-header:PQX-....-....PQX(fcase =no)
[112] string-match:http-req-header:\x80\x30.\x40\xe2\xfa(fcase =no)
[113] string-match:http-req-header:\xac\x34.\xaa\xe2\xfa(fcase =no)
[114] string-match:http-req-header:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[115] string-match:http-req-header:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[116] string-match:http-req-header:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[117] string-match:http-req-header:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[118] string-match:http-req-header:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[119] string-match:http-req-header:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[120] string-match:http-req-header:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[121] string-match:http-webdav-propfind-req-message-body:xmlns:a(fcase =no)
[122] string-match:http-webdav-propfind-req-message-body:"DAV:">(fcase =no)
[123] unsigned-gt:http-rsp-code:0xffffffff:399:no
[124] numerical-eq:http-rsp-server-type:0xffffffff:1:yes
[125] string-match:telnet-client-data-text:\xFF\xF6\xFF\xFB\x08\xFF\xFB\x26(fcase =no)
[126] string-match:telnet-server-data-text:Yes]\x0D\x0A\xFF\xFE\x08(fcase =no)
[127] string-match:telnet-client-data-text:\xFF\xF5\xFF(fcase =no)
[128] string-match:telnet-client-data-text:\xFF\xF6\xFF\xFB\x08\xFF\xF6(fcase =no)
[129] numerical-eq:telnet-iac-cmd-counter:0xffffffff:5000:no
[130] string-match:telnet-client-environ-sb-param:\xCD\x80(fcase =no)
[131] string-match:telnet-client-environ-sb-param:\xBF\xEE\xEE\xEE\xEE\x08\xB8(fcase =no)
[132] string-match:http-req-uri-path:loadpage\.cgi$(fcase =yes)
[133] string-match:http-req-uri-path:search\.cgi$(fcase =yes)
[134] string-match:http-req-uri-query-params:file=|(fcase =yes)
[135] string-match:http-req-uri-query-params:/(etc|bin|usr|sbin)/(fcase =yes)
[136] string-match:http-req-header:/ HTTP/1\.1\r\nHost: www\.(sco|microsoft)\.com\r\n\r\n(fcase =yes)
[137] string-match:pktsearch-req-text:^verpc,(fcase =no)
[138] string-match:pktsearch-rsp-text:^verpc,(fcase =no)
[139] string-match:pktsearch-req-text:^BN.\x00\x02\x00(fcase =no)
[140] string-match:pktsearch-rsp-text:^BN.\x00\x02\x00(fcase =no)
[141] string-match:pktsearch-rsp-text:^NetBus\x20\x31\...\x20\x0d(fcase =no)
[142] string-match:pktsearch-rsp-text:^Leszcz 5\.50 \x0d(fcase =no)
[143] string-match:smtp-EXE-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[144] string-match:smtp-EXE-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[145] string-match:smtp-SCR-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[146] string-match:smtp-SCR-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[147] string-match:smtp-COM-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[148] string-match:smtp-COM-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[149] string-match:smtp-CPL-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[150] string-match:smtp-CPL-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[151] string-match:imap-EXE-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[152] string-match:imap-EXE-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[153] string-match:imap-SCR-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[154] string-match:imap-SCR-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[155] string-match:imap-COM-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[156] string-match:imap-COM-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[157] string-match:imap-CPL-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[158] string-match:imap-CPL-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[159] string-match:pop3-EXE-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[160] string-match:pop3-EXE-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[161] string-match:pop3-SCR-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[162] string-match:pop3-SCR-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[163] string-match:pop3-COM-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[164] string-match:pop3-COM-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[165] string-match:pop3-CPL-message-body:ZEQgfXN1O1OkmLPEg2Rme6Ti(fcase =no)
[166] string-match:pop3-CPL-message-body:SNwr4lar6db51XROhdbC/cHg(fcase =no)
[167] string-match:http-req-uri-path:site\.csc(fcase =yes)
[168] numerical-eq:http-rsp-server-type:0xffffffff:2:yes
[169] string-match:ftp-cwd-cmd-param:^\.\.\.(fcase =no)
[170] string-match:ftp-cwd-cmd-param:/\.\.\./(fcase =no)
[171] string-match:http-req-uri-path:(\\|/)scripts(fcase =yes)
[172] string-match:http-req-uri-path:(\\|/)newdsn.exe$(fcase =yes)
[173] string-match:http-req-uri-query-param-name:driver(fcase =yes)
[174] string-match:http-req-uri-query-param-value:Microsoft+Access+Driver+\(*\.mdb\)(fcase =yes)
[175] string-match:http-req-uri-query-param-name:dbq(fcase =yes)
[176] string-match:http-req-uri-query-param-name:newdb(fcase =yes)
[177] string-match:http-req-uri-query-param-value:CREATE_DB(fcase =yes)
[178] string-match:http-post-req-uri-path:(\\|/)scripts(fcase =yes)
[179] string-match:http-post-req-uri-path:(\\|/)newdsn.exe$(fcase =yes)
[180] string-match:http-post-req-message-body:driver(fcase =yes)
[181] string-match:http-post-req-message-body:Microsoft+Access+Driver+\(*\.mdb\)(fcase =yes)
[182] string-match:http-post-req-message-body:dbq(fcase =yes)
[183] string-match:http-post-req-message-body:newdb(fcase =yes)
[184] string-match:http-post-req-message-body:CREATE_DB(fcase =yes)
[185] unsigned-gt:rexec-login-fail-counter:0xffffffff:0:no
[186] string-match:snmp-set-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x82\x37\x01\x02\x05\x03(fcase =no)
[187] string-match:tftp-rrq-filename:prn(fcase =yes)
[188] string-match:tftp-rrq-filename:(lpt|com)[1-9](fcase =yes)
[189] unsigned-gt:imap-examine-cmd-param-length:0xffffffff:260:no
[190] string-match:netbios-ss-smb-CREATE-filename:\x00\\\x00i\x00r\x00a\x00q\x00_\x00o\x00i\x00l\x00\.\x00e\x00x\x00e(fcase =yes)
[191] string-match:http-req-uri-path:/ConsoleHelp/(fcase =yes)
[192] string-match:netbios-ss-smb-check_directory-buffer:\.\.(/|\.)(fcase =no)
[193] string-match:pktsearch-req-text:^/MSG,Rootbeer Rules!(fcase =no)
[194] string-match:pktsearch-req-text:^/QUE,(fcase =no)
[195] string-match:pktsearch-req-text:^/FIL,(fcase =no)
[196] string-match:pktsearch-req-text:^/NFO,(fcase =no)
[197] numerical-eq:pktsearch-dst-port:0xffffffff:2600:no
[198] numerical-eq:kerberos-error-code:0xffffffff:constructed-primitive-type:no
[199] string-match:ftp-pass-cmd-param:\x31\xc0\x31\xdb\x31\xc9\xb0(fcase =no)
[200] string-match:ftp-site-cmd-param:%x%x%x(fcase =no)
[201] string-match:ftp-site-cmd-param:(%hn|%n)$(fcase =no)
[202] string-match:http-req-uri-path:(\\|/)info2www$(fcase =no)
[203] string-match:http-req-uri-query-params:\.\.(/|\\)(fcase =no)
[204] numerical-eq:http-rsp-server-type:0xffffffff:2:no
[205] numerical-eq:icmp-echo-reply-id:0xffffffff:123:no
[206] string-match:icmp-echo-reply-payload:shell bound (fcase =no)
[207] string-match:smtp-PIF-message-body:ptJ1NSsCzj0o7wh3ZvpxJ7GX(fcase =no)
[208] string-match:smtp-PIF-message-body:uDOHMvb/dxkUvjLLK5tb2iAQ(fcase =no)
[209] string-match:pop3-PIF-message-body:ptJ1NSsCzj0o7wh3ZvpxJ7GX(fcase =no)
[210] string-match:pop3-PIF-message-body:uDOHMvb/dxkUvjLLK5tb2iAQ(fcase =no)
[211] string-match:imap-PIF-message-body:ptJ1NSsCzj0o7wh3ZvpxJ7GX(fcase =no)
[212] string-match:imap-PIF-message-body:uDOHMvb/dxkUvjLLK5tb2iAQ(fcase =no)
[213] unsigned-gt:dhcp-req-cf-hostname-option-len:0xffffffff:254:no
[214] string-match:dhcp-req-sf-hostname-option:%(n|hn)%(fcase =no)
[215] string-match:dhcp-req-sf-hostname-option:\x90\x90\x90\x90(fcase =no)
[216] unsigned-gt:imap-examine-cmd-param-length:0xffffffff:250:no
[217] unsigned-gt:ftp-pass-cmd-param-length:0xffffffff:128:no
[218] string-match:pktsearch-req-text:\x0a\xf7\x02\x97(fcase =no)
[219] string-match:pktsearch-req-text:\x0b\x18\x02\x98(fcase =no)
[220] string-match:pktsearch-req-text:\x0b\x39\x02\x99(fcase =no)
[221] string-match:pktsearch-req-text:\x0b\x5a\x02\x9a(fcase =no)
[222] string-match:pktsearch-req-text:\x20\x20\x08\x01\xe4\x20\xe0\x08(fcase =no)
[223] string-match:pktsearch-req-text:\x20\x20\x08\x01(fcase =no)
[224] string-match:pktsearch-req-text:\xe4\x20\xe0\x08(fcase =no)
[225] string-match:pktsearch-req-text:.bin.sh(fcase =no)
[226] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:50766:no
[227] string-match:pktsearch-req-text:^access(fcase =no)
[228] string-match:pktsearch-rsp-text:^access ok (fcase =no)
[229] unsigned-gt:mms-req-length:0xffffffff:0x80000000:no
[230] string-match:http-req-uri-path:(\\|/)view-source$(fcase =no)
[231] string-match:http-req-uri-query-params:^\.\.(/|\\)(fcase =no)
[232] string-match:rsh-username-client-login:^root[\r\n](fcase =no)
[233] string-match:rsh-client-handshake-serveruser-text:^root$(fcase =no)
[234] unsigned-gt:pop3-retr-cmd-param-length:0xffffffff:200:no
[235] string-match:smtp-name-message-header:price(fcase =yes)
[236] string-match:smtp-ZIP-message-body:YLPIa0vCR0SLSKFpBwllpOa6(fcase =no)
[237] string-match:smtp-ZIP-message-body:OtrDt3FikercXwphogjIKWSF(fcase =no)
[238] string-match:pop3-name-message-header:price(fcase =yes)
[239] string-match:pop3-ZIP-message-body:YLPIa0vCR0SLSKFpBwllpOa6(fcase =no)
[240] string-match:pop3-ZIP-message-body:OtrDt3FikercXwphogjIKWSF(fcase =no)
[241] string-match:imap-name-message-header:price(fcase =yes)
[242] string-match:imap-ZIP-message-body:YLPIa0vCR0SLSKFpBwllpOa6(fcase =no)
[243] string-match:imap-ZIP-message-body:OtrDt3FikercXwphogjIKWSF(fcase =no)
[244] unsigned-gt:imap-status-cmd-param-length:0xffffffff:128:no
[245] string-match:ssh-req-text:a%a%a%a%a%(fcase =no)
[246] unsigned-gt:netbios-ss-dcerpc-license-request-length:0xffffffff:1128:no
[247] unsigned-gt:netbios-ss-dcerpc-license-host-length:0xffffffff:0x10:no
[248] string-match:http-req-uri-path:dfire\.cgi$(fcase =yes)
[249] string-match:http-req-uri-query-param-name:(ipinc|ipone)=|(fcase =yes)
[250] string-match:http-req-uri-query-param-name:(ipinc|ipone)$(fcase =yes)
[251] string-match:http-req-uri-query-param-value:(uname|/etc/|ls+)(fcase =yes)
[252] unsigned-gt:smtp-mail-cmd-param-length:0xffffffff:128:no
[253] string-match:http-req-uri-path:(/|\\)ccbill(/|\\)(fcase =yes)
[254] string-match:http-req-uri-path:(/|\\)whereami\.cgi(fcase =yes)
[255] string-match:pktsearch-req-text:\x13BitTorrent protoco(fcase =no)
[256] string-match:pktsearch-rsp-text:\x13BitTorrent protoco(fcase =no)
[257] string-match-ap:req-content-text:\x13BitTorrent protocol(fcase =no)(offset=0, depth=0)
[258] string-match-ap:rsp-content-text:\x13BitTorrent protocol(fcase =no)(offset=0, depth=0)
[259] string-match:http-req-content-type-header:application\/x-bittorrent(fcase =no)
[260] string-match-ap:req-content-text:\x13BitTorrent protoco(fcase =no)
[261] string-match-ap:rsp-content-text:\x13BitTorrent protoco(fcase =no)
[262] string-match:ftp-pass-cmd-param:ddd@$(fcase =no)
[263] string-match:http-req-user-agent-header:Webtrends Security Analyzer(fcase =no)
[264] string-match:pop3-invalid-cmd-text:\xeb\x32\x5e\x31\xdb\x89\x5e\x07\x89\x5e\x12\x89\x5e\x17(fcase =no)
[265] string-match:pop3-invalid-cmd-text:\xff\xff/bin/sh\xaa\xaa\xaa\xaa(fcase =no)
[266] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TTYPROMPT(\x00|\x01)(fcase =yes)
[267] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TTYP\x02ROMPT(\x00|\x01)(fcase =yes)
[268] string-match:tftp-rrq-filename:(passwd|shadow)(fcase =no)
[269] string-match:tftp-rrq-filename:/etc/group(fcase =no)
[270] string-match:tftp-rrq-filename:\.pwl(fcase =no)
[271] string-match:tftp-rrq-filename:win\.ini(fcase =no)
[272] string-match:smtp-EXE-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[273] string-match:smtp-EXE-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[274] string-match:smtp-PIF-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[275] string-match:smtp-PIF-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[276] string-match:smtp-subject-message-header:il account s(fcase =no)
[277] string-match:smtp-subject-message-header:fy about usi(fcase =no)
[278] string-match:smtp-subject-message-header:ing about yo(fcase =no)
[279] string-match:smtp-subject-message-header:tant notify (fcase =no)
[280] string-match:smtp-subject-message-header:fy about you(fcase =no)
[281] string-match:smtp-subject-message-header:l account di(fcase =no)
[282] string-match:smtp-message-body:password pro(fcase =no)
[283] string-match:smtp-message-body:reasons. Pas(fcase =no)
[284] string-match:smtp-message-body:following pa(fcase =no)
[285] string-match:smtp-name-message-header:\.zip(fcase =yes)
[286] string-match:pop3-EXE-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[287] string-match:pop3-EXE-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[288] string-match:pop3-PIF-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[289] string-match:pop3-PIF-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[290] string-match:pop3-subject-message-header:il account s(fcase =no)
[291] string-match:pop3-subject-message-header:fy about usi(fcase =no)
[292] string-match:pop3-subject-message-header:ing about yo(fcase =no)
[293] string-match:pop3-subject-message-header:tant notify (fcase =no)
[294] string-match:pop3-subject-message-header:fy about you(fcase =no)
[295] string-match:pop3-subject-message-header:l account di(fcase =no)
[296] string-match:pop3-message-body:password pro(fcase =no)
[297] string-match:pop3-message-body:reasons. Pas(fcase =no)
[298] string-match:pop3-message-body:following pa(fcase =no)
[299] string-match:pop3-name-message-header:\.zip(fcase =yes)
[300] string-match:imap-EXE-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[301] string-match:imap-EXE-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[302] string-match:imap-PIF-message-body:F/oCfAmSCCMO+TpIdWouIwgU(fcase =no)
[303] string-match:imap-PIF-message-body:1hXdLOssdwIFMMBVrEjtAceL(fcase =no)
[304] string-match:imap-subject-message-header:il account s(fcase =no)
[305] string-match:imap-subject-message-header:fy about usi(fcase =no)
[306] string-match:imap-subject-message-header:ing about yo(fcase =no)
[307] string-match:imap-subject-message-header:tant notify (fcase =no)
[308] string-match:imap-subject-message-header:fy about you(fcase =no)
[309] string-match:imap-subject-message-header:l account di(fcase =no)
[310] string-match:imap-message-body:password pro(fcase =no)
[311] string-match:imap-message-body:reasons. Pas(fcase =no)
[312] string-match:imap-message-body:following pa(fcase =no)
[313] string-match:imap-name-message-header:\.zip(fcase =yes)
[314] numerical-eq:rpc-call-version:0xffffffff:1:no
[315] numerical-eq:rpc-call-prognum:0xffffffff:100024:no
[316] numerical-eq:rpc-call-procedure:0xffffffff:4:no
[317] unsigned-gt:rpc-call-data-len:0xffffffff:1000:no
[318] numerical-eq:tds-mssql-req-frag-counter:0xffffffff:2000:no
[319] string-match:http-req-uri-path:\.idq$(fcase =yes)
[320] string-match:http-req-uri-query-param-name:CiTemplate(fcase =yes)
[321] string-match:http-req-uri-query-param-value:\.\./(fcase =no)
[322] string-match:http-req-uri-path:(\\|/)AnyForm2(fcase =yes)
[323] string-match:http-req-query-param-name:AnyFormTo(fcase =no)
[324] string-match:http-req-query-param-value:;/(bin|usr/bin|sbin|usr/sbin)/(fcase =no)
[325] numerical-eq:pktsearch-udp-src-port:0xffffffff:4000:no
[326] unsigned-gt:pktsearch-req-pktlen:0xffffffff:612:no
[327] string-match:pktsearch-req-text:^\x05\x00.....\x12\x02(fcase =no)
[328] string-match:pktsearch-req-text:\x05\x00.....\x6e\x00(fcase =no)
[329] string-match:pktsearch-req-text:\x05\x00.....\xde\x03(fcase =no)
[330] string-match:pktsearch-req-text:\x31\xc0\x50\x50\x2d\x03\xbc\xfc\xff\xf7(fcase =no)
[331] string-match:pktsearch-ciscoacs-req-text:^%%%%%XX%%%%%(fcase =no)
[332] string-match:telnet-username-client-login:^4Dgifts$(fcase =no)
[333] string-match:telnet-username-client-login:^lp$(fcase =no)
[334] string-match:telnet-username-client-login:^tour$(fcase =no)
[335] string-match:telnet-username-client-login:^tutor$(fcase =no)
[336] string-match:telnet-username-client-login:^demos$(fcase =no)
[337] string-match:telnet-username-client-login:^EZsetup$(fcase =no)
[338] string-match:telnet-username-client-login:^OutOfBox$(fcase =no)
[339] numerical-eq:http-error-code:0xffffffff:INVALID_AUTH_BASIC_BASE64:no
[340] numerical-eq:http-dst-port:0xffffffff:901:no
[341] string-match:smtp-CPL-message-body:+oNfsvE0YyAOO+zFKMVS5OvW(fcase =no)
[342] string-match:smtp-CPL-message-body:EcgSNqofcGbj+lTm2dV0BnjL(fcase =no)
[343] string-match:smtp-SCR-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[344] string-match:smtp-SCR-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[345] string-match:smtp-PIF-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[346] string-match:smtp-PIF-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[347] string-match:smtp-EXE-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[348] string-match:smtp-EXE-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[349] string-match:smtp-COM-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[350] string-match:smtp-COM-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[351] string-match:smtp-HTA-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[352] string-match:smtp-VBS-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[353] string-match:imap-CPL-message-body:+oNfsvE0YyAOO+zFKMVS5OvW(fcase =no)
[354] string-match:imap-CPL-message-body:EcgSNqofcGbj+lTm2dV0BnjL(fcase =no)
[355] string-match:imap-SCR-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[356] string-match:imap-SCR-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[357] string-match:imap-PIF-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[358] string-match:imap-PIF-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[359] string-match:imap-EXE-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[360] string-match:imap-EXE-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[361] string-match:imap-COM-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[362] string-match:imap-COM-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[363] string-match:imap-HTA-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[364] string-match:imap-VBS-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[365] string-match:pop3-CPL-message-body:+oNfsvE0YyAOO+zFKMVS5OvW(fcase =no)
[366] string-match:pop3-CPL-message-body:EcgSNqofcGbj+lTm2dV0BnjL(fcase =no)
[367] string-match:pop3-SCR-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[368] string-match:pop3-SCR-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[369] string-match:pop3-PIF-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[370] string-match:pop3-PIF-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[371] string-match:pop3-EXE-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[372] string-match:pop3-EXE-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[373] string-match:pop3-COM-message-body:cbDWEOoL5XZsfwlIciEloPxx(fcase =no)
[374] string-match:pop3-COM-message-body:jP58PgsWsAArCNym2P2aO01B(fcase =no)
[375] string-match:pop3-HTA-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[376] string-match:pop3-VBS-message-body:108,143,109,52,207,234,33,242,37,210,17,249,5(fcase =no)
[377] unsigned-gt:imap-auth-cmd-param-length:0xffffffff:1024:no
[378] unsigned-gt:smtp-user-cmd-param-length:0xffffffff:2048:no
[379] unsigned-gt:netbios-ns-name-len:0xffffffff:34:no
[380] unsigned-gt:netbios-ns-rdata-nb-name-len:0xffffffff:34:no
[381] string-match:http-req-uri-path:/whois(fcase =no)
[382] string-match:http-req-query-params:whois=;(fcase =no)
[383] string-match:http-req-query-params:whois=|(fcase =no)
[384] string-match:http-req-query-params:;(id|uname|ls)(fcase =no)
[385] string-match:http-req-query-params:/(etc|bin|usr|sbin)/(fcase =no)
[386] numerical-eq:pktsearch-icq-counter:0xffffffff:2:no
[387] string-match:pktsearch-req-text:<IMG src="\.\.\\(fcase =no)
[388] unsigned-gt:dcerpc-req-DCOM-request-frag-length:0xffffffff:1500:no
[389] numerical-eq:dcerpc-error-code:0xffffffff:DCOM_OP4_FORMAT_ERROR:no
[390] numerical-eq:dcerpc-same-request-counter:0xffffffff:10:no
[391] numerical-eq:dcerpc-error-code:0xffffffff:23:no
[392] unsigned-gt:dcerpc-dcom-share-name-length:0xffffffff:200:no
[393] numerical-eq:netbios-ss-error-code:0xffffffff:23:no
[394] unsigned-gt:netbios-ss-dcerpc-dcom-share-name-length:0xffffffff:200:no
[395] string-match:ftp-stor-cmd-param:\.forward(fcase =no)
[396] unsigned-gt:sip-req-header-len:0xffffffff:1024:no
[397] string-match:sip-req-header-text:(%|\x2E|-|\x30#F0)\x30#F0\x30#F0[ndoxucsefg]%(fcase =no)
[398] string-match:sip-req-header-text:\x30#F0\x30#F0(\$n|\$hn)%(fcase =no)
[399] string-match:sip-req-header-text:%\x40#E0%\x40#E0%\x40#E0%[ndoxucsefg]%(fcase =no)
[400] unsigned-gt:sip-req-header-len:0xffffffff:512:no
[401] string-match:netbios-ss-smb-session_setup_andx-buffer:\x06\x06\x2b\x06\x01\x05\x05\x02\xa0.\x30.(\xa1|\xa2)(fcase =no)
[402] numerical-eq:rpc-call-prognum:0xffffffff:100007:no
[403] unsigned-gt:rpc-call-data-len:0xffffffff:4096:no
[404] string-match:pktsearch-req-text:GNUTELLA CONNECT/(fcase =yes)
[405] string-match:pktsearch-req-text:User-Agent: Swapper(fcase =yes)
[406] string-match:http-get-req-user-agent-header:Swapper(fcase =yes)
[407] numerical-eq:icmp-echo-id:0xffffffff:666:no
[408] string-match:http-req-uri-path:\.(htr|idc|stm|idq|ida|htw|cer)[ \t](fcase =yes)
[409] string-match:http-req-uri-path:\.htr$(fcase =yes)
[410] string-match:http-req-uri-path:\.idc$(fcase =yes)
[411] string-match:http-req-uri-path:\.stm$(fcase =yes)
[412] string-match:http-req-uri-path:\.ida$(fcase =yes)
[413] string-match:http-req-uri-path:\.htw$(fcase =yes)
[414] string-match:http-req-uri-path:\.cer$(fcase =yes)
[415] unsigned-gt:http-req-uri-length:0xffffffff:1024:no
[416] string-match:http-req-host-header:\x67\x68\x90\x90\x90\x90\x58\x58\x90\x33\xc0\x50(fcase =no)
[417] unsigned-gt:http-req-uri-length:0xffffffff:48000:no
[418] string-match:http-req-uri-path:\.asp(fcase =yes)
[419] string-match:http-req-uri-path:violation\.php3$(fcase =no)
[420] string-match:http-req-uri-query-param-name:Mod(fcase =no)
[421] string-match:http-req-uri-query-param-value:@(fcase =no)
[422] string-match:http-req-uri-query-param-name:ForumName(fcase =no)
[423] string-match:smtp-SCR-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[424] string-match:smtp-SCR-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[425] string-match:smtp-PIF-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[426] string-match:smtp-PIF-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[427] string-match:smtp-CMD-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[428] string-match:smtp-CMD-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[429] string-match:smtp-EXE-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[430] string-match:smtp-EXE-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[431] string-match:smtp-BAT-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[432] string-match:smtp-BAT-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[433] string-match:pop3-SCR-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[434] string-match:pop3-SCR-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[435] string-match:pop3-PIF-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[436] string-match:pop3-PIF-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[437] string-match:pop3-CMD-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[438] string-match:pop3-CMD-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[439] string-match:pop3-EXE-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[440] string-match:pop3-EXE-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[441] string-match:pop3-BAT-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[442] string-match:pop3-BAT-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[443] string-match:imap-SCR-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[444] string-match:imap-SCR-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[445] string-match:imap-PIF-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[446] string-match:imap-PIF-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[447] string-match:imap-CMD-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[448] string-match:imap-CMD-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[449] string-match:imap-EXE-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[450] string-match:imap-EXE-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[451] string-match:imap-BAT-message-body://9Vi+xX/It9CItNDMHpAjPA(fcase =no)
[452] string-match:imap-BAT-message-body:4wLzqwuD4QMJ/3f/fqpfycII(fcase =no)
[453] unsigned-gt:http-req-uri-query-param-name-length:0xffffffff:220:no
[454] string-match:http-req-uri-path:\.(ida|idq)(fcase =yes)
[455] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:80:no
[456] string-match:pktsearch-rsp-text:Desconectado Web Serve CT ver\.2(fcase =no)
[457] string-match:pktsearch-rsp-text:Desconectado Web Serve CT(fcase =no)
[458] string-match:http-req-uri-path:^/END HTTP(fcase =yes)
[459] string-match:http-req-uri-path:/REINICIA HTTP(fcase =yes)
[460] string-match:http-req-uri-path:/CERRAR HTTP(fcase =yes)
[461] string-match:http-req-uri-path:/INICIO HTTP(fcase =yes)
[462] string-match:http-req-uri-path:/VENTANA HTTP(fcase =yes)
[463] string-match:http-before-rsp-text:\x3Cstrong\x3EINICIO\x3C/strong\x3E(fcase =no)
[464] string-match:http-before-rsp-text:\x3Cstrong\x3EREINICIAR SERVIDOR\x3C/strong\x3E(fcase =no)
[465] string-match:http-before-rsp-text:\x3Cstrong\x3ECERRAR SERVIDOR\x3C/strong\x3E(fcase =no)
[466] string-match:http-before-rsp-text:Desconectado Web Serve CT(fcase =no)
[467] string-match:http-head-req-uri-path:^/Messenger\.(fcase =no)
[468] string-match:http-get-req-uri-path:^/Messenger\.(fcase =no)
[469] string-match:http-post-req-uri-path:^/Messenger\.(fcase =no)
[470] string-match:http-req-uri-path:^/notifyft$(fcase =no)
[471] string-match:pktsearch-req-text:^GET /Messenger\.(fcase =yes)
[472] string-match:pktsearch-req-text:^HEAD /Messenger\.(fcase =yes)
[473] string-match:pktsearch-req-text:^POST /Messenger\.(fcase =yes)
[474] string-match-ap:req-content-text:YMSG(\x00.|.\x00)(fcase =no)
[475] string-match-ap:req-content-text:\x34\x39\xC0\x80FILEXFER(fcase =yes)
[476] string-match:dns-response-qname:messenger.hotmail.com(fcase =no)
[477] string-match:dns-response-qname:gateway.messenger.hotmail.com(fcase =no)
[478] string-match:dns-response-qname:messenger.hotmail-int.com(fcase =no)
[479] unsigned-gt:rtsp-req-header-len:0xffffffff:4096:no
[480] unsigned-gt:rtsp-req-header-len:0xffffffff:1024:no
[481] numerical-eq:ssrs-cmd:0xffffffff:8:no
[482] numerical-eq:ssrs-cmd:0xffffffff:10:no
[483] unsigned-gt:ssrs-req-first-pktlen:0xffffffff:100:no
[484] string-match:http-req-uri-path:jrun\.plugins\.ssi\.SSIFilter(fcase =yes)
[485] string-match:http-req-uri-path:\.\.(/|\\)(fcase =yes)
[486] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)resolv_host_conf(\x00|\x01)\x2f(fcase =yes)
[487] unsigned-gt:ftp-unlock-cmd-param-length:0xffffffff:512:no
[488] unsigned-gt:http-req-header-length:0xffffffff:65535:no
[489] unsigned-gt:http-req-header-length:0xffffffff:4096:no
[490] string-match:smtp-mail-cmd-param:from: |(fcase =yes)
[491] string-match:smtp-rcpt-cmd-param:to: |(fcase =yes)
[492] string-match:http-post-req-uri-path:nsiislog\.dll(fcase =yes)
[493] string-match:http-post-req-transfer-encoding-header:chunked(fcase =yes)
[494] unsigned-gt:http-post-req-message-body-length:0xffffffff:512:no
[495] numerical-eq:rpc-call-prognum:0xffffffff:100249:no
[496] numerical-eq:rpc-call-procedure:0xffffffff:257:no
[497] string-match:rpc-call-data:\x90\x03\xe0\x20\x92\x02\x20\x10\xc0\x22\x20\x08\xd0\x22\x20\x10(fcase =no)
[498] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x87\x99\x00\x00\x00\x01\x00\x00\x01\x01(fcase =no)
[499] string-match:pktsearch-req-text:\x90\x03\xe0\x20\x92\x02\x20\x10\xc0\x22\x20\x08\xd0\x22\x20\x10(fcase =no)
[500] string-match:pktsearch-req-text:Hello\.\.\.(fcase =no)
[501] string-match:pktsearch-rsp-text:Vampire v1\.2 Server On-Line(fcase =no)
[502] string-match:upnp-req-webdav-notify-uri-text: * (fcase =no)
[503] unsigned-gt:upnp-req-location-header-len:0xffffffff:256:no
[504] numerical-eq:kerberos-error-code:0xffffffff:ms-bitstr-error:no
[505] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5000:no
[506] string-match:pktsearch-rsp-text:^ Remote > OK\.\.(fcase =no)
[507] string-match:pktsearch-req-text:^ Remote > OK\.\.(fcase =no)
[508] string-match:upnp-rsp-text: Remote > OK\.\.(fcase =no)
[509] string-match:upnp-req-before-method-text: Remote > OK\.\.(fcase =no)
[510] numerical-eq:upnp-protocol:0xffffffff:5000:no
[511] numerical-eq:portmapper-call-procedure:0xffffffff:5:no
[512] numerical-eq:ssrs-cmd:0xffffffff:4:no
[513] unsigned-gt:ssrs-req-pktlen:0xffffffff:100:no
[514] string-match:ssrs-req-text:\xDC\xC9\xB0\x42\xEB(fcase =no)
[515] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:250:no
[516] unsigned-gt:ftp-cwd-cmd-param-length:0xffffffff:250:no
[517] string-match:ftp-cmd-param:*/X*/X*/X*(fcase =no)
[518] string-match:ftp-cmd-param:\.\./*/\.\./(fcase =no)
[519] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:254:no
[520] string-match:ftp-cmd-param:.*/\.\./.*/(fcase =no)
[521] unsigned-gt:ftp-cwd-cmd-param-length:0xffffffff:254:no
[522] unsigned-gt:ftp-stor-cmd-param-length:0xffffffff:254:no
[523] unsigned-gt:ftp-dele-cmd-param-length:0xffffffff:254:no
[524] unsigned-gt:ftp-list-cmd-param-length:0xffffffff:254:no
[525] unsigned-gt:ftp-stat-cmd-param-length:0xffffffff:254:no
[526] string-match:ftp-cmd-param:*/\.\./(fcase =no)
[527] string-match:ftp-cmd-param:/\.\./*(fcase =no)
[528] string-match:ftp-cmd-param:*/.*/(fcase =no)
[529] string-match:http-post-req-message-body:name="\xcc\xcc\xcc\xcc(fcase =no)
[530] string-match:http-post-req-message-body:name="\x08"(fcase =no)
[531] string-match:http-post-req-message-body:name="\xeb\x06\xeb\x04\xeb\x04\xeb\x04\xeb\x04\xeb\x04(fcase =no)
[532] string-match:http-post-req-content-type-header:multipart/form-data; boundary=(fcase =no)
[533] string-match:http-post-req-message-body:Content-Disposition: form-data; (fcase =no)
[534] numerical-eq:rexec-crlf-cnt:0xffffffff:2:no
[535] string-match:snmp-trap-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x0b\x02\x11\x01(fcase =no)
[536] string-match:snmp-trap-enterprise-object-id-field:^\x2b\x06\x01\x04\x01\x0b\x02\x11\x01(fcase =no)
[537] string-match:snmp-trap-varbind-value-field:xterm(fcase =no)
[538] string-match:snmp-trap-varbind-value-field:hpterm(fcase =no)
[539] string-match:snmp-v2-trap-varbind-value-field:xterm(fcase =no)
[540] string-match:snmp-v2-trap-varbind-value-field:hpterm(fcase =no)
[541] string-match:snmp-v2-trap-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x0b\x02\x11\x01(fcase =no)
[542] string-match:snmp-v2-inform-varbind-value-field:xterm(fcase =no)
[543] string-match:snmp-v2-inform-varbind-value-field:hpterm(fcase =no)
[544] string-match:snmp-v2-inform-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x0b\x02\x11\x01(fcase =no)
[545] numerical-eq:netbios-ss-dcerpc-req-WINREG-request-op-num:0xffffffff:0x06:no
[546] numerical-eq:netbios-ss-dcerpc-req-WINREG-request-op-num:0xffffffff:0x16:no
[547] string-match:http-req-uri-path:\.% 00(fcase =no)
[548] string-match:http-req-uri-path:%00html(fcase =yes)
[549] string-match:http-req-uri-path:/exec/(fcase =no)
[550] string-match:http-req-uri-path:/show/(fcase =no)
[551] string-match:http-req-uri-path:/config/cr(fcase =no)
[552] string-match:ftp-mkd-cmd-param:\x5e\x56\x5f\xac\x3c\xa0\x74(fcase =no)
[553] string-match:ftp-before-rsp-code-rsp-text:^220 WFTPD [23]\.(fcase =no)
[554] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:256:no
[555] string-match:pktsearch-mstream-a2h-req-text:newserver(fcase =no)
[556] unsigned-gt:imap-delete-cmd-param-length:0xffffffff:1024:no
[557] numerical-eq:netbios-ss-dcerpc-req-LSA_DS-op-num:0xffffffff:0x09:no
[558] unsigned-gt:netbios-ss-dcerpc-req-LSA_DS-frag-length:0xffffffff:2048:no
[559] numerical-eq:dcerpc-udp-req-LSA_DS-request-udp-op-num:0xffffffff:0x09:no
[560] unsigned-gt:dcerpc-udp-LSA_DS-request-udp-length:0xffffffff:2048:no
[561] numerical-eq:dcerpc-LSA_DS-request-op-num:0xffffffff:0x09:no
[562] unsigned-gt:dcerpc-req-LSA_DS-request-frag-length:0xffffffff:2048:no
[563] numerical-eq:rpc-call-prognum:0xffffffff:100005:no
[564] numerical-eq:rpc-call-procedure:0xffffffff:1:no
[565] string-match:rpc-call-data:\xeb\x56\x5e\x56\x56\x56\x31\xd2\x88\x56\x0b\x88\x56\x1e\x88\x56\x27\x88\x56\x38\xb2\x0a\x88\x56\x1d\x88\x56\x26\x5b\x31\xc9\x41\x41\x31\xc0\xb0\x05\xcd\x80\x50\x89\xc3\x31\xc9\x31\xd2\xb2\x02\x31\xc0\xb0\x13\xcd\x80\x58\x89\xc2\x89\xc3\x59\x52\x31\xd2\xb2(fcase =no)
[566] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xa5\x00\x00\x00\x01\x00\x00\x00\x01(fcase =no)
[567] string-match:pktsearch-req-text:\xeb\x56\x5e\x56\x56\x56\x31\xd2\x88\x56\x0b\x88\x56\x1e\x88\x56\x27\x88\x56\x38\xb2\x0a\x88\x56\x1d\x88\x56\x26\x5b\x31\xc9\x41\x41\x31\xc0\xb0\x05\xcd\x80\x50\x89\xc3\x31\xc9\x31\xd2\xb2\x02\x31\xc0\xb0\x13\xcd\x80\x58\x89\xc2\x89\xc3\x59\x52\x31\xd2\xb2(fcase =no)
[568] string-match:http-req-uri-path:/level/(fcase =no)
[569] string-match:http-req-uri-path:\\level\\(fcase =no)
[570] string-match:http-req-uri-path:\\1[6-9]\\(fcase =no)
[571] string-match:http-req-uri-path:/1[6-9]/(fcase =no)
[572] string-match:http-req-uri-path:\\[2-9][0-9]\\(fcase =no)
[573] string-match:http-req-uri-path:/[2-9][0-9]/(fcase =no)
[574] string-match:http-req-uri-path:(/|\\)exec(/|\\)(fcase =no)
[575] string-match:smtp-EXE-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[576] string-match:smtp-EXE-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[577] string-match:smtp-PIF-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[578] string-match:smtp-PIF-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[579] string-match:smtp-SCR-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[580] string-match:smtp-SCR-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[581] string-match:smtp-BAT-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[582] string-match:smtp-BAT-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[583] string-match:smtp-COM-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[584] string-match:smtp-COM-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[585] string-match:smtp-ZIP-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[586] string-match:smtp-ZIP-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[587] string-match:smtp-ZIP-message-body:eBwr8IMbKP/2rf9g0jHnt6ug(fcase =no)
[588] string-match:smtp-ZIP-message-body:hsn5aWffuvEkk7Okvx9F////(fcase =no)
[589] string-match:smtp-ZIP-message-body:HCvwgxso//at/2DSMee3q6CG(fcase =no)
[590] string-match:smtp-ZIP-message-body:yflpZ9+68SSTs6S/H0X/////(fcase =no)
[591] string-match:imap-EXE-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[592] string-match:imap-EXE-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[593] string-match:imap-PIF-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[594] string-match:imap-PIF-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[595] string-match:imap-SCR-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[596] string-match:imap-SCR-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[597] string-match:imap-BAT-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[598] string-match:imap-BAT-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[599] string-match:imap-COM-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[600] string-match:imap-COM-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[601] string-match:imap-ZIP-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[602] string-match:imap-ZIP-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[603] string-match:imap-ZIP-message-body:eBwr8IMbKP/2rf9g0jHnt6ug(fcase =no)
[604] string-match:imap-ZIP-message-body:hsn5aWffuvEkk7Okvx9F////(fcase =no)
[605] string-match:imap-ZIP-message-body:HCvwgxso//at/2DSMee3q6CG(fcase =no)
[606] string-match:imap-ZIP-message-body:yflpZ9+68SSTs6S/H0X/////(fcase =no)
[607] string-match:pop3-EXE-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[608] string-match:pop3-EXE-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[609] string-match:pop3-PIF-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[610] string-match:pop3-PIF-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[611] string-match:pop3-SCR-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[612] string-match:pop3-SCR-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[613] string-match:pop3-BAT-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[614] string-match:pop3-BAT-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[615] string-match:pop3-COM-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[616] string-match:pop3-COM-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[617] string-match:pop3-ZIP-message-body:8ngcK/CDGyj/9q3/YNIx57er(fcase =no)
[618] string-match:pop3-ZIP-message-body:oIbJ+Wln37rxJJOzpL8fRf//(fcase =no)
[619] string-match:pop3-ZIP-message-body:eBwr8IMbKP/2rf9g0jHnt6ug(fcase =no)
[620] string-match:pop3-ZIP-message-body:hsn5aWffuvEkk7Okvx9F////(fcase =no)
[621] string-match:pop3-ZIP-message-body:HCvwgxso//at/2DSMee3q6CG(fcase =no)
[622] string-match:pop3-ZIP-message-body:yflpZ9+68SSTs6S/H0X/////(fcase =no)
[623] unsigned-gt:imap-fetch-cmd-param-length:0xffffffff:1024:no
[624] unsigned-gt:http-req-uri-query-param-name-length:0xffffffff:127:no
[625] string-match:http-req-uri-path:(/|\\)php\.cgi(fcase =yes)
[626] unsigned-gt:dtspcd-client-text-len:0xffffffff:1024:no
[627] string-match:dtspcd-client-text:^0000(fcase =no)
[628] string-match:dtspcd-client-text:\x82\x10\x20.\x91\xd0\x20\x08(fcase =no)
[629] string-match:dtspcd-client-text:\x82\x10\x20.\x91\xd0\x38\x08(fcase =no)
[630] string-match:dtspcd-client-text:\x82\x10\x20.\x91\xd0\x38\x10(fcase =no)
[631] string-match:dtspcd-server-text:uid=0\(root\) gid=0\(root\)(fcase =no)
[632] string-match:http-req-uri-path:(\\|/)webcart\.cgi$(fcase =yes)
[633] string-match:http-req-uri-query-param-value:;(ls|mv|cp|mail)(fcase =no)
[634] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4444:no
[635] string-match:pktsearch-req-text:^\|ENUMDRVS\|(fcase =no)
[636] string-match:pktsearch-rsp-text:^\|DRVS\|(fcase =no)
[637] string-match:ftp-retr-cmd-param:[ /]passwd[ \r\n](fcase =no)
[638] string-match:ftp-retr-cmd-param:[ /]shadow[ \r\n](fcase =no)
[639] string-match:pop3-invalid-cmd-text:\xeb\x33\x5e\x89\x76\x08\x31\xc0\x88\x66\x07\x83\xee\x02\x31\xdb\x89\x5e\x0e\x83\xc6\x02\xb0\x1b\x24\x0f\x8d\x5e\x08\x89\xd9\x83\xee\x02\x8d\x5e\x0e\x89\xda\x83\xc6\x02\x89\xf3\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xc8\xff\xff\xff/bin/sh(fcase =no)
[640] string-match:pop3-invalid-cmd-text:^sh -i(fcase =no)
[641] string-match:smtp-PIF-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[642] string-match:smtp-PIF-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[643] string-match:smtp-EXE-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[644] string-match:smtp-EXE-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[645] string-match:smtp-message-body:Dear user of(fcase =no)
[646] string-match:smtp-message-body:Hello user o(fcase =no)
[647] string-match:smtp-message-body:Dear user, t(fcase =no)
[648] string-match:smtp-name-message-header:\.rar(fcase =yes)
[649] string-match:pop3-PIF-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[650] string-match:pop3-PIF-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[651] string-match:pop3-EXE-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[652] string-match:pop3-EXE-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[653] string-match:pop3-message-body:Dear user of(fcase =no)
[654] string-match:pop3-message-body:Hello user o(fcase =no)
[655] string-match:pop3-message-body:Dear user, t(fcase =no)
[656] string-match:pop3-name-message-header:\.rar(fcase =yes)
[657] string-match:imap-PIF-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[658] string-match:imap-PIF-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[659] string-match:imap-EXE-message-body:Qh2acQvsAJYM1j9sbBLQ0N9o(fcase =no)
[660] string-match:imap-EXE-message-body:dBj3ZHBi7tOy/Zo7C6YhQZ9s(fcase =no)
[661] string-match:imap-message-body:Dear user of(fcase =no)
[662] string-match:imap-message-body:Hello user o(fcase =no)
[663] string-match:imap-message-body:Dear user, t(fcase =no)
[664] string-match:imap-name-message-header:\.rar(fcase =yes)
[665] string-match:smtp-rcpt-cmd-param:versus@xnet\.ro(fcase =no)
[666] string-match:smtp-to-message-header:versus@xnet\.ro(fcase =no)
[667] string-match:smtp-subject-message-header:Hack the planet!(fcase =yes)
[668] numerical-eq:icmp-type:0xffffffff:13:no
[669] numerical-eq:pktsearch-dst-port:0xffffffff:12623:no
[670] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:12624:no
[671] string-match:pktsearch-req-text:^\x2a\x3f\x21\x3f\x53\x43\x0d(fcase =no)
[672] string-match:pktsearch-rsp-text:^\x23\x2b\x0d\x0a(fcase =no)
[673] numerical-eq:rpc-call-prognum:0xffffffff:300019:no
[674] numerical-eq:rpc-call-procedure:0xffffffff:7:no
[675] string-match:pktsearch-dwrc-req-text:\xDD\x03\x64\x03\x7C\xEE\x09\x64\x08(fcase =no)
[676] string-match:http-req-uri-path:classifieds\.cgi$(fcase =no)
[677] string-match:http-req-query-param-name:mailprog(fcase =no)
[678] string-match:http-req-query-param-value:(/usr/|/bin/|/sbin/)(fcase =no)
[679] string-match:http-req-query-param-value:</(fcase =no)
[680] unsigned-gt:pop3-user-cmd-param-length:0xffffffff:370:no
[681] string-match:pop3-user-cmd-param:XXX@userfriendly\.org(fcase =no)
[682] numerical-eq:telnet-valid-server:0xffffffff:0:no
[683] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5554:no
[684] string-match:pktsearch-req-text:USER x\x0a(fcase =no)
[685] string-match:pktsearch-req-text:PASS x\x0a(fcase =no)
[686] string-match:pktsearch-req-text:PORT \x90\x90\x90\x90(fcase =no)
[687] string-match:pktsearch-rsp-text:^200 OK(fcase =no)
[688] unsigned-gt:imap-login-cmd-param-length:0xffffffff:1600:no
[689] string-match:lpr-unsupport-cmd-buffer:%[1-9](fcase =no)
[690] string-match:lpr-unsupport-cmd-buffer:(%|$)n%(fcase =no)
[691] string-match:lpr-unsupport-cmd-buffer:%\.(fcase =no)
[692] string-match:lpr-unsupport-cmd-buffer:(%|$)p%(fcase =no)
[693] unsigned-gt:smtp-mail-cmd-param-length:0xffffffff:622:no
[694] string-match:smtp-mail-cmd-param:msvcrt\.dll\.system\.(fcase =no)
[695] string-match:smtp-mail-cmd-param:\xEB\x4B\x5B\x53\x32\xE4\x83\xC3\x0b\x4B\x88\x23\xB8\x50\x77\xF7\xBF\xFF(fcase =no)
[696] string-match:http-req-uri-path:(/|\\)ism\.dll(fcase =yes)
[697] string-match:http-req-uri-query-params:http/dir(fcase =yes)
[698] string-match:pktsearch-req-text:\x00\x00File\x00\x00\x01(fcase =no)
[699] string-match:pktsearch-req-text:%s%s%s%s%s%s%s%s\.(fcase =no)
[700] numerical-eq:dcerpc-MSMQ-request-op-num:0xffffffff:6:no
[701] numerical-eq:dcerpc-error-code:0xffffffff:OVERLARGE_PDU:no
[702] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:60411:no
[703] string-match:pktsearch-rsp-text:^Conectado!(fcase =no)
[704] string-match:pktsearch-rsp-text:Host Control Server(fcase =no)
[705] string-match:ftp-invalid-cmd-text:^CEL(fcase =no)
[706] string-match:ftp-invalid-cmd-text:\xde\xad\xca\xfe\xde\xad\xca\xfe(fcase =no)
[707] unsigned-gt:ftp-invalid-cmd-text-length:0xffffffff:512:no
[708] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1183:no
[709] numerical-eq:pktsearch-udp-dst-port:0xffffffff:1183:no
[710] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:11225:no
[711] numerical-eq:pktsearch-udp-dst-port:0xffffffff:11225:no
[712] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:15432:no
[713] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:22115:no
[714] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:51234:no
[715] string-match:ident-req-text:^\|ENUMDRVS\|(fcase =no)
[716] string-match:ident-rsp-text:^\|DRVS\|(fcase =no)
[717] string-match:netbios-ss-smb-open_andx-buffer:\.(\\|/)(\\|/)(\\|/)(\\|/)(\\|/)(fcase =no)
[718] string-match:netbios-ss-smb-transaction2-buffer:\.\x00(\\|/)\x00(\\|/)\x00(\\|/)\x00(\\|/)\x00(\\|/)(fcase =no)
[719] string-match:netbios-ss-smb-open_andx-buffer:\.\.(\\|/)(\\|/)(\\|/)(fcase =no)
[720] string-match:netbios-ss-smb-transaction2-buffer:\.\x00\.\x00(\\|/)\x00(\\|/)\x00(\\|/)(fcase =no)
[721] string-match:tds-sybase-client-query-payload:drop database(fcase =yes)
[722] string-match:tds-sybase-client-query-payload:replicate\((fcase =yes)
[723] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:17300:no
[724] string-match:pktsearch-rsp-text:^YOK2(fcase =no)
[725] string-match:rpc-call-data:\x3b(fcase =no)
[726] string-match:rpc-call-data:\x7c(fcase =no)
[727] string-match:rpc-call-data:\x0a(fcase =no)
[728] numerical-eq:rpc-call-prognum:0xffffffff:100099:no
[729] unsigned-gt:tds-mssql-req-packet-length:0xffffffff:1000:no
[730] string-match:tds-mssql-client-query-payload:\x00B\x00U\x00L\x00K\x00 \x00I\x00N\x00S\x00E\x00R\x00T\x00(fcase =yes)
[731] unsigned-gt:netbios-ss-tds-client-packet-length:0xffffffff:1000:no
[732] string-match:netbios-ss-tds-client-query-payload:\x00B\x00U\x00L\x00K\x00 \x00I\x00N\x00S\x00E\x00R\x00T\x00(fcase =yes)
[733] numerical-eq:icmp-echo-reply-id:0xffffffff:1000:no
[734] string-match:icmp-echo-reply-payload:\x73\x70\x6F\x6F\x66\x77\x6F\x72\x6B\x73(fcase =no)
[735] string-match:http-req-uri-path:(\\|/)fp30reg\.dll$(fcase =yes)
[736] string-match:http-req-uri-query-params:^\xff\x66\x78(fcase =yes)
[737] string-match:http-req-message-body:\xeb\x1a\x5f\x56\x56\x57\x5e\x33\xc9\xac\x3a\xc1\x74\x13\x3c\x30\x74\x05\x34(fcase =no)
[738] string-match:http-post-req-message-body:\x90\x90\x90\x90\x8b\x74\x24\xfc\xb8\x2e\x61\x68\x6d\x05(fcase =no)
[739] string-match:http-post-req-message-body:/bin/shA-cA/usr/openwin/(fcase =no)
[740] string-match:http-post-req-uri-path:(\\|/)w3-msql(fcase =no)
[741] string-match:http-post-req-uri-path:(\\|/)index\.html$(fcase =no)
[742] unsigned-gt:http-post-req-content-length:0xffffffff:15491:no
[743] string-match:smtp-EXE-message-body:lIjBGsYH3gv74KycWR+1B43B(fcase =no)
[744] string-match:smtp-EXE-message-body:BtQzijO0TqdHbOVIdfImr0uD(fcase =no)
[745] string-match:smtp-EXE-message-body:c1vKVAl2Sl21VcM3KcMLagJP(fcase =no)
[746] string-match:smtp-EXE-message-body:900qYQe28lGlskBYp7cyx1Of(fcase =no)
[747] string-match:smtp-ZIP-message-body:ZMYWCWMAAAlj(fcase =no)
[748] string-match:smtp-ZIP-message-body:ntcUAG4AAABu(fcase =no)
[749] string-match:imap-EXE-message-body:lIjBGsYH3gv74KycWR+1B43B(fcase =no)
[750] string-match:imap-EXE-message-body:BtQzijO0TqdHbOVIdfImr0uD(fcase =no)
[751] string-match:imap-EXE-message-body:c1vKVAl2Sl21VcM3KcMLagJP(fcase =no)
[752] string-match:imap-EXE-message-body:900qYQe28lGlskBYp7cyx1Of(fcase =no)
[753] string-match:imap-ZIP-message-body:ZMYWCWMAAAlj(fcase =no)
[754] string-match:imap-ZIP-message-body:ntcUAG4AAABu(fcase =no)
[755] string-match:pop3-EXE-message-body:lIjBGsYH3gv74KycWR+1B43B(fcase =no)
[756] string-match:pop3-EXE-message-body:BtQzijO0TqdHbOVIdfImr0uD(fcase =no)
[757] string-match:pop3-EXE-message-body:c1vKVAl2Sl21VcM3KcMLagJP(fcase =no)
[758] string-match:pop3-EXE-message-body:900qYQe28lGlskBYp7cyx1Of(fcase =no)
[759] string-match:pop3-ZIP-message-body:ZMYWCWMAAAlj(fcase =no)
[760] string-match:pop3-ZIP-message-body:ntcUAG4AAABu(fcase =no)
[761] string-match:pktsearch-rsp-text:\x0071100(fcase =no)
[762] string-match:pktsearch-req-text:\x00PASSWORD\x00(fcase =no)
[763] unsigned-gt:netbios-ss-smb-param-transaction2-parametercount:0xffffffff:1024:no
[764] numerical-eq:netbios-ss-smb-param-transaction2-subcommand:0xffffffff:0:no
[765] string-match:netbios-ss-smb-transaction2-buffer:\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01(fcase =no)
[766] string-match:tds-mssql-client-query-payload:s\x00p\x00_\x00M\x00S\x00c\x00o\x00p\x00y\x00s\x00c\x00r\x00i\x00p\x00t\x00(fcase =yes)
[767] string-match:netbios-ss-tds-client-query-payload:s\x00p\x00_\x00M\x00S\x00c\x00o\x00p\x00y\x00s\x00c\x00r\x00i\x00p\x00t\x00(fcase =yes)
[768] string-match:http-req-uri-path:(/|\\)config(/|\\)(fcase =yes)
[769] string-match:http-req-uri-path:(/|\\)cnf_gi\.htm(fcase =yes)
[770] numerical-eq:telnet-iac-cmd-counter:0xffffffff:2000:no
[771] string-match:telnet-client-data-text:(\xFE\x24\xB9){12}(fcase =no)
[772] string-match:pktsearch-req-text:Inferno Industries Uploader 1\.0(fcase =no)
[773] string-match:pktsearch-rsp-text:WINDIR(fcase =no)
[774] string-match:pktsearch-rsp-text:Inferno Industries Uploader 1\.0(fcase =no)
[775] string-match:pktsearch-req-text:WINDIR(fcase =no)
[776] string-match:smtp-mail-cmd-param:\xeb\x6e\x5e\x29\xc0\x89\x46\x10\x40\x89\xc3\x89\x46\x0c\x40\x89\x46\x08\x8d\x4e\x08\xb0\x66\xcd\x80\x43\xc6\x46\x10\x10\x88\x46(fcase =no)
[777] string-match:pktsearch-req-text:^PING\x00\x09\x00(fcase =no)
[778] string-match:pktsearch-rsp-text:^SERVER_SETUP\x00\x09\x00VERSION(fcase =no)
[779] string-match:pktsearch-req-text:^MANAGER_(fcase =no)
[780] string-match:pktsearch-rsp-text:^MANAGER_(fcase =no)
[781] string-match:http-req-uri-path:org\.apache\.catalina\.servlets\.DefaultServlet/(fcase =no)
[782] string-match:smtp-helo-cmd-param:\x90\x90\x90\xEB\x45\xEB\x20\x5B\xFC\x33\xC9(fcase =no)
[783] string-match:http-req-uri-path:auctionweaver\.pl(fcase =yes)
[784] string-match:http-req-query-param-name:fromfile(fcase =yes)
[785] string-match:http-req-query-param-value:^%7(c|C)(fcase =no)
[786] string-match:kerberos-padata-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[787] string-match:kerberos-cname-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[788] string-match:kerberos-sname-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[789] string-match:kerberos-addresses-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[790] string-match:kerberos-encdata-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[791] string-match:kerberos-tickets-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[792] string-match:pktsearch-req-text:User-Agent: BearShare(fcase =no)
[793] string-match:http-get-req-user-agent-header:BearShare(fcase =no)
[794] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1099:no
[795] string-match:pktsearch-rsp-text:^\x1B\x5B\x32\x4A\x1B\x5B\x34\x30\x6d\x1B\x5B...HVL RAT Trojan  (fcase =no)
[796] numerical-eq:rpc-call-prognum:0xffffffff:100008:no
[797] string-match:rpc-call-data:%(n|hn)(fcase =no)
[798] string-match:rpc-call-data:%$(\x30#F8|\x38#FE)(n|hn)(fcase =no)
[799] string-match:rpc-call-data:%$(\x30#F8|\x38#FE)(\x30#F8|\x38#FE)(n|hn)(fcase =no)
[800] string-match:http-req-uri-path:\.bat?|(fcase =yes)
[801] string-match:http-req-uri-path:\.cmd?|(fcase =yes)
[802] string-match:http-req-uri-path:\.bat$(fcase =yes)
[803] string-match:http-req-uri-path:\.cmd$(fcase =yes)
[804] string-match:http-req-uri-query-params:\.\.\\(fcase =no)
[805] string-match:http-req-uri-path:^(/|\\)?dmsoc4j(/|\\)AggreSpy(fcase =yes)
[806] string-match:http-req-uri-path:^(/|\\)?j2ee(/|\\)servlet(/|\\)Spy(fcase =yes)
[807] string-match:http-req-uri-path:^(/|\\)?oc4j-service(fcase =yes)
[808] string-match:http-req-uri-path:^(/|\\)?server-status(fcase =yes)
[809] numerical-eq:http-dst-port:0xffffffff:7778:no
[810] string-match:http-req-uri-path:^(/|\\)?dms0(fcase =yes)
[811] string-match:http-req-uri-path:^(/|\\)?oprocmgr-service(fcase =yes)
[812] string-match:http-req-uri-path:^(/|\\)?oprocmgr-status(fcase =yes)
[813] string-match:http-req-uri-path:^(/|\\)?dms(/|\\)DMSDump(fcase =yes)
[814] string-match:http-req-uri-path:^(/|\\)?servlet(/|\\)DMSDump(fcase =yes)
[815] string-match:http-req-uri-path:^(/|\\)?servlet(/|\\)Spy(fcase =yes)
[816] string-match:http-req-uri-path:^(/|\\)?soap(/|\\)servlet(/|\\)Spy(fcase =yes)
[817] string-match:http-req-uri-path:^(/|\\)?dms(/|\\)AggreSpy(fcase =yes)
[818] numerical-eq:icmp-echo-reply-id:0xffffffff:668:no
[819] string-match:icmp-echo-reply-payload:\x67\x65\x73\x75\x6E\x64\x68\x65\x69\x74\x21(fcase =no)
[820] string-match:pktsearch-rsp-text:^Remote Hack 1\.. Server(fcase =no)
[821] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1480:no
[822] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:51985:no
[823] string-match:pktsearch-rsp-text:^TaskBar(fcase =no)
[824] string-match:pktsearch-rsp-text:^FTP Server Started(fcase =no)
[825] numerical-eq:netbios-ss-dcerpc-req-WINREG-request-op-num:0xffffffff:15:no
[826] string-match:netbios-ss-dcerpc-req-WINREG-request-payload:\x00S\x00E\x00C\x00U\x00R\x00I\x00T\x00Y\x00(fcase =no)
[827] string-match:netbios-ss-dcerpc-req-WINREG-request-payload:\x00P\x00o\x00l\x00i\x00c\x00y\x00(fcase =no)
[828] string-match:netbios-ss-dcerpc-req-WINREG-request-payload:\x00S\x00e\x00c\x00r\x00e\x00t\x00s(fcase =no)
[829] string-match:http-req-uri-path:shop\.pl(fcase =yes)
[830] string-match:http-req-uri-path:/page=(;|\||<|>)(fcase =yes)
[831] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3700:no
[832] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9872:no
[833] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9873:no
[834] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9874:no
[835] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9875:no
[836] numerical-eq:pktsearch-udp-dst-port:0xffffffff:10067:no
[837] numerical-eq:pktsearch-udp-dst-port:0xffffffff:10167:no
[838] string-match:pktsearch-req-text:^pod(fcase =no)
[839] string-match:pktsearch-rsp-text:KeepAlive(fcase =no)
[840] numerical-eq:rpc-call-version:0xffffffff:4:no
[841] numerical-eq:rpc-call-prognum:0xffffffff:100068:no
[842] numerical-eq:rpc-call-procedure:0xffffffff:6:no
[843] string-match:rpc-call-data:\x2d\x0b\xdd\x1b\xac\x15\xa1\x70\x2f\x0b\xda\x5c(fcase =no)
[844] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xe4\x00\x00\x00\x04\x00\x00\x00\x06(fcase =no)
[845] string-match:pktsearch-req-text:\x2d\x0b\xdd\x1b\xac\x15\xa1\x70\x2f\x0b\xda\x5c(fcase =no)
[846] unsigned-gt:ftp-stat-cmd-param-length:0xffffffff:200:no
[847] string-match:ftp-stat-cmd-param:?*(fcase =no)
[848] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00m\x00e\x00r\x00g\x00e\x00l\x00i\x00n\x00e\x00a\x00g\x00e\x00s\x00(fcase =yes)
[849] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00m\x00e\x00r\x00g\x00e\x00l\x00i\x00n\x00e\x00a\x00g\x00e\x00s\x00(fcase =yes)
[850] string-match:ftp-pass-cmd-param:\x90\x90\x31\xc0\x31\xdb\x31\xc9(fcase =no)
[851] string-match:ftp-pass-cmd-param:\x90\x90\x31\xc0\x50\x50\x50\xb0(fcase =no)
[852] numerical-eq:pktsearch-rsp-1st-4b:0xffffffff:0x302e3930:no
[853] numerical-eq:pktsearch-rsp-1st-4b:0xffffffff:0x302e3931:no
[854] numerical-eq:pktsearch-req-1st-4b:0xFF000000:0x2f000000:no
[855] string-match:ftp-site-cmd-param: msg (fcase =yes)
[856] string-match:ftp-site-cmd-param: send (fcase =yes)
[857] string-match:ftp-cmd-param:[0-9][cCiuxXo]%(fcase =no)
[858] string-match:ftp-cmd-param:[%$](n|h|hn)%(fcase =no)
[859] string-match:ftp-cmd-param:%0.x(fcase =no)
[860] string-match:http-webdav-propfind-req-message-body:<a:propfind xmlns:a="DAV:" xmlns:u=":::::::::::::::::::(fcase =no)
[861] string-match:pktsearch-req-text:\xB0.\xCD\x80(fcase =no)
[862] string-match:pktsearch-req-text:\x40\xCD\x80(fcase =no)
[863] string-match:pktsearch-req-text:\xc0\x01\xcd\x80(fcase =no)
[864] string-match:pktsearch-req-text:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[865] string-match:pktsearch-req-text:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[866] string-match:pktsearch-req-text:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[867] string-match:pktsearch-req-text:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[868] string-match:pktsearch-req-text:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[869] string-match:pktsearch-req-text:\xc0\x01\xcd\x25(fcase =no)
[870] string-match:pktsearch-req-text:\xb8\x2f\x62\x69\x6e(fcase =no)
[871] string-match:pktsearch-req-text:\x80\x30.\x40\xe2\xfa(fcase =no)
[872] string-match:pktsearch-req-text:\xac\x34.\xaa\xe2\xfa(fcase =no)
[873] string-match:pktsearch-req-text:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[874] string-match:pktsearch-req-text:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[875] string-match:pktsearch-req-text:h....X5....H..PP..PPa(fcase =no)
[876] string-match:pktsearch-req-text:PQX-....-....-....PQX(fcase =no)
[877] string-match:pktsearch-req-text:PQX-....-....PQX(fcase =no)
[878] unsigned-gt:ident-rsp-text-len:0xffffffff:512:no
[879] unsigned-gt:ident-rsp-type:0xffffffff:1:no
[880] numerical-eq:netbios-ss-dcerpc-msmq1-path-length:0xffffffff:256:no
[881] numerical-eq:dcerpc-msmq1-path-length:0xffffffff:256:no
[882] unsigned-in-range:dcerpc-MSMQ1-request-op-num:0xffffffff:7:11::no
[883] unsigned-gt:dcerpc-req-MSMQ1-request-frag-length:0xffffffff:2048:no
[884] string-match:pktsearch-rsp-text:^:Server (fcase =no)
[885] numerical-eq:rpc-call-procedure:0xffffffff:2:no
[886] string-match:rpc-call-data:\xeb\x4b\x5e\x89\x76\xac\x83\xee\x20\x8d\x5e\x28\x83\xc6\x20\x89\x5e\xb0\x83\xee\x20\x8d\x5e\x2e\x83\xc6\x20\x83\xc3\x20\x83\xeb(fcase =no)
[887] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xb8\x00\x00\x00\x01\x00\x00\x00\x02(fcase =no)
[888] string-match:pktsearch-req-text:\xeb\x4b\x5e\x89\x76\xac\x83\xee\x20\x8d\x5e\x28\x83\xc6\x20\x89\x5e\xb0\x83\xee\x20\x8d\x5e\x2e\x83\xc6\x20\x83\xc3\x20\x83\xeb(fcase =no)
[889] string-match:rpc-call-data:\xeb\x7c\x59\x89\x41\x10\x89\x41\x08\xfe\xc0\x89\x41\x04\x89\xc3\xfe\xc0\x89\x01\xb0\x66\xcd\x80(fcase =no)
[890] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xb8\x00\x00\x00\x01\x00\x00\x00\x01(fcase =no)
[891] string-match:pktsearch-req-text:\xeb\x7c\x59\x89\x41\x10\x89\x41\x08\xfe\xc0\x89\x41\x04\x89\xc3\xfe\xc0\x89\x01\xb0\x66\xcd\x80(fcase =no)
[892] string-match:rpc-call-data:%.(fcase =no)
[893] unsigned-gt:rpc-call-data-len:0xffffffff:512:no
[894] string-match:http-req-uri-path:(\\|/)explorer\.php$(fcase =yes)
[895] string-match:http-req-uri-query-param-name:folder(fcase =yes)
[896] string-match:http-req-uri-query-param-value:\.\.(/|\\)(fcase =no)
[897] numerical-eq:pktsearch-udp-src-port:0xffffffff:19:no
[898] numerical-eq:pktsearch-udp-dst-port:0xffffffff:7:no
[899] numerical-eq:pktsearch-udp-src-port:0xffffffff:7:no
[900] numerical-eq:pktsearch-udp-dst-port:0xffffffff:19:no
[901] unsigned-gt:imap-uid-cmd-param-length:0xffffffff:1024:no
[902] string-match:smtp-helo-cmd-param:\xeb\x53\xeb\x20\x5b\xfc\x33\xc9(fcase =no)
[903] numerical-eq:kerberos-error-code:0xffffffff:constructed-bitstr:no
[904] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3791:no
[905] string-match:pktsearch-rsp-text:^220  EclYpse \'s FTP Server is happy to see u  \; (fcase =no)
[906] string-match:ftp-pass-cmd-param:-satan(fcase =no)
[907] string-match:http-req-uri-path:^(\\|/)%% (fcase =no)
[908] unsigned-gt:snmp-req-id-msg-qllength:0xffffffff:4:no
[909] unsigned-gt:snmp-req-id-length-of-length:0xffffffff:2:no
[910] numerical-eq:snmp-msg-type:0xffffffff:7:no
[911] numerical-eq:icmp-address-mask-request-code:0xffffffff:0:no
[912] string-match:http-req-uri-path:forumdisplay\.php(fcase =yes)
[913] string-match:http-req-uri-query-params:GLOBALS\[\]\=1(fcase =no)
[914] string-match:http-req-uri-query-param-name:comma(fcase =yes)
[915] string-match:http-req-uri-query-param-value:\.system\((fcase =yes)
[916] string-match:pktsearch-req-text:^Execute(fcase =no)
[917] string-match:pktsearch-rsp-text:^Exploring - (fcase =no)
[918] unsigned-gt:dcerpc-dcom-machine-name-length:0xffffffff:39:no
[919] unsigned-gt:netbios-ss-dcerpc-dcom-machine-name-length:0xffffffff:39:no
[920] numerical-eq:dcerpc-REMACT-request-op-num:0xffffffff:0x0:no
[921] numerical-eq:dcerpc-REMACT-request-packet-flags:0x3:2:no
[922] unsigned-gt:dcerpc-req-REMACT-request-frag-length:0xffffffff:1500:no
[923] numerical-eq:netbios-ss-dcerpc-req-REMACT-op-num:0xffffffff:0x0:no
[924] numerical-eq:netbios-ss-dcerpc-req-REMACT-packet-flags:0x3:2:no
[925] unsigned-gt:netbios-ss-dcerpc-req-REMACT-frag-length:0xffffffff:1500:no
[926] string-match:pktsearch-req-text:^drive_[abcd](fcase =no)
[927] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x6c697374:no
[928] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x68696465:no
[929] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x73686f77:no
[930] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x696e666f:no
[931] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x70726f73:no
[932] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1999:no
[933] string-match:pktsearch-rsp-text:^Host version 2\.(fcase =no)
[934] string-match:pktsearch-req-text:^list(fcase =no)
[935] string-match:pktsearch-rsp-text:^drive_[abcd]:(fcase =no)
[936] numerical-eq:rpc-call-prognum:0xffffffff:100083:no
[937] string-match:rpc-call-data:\x59\x12\x89\xb7\x39\x20\x06\x0f\x20\x12\x1f\x0f\x59\x12\x91\x0b\x38\x06(fcase =no)
[938] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xf3\x00\x00\x00\x01\x00\x00\x00\x07(fcase =no)
[939] string-match:pktsearch-req-text:\x59\x12\x89\xb7\x39\x20\x06\x0f\x20\x12\x1f\x0f\x59\x12\x91\x0b\x38\x06(fcase =no)
[940] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00p\x00e\x00e\x00k\x00q\x00u\x00e\x00u\x00e(fcase =yes)
[941] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00p\x00e\x00e\x00k\x00q\x00u\x00e\x00u\x00e(fcase =yes)
[942] string-match:snmp-get-next-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x4d\x01\x02\x1c\x00(fcase =no)
[943] string-match:snmp-get-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x4d\x01\x02\x1c\x00(fcase =no)
[944] unsigned-gt:telnet-server-linemode-sb-param-length:0xffffffff:256:no
[945] unsigned-gt:imap-login-cmd-param-length:0xffffffff:1000:no
[946] string-match:imap-login-cmd-param:\x90\x90\x90\xeb\x3b\x5e\x89\x76\x08\x31\xed\x31\xc9\x31\xc0\x88(fcase =no)
[947] string-match:http-req-uri-path:webadmin\.ntf(fcase =yes)
[948] numerical-eq:pptp-invalid-msg:0xffffffff:2:no
[949] numerical-eq:pptp-invalid-msg:0xffffffff:3:no
[950] string-match:lpr-receive-control-file-content:\nLroot\nProot(fcase =no)
[951] string-match:lpr-receive-data-file-content:"%n"\nsh X(fcase =no)
[952] string-match:http-req-uri-path:query\.dll(fcase =yes)
[953] unsigned-gt:http-req-uri-query-params-length:0xffffffff:256:no
[954] string-match:pktsearch-rsp-text:^220- Welcome To EvilFTP(fcase =no)
[955] string-match:ftp-before-rsp-code-rsp-text:^220- Welcome To EvilFTP(fcase =no)
[956] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:23456:no
[957] string-match:http-req-uri-path:windmail\.exe(fcase =yes)
[958] string-match:http-req-uri-query-params: -n (fcase =no)
[959] string-match:http-req-uri-path:/rwcgi60(fcase =no)
[960] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:23005:no
[961] string-match:pktsearch-rsp-text:FE20(fcase =no)
[962] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:2001:no
[963] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:2002:no
[964] string-match:pktsearch-req-text:^emessage from duddie(fcase =no)
[965] string-match:pktsearch-req-text:^sinvisible(fcase =no)
[966] string-match:pktsearch-req-text:^invisible(fcase =no)
[967] string-match:pktsearch-req-text:progid;(fcase =no)
[968] string-match:pktsearch-req-text:invisible;(fcase =no)
[969] string-match:pktsearch-rsp-text:id;(fcase =no)
[970] numerical-eq:smtp-command-name:0xffffffff:17:no
[971] string-match:finger-client-data-text:%hn%(fcase =no)
[972] string-match:finger-client-data-text:\x5b\xb8\x0b\x6e\x4e\x0b(fcase =no)
[973] string-match:finger-server-data-text:\nmM\n(fcase =no)
[974] string-match:finger-client-data-text:\x25\x2e\x66(fcase =no)
[975] string-match:http-req-uri-path:shtml\.dll(fcase =yes)
[976] string-match:http-req-host-header: ///(fcase =no)
[977] unsigned-gt:http-req-host-header-length:0xffffffff:32000:no
[978] string-match:rdp-req-dt-pdu-text:^\x7f\x65(fcase =no)
[979] string-match:rdp-req-dt-pdu-text:\x30\x19\x02\x01\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfa(fcase =no)
[980] string-match:pktsearch-req-text:^\x2A\x63\x3A(fcase =no)
[981] string-match:pktsearch-req-text:^\x2A\x6d\x3A(fcase =no)
[982] string-match:pktsearch-rsp-text:^\x63\x3a\x5c\x0a\x0d(fcase =no)
[983] string-match:tds-mssql-client-query-payload:r\x00e\x00p\x00l\x00i\x00c\x00a\x00t\x00e\x00(fcase =yes)
[984] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00A\x00D\x00D\x00E\x00X\x00T\x00E\x00N\x00D\x00E\x00D\x00P\x00R\x00O\x00C\x00(fcase =yes)
[985] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00I\x00N\x00D\x00E\x00X\x00F\x00R\x00A\x00G\x00(fcase =yes)
[986] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00U\x00P\x00D\x00A\x00T\x00E\x00U\x00S\x00A\x00G\x00E\x00(fcase =yes)
[987] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00C\x00H\x00E\x00C\x00K\x00C\x00O\x00N\x00S\x00T\x00R\x00A\x00I\x00N\x00T\x00S\x00(fcase =yes)
[988] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00S\x00H\x00O\x00W\x00C\x00O\x00N\x00T\x00I\x00G\x00(fcase =yes)
[989] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00C\x00L\x00E\x00A\x00N\x00T\x00A\x00B\x00L\x00E\x00(fcase =yes)
[990] string-match:tds-mssql-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00(fcase =yes)
[991] string-match:netbios-ss-tds-client-query-payload:r\x00e\x00p\x00l\x00i\x00c\x00a\x00t\x00e\x00(fcase =yes)
[992] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00A\x00D\x00D\x00E\x00X\x00T\x00E\x00N\x00D\x00E\x00D\x00P\x00R\x00O\x00C\x00(fcase =yes)
[993] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00I\x00N\x00D\x00E\x00X\x00F\x00R\x00A\x00G\x00(fcase =yes)
[994] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00U\x00P\x00D\x00A\x00T\x00E\x00U\x00S\x00A\x00G\x00E\x00(fcase =yes)
[995] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00C\x00H\x00E\x00C\x00K\x00C\x00O\x00N\x00S\x00T\x00R\x00A\x00I\x00N\x00T\x00S\x00(fcase =yes)
[996] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00S\x00H\x00O\x00W\x00C\x00O\x00N\x00T\x00I\x00G\x00(fcase =yes)
[997] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00C\x00L\x00E\x00A\x00N\x00T\x00A\x00B\x00L\x00E\x00(fcase =yes)
[998] string-match:netbios-ss-tds-client-query-payload:D\x00B\x00C\x00C\x00\x20\x00(fcase =yes)
[999] string-match:http-req-uri-path:(\\|/)cgiproc?(\$|!)(fcase =no)
[1000] unsigned-gt:snmp-integer-msg-qllength:0xffffffff:4:no
[1001] string-match:pop3-invalid-cmd-text:/bin/sh(fcase =no)
[1002] string-match:pop3-invalid-cmd-text:\xeb\x33\x5e\x89\x76\x08\x31\xc0(fcase =no)
[1003] unsigned-gt:http-req-uri-path-length:0xffffffff:1024:no
[1004] string-match:http-req-uri-path:\.(rtf|doc|dot)(%0A|%00)(fcase =yes)
[1005] string-match:smtp-ZIP-message-body:lvhZy9uT9QqQEQ01Au+QqPY8(fcase =no)
[1006] string-match:smtp-ZIP-message-body:hYn2N0th7VPrYNcaNVfJKp5l(fcase =no)
[1007] string-match:smtp-ZIP-message-body:+FnL25P1CpARDTUC75Co9jyF(fcase =no)
[1008] string-match:smtp-ZIP-message-body:ifY3S2HtU+tg1xo1V8kqnmU9(fcase =no)
[1009] string-match:smtp-ZIP-message-body:Wcvbk/UKkBENNQLvkKj2PIWJ(fcase =no)
[1010] string-match:smtp-ZIP-message-body:9jdLYe1T62DXGjVXySqeZT0m(fcase =no)
[1011] string-match:pop3-ZIP-message-body:lvhZy9uT9QqQEQ01Au+QqPY8(fcase =no)
[1012] string-match:pop3-ZIP-message-body:hYn2N0th7VPrYNcaNVfJKp5l(fcase =no)
[1013] string-match:pop3-ZIP-message-body:+FnL25P1CpARDTUC75Co9jyF(fcase =no)
[1014] string-match:pop3-ZIP-message-body:ifY3S2HtU+tg1xo1V8kqnmU9(fcase =no)
[1015] string-match:pop3-ZIP-message-body:Wcvbk/UKkBENNQLvkKj2PIWJ(fcase =no)
[1016] string-match:pop3-ZIP-message-body:9jdLYe1T62DXGjVXySqeZT0m(fcase =no)
[1017] string-match:imap-ZIP-message-body:lvhZy9uT9QqQEQ01Au+QqPY8(fcase =no)
[1018] string-match:imap-ZIP-message-body:hYn2N0th7VPrYNcaNVfJKp5l(fcase =no)
[1019] string-match:imap-ZIP-message-body:+FnL25P1CpARDTUC75Co9jyF(fcase =no)
[1020] string-match:imap-ZIP-message-body:ifY3S2HtU+tg1xo1V8kqnmU9(fcase =no)
[1021] string-match:imap-ZIP-message-body:Wcvbk/UKkBENNQLvkKj2PIWJ(fcase =no)
[1022] string-match:imap-ZIP-message-body:9jdLYe1T62DXGjVXySqeZT0m(fcase =no)
[1023] string-match:pktsearch-req-text:^\x85\x13\x3c\x9e\xa2(fcase =no)
[1024] string-match:pktsearch-req-text:^\x04\x01\x30\x30\xff\xff\xff\xff(fcase =no)
[1025] string-match:pktsearch-rsp-text:^\x04\x5b\x30\x30\xff\xff\xff\xff(fcase =no)
[1026] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3127:no
[1027] string-match:pktsearch-req-text:^\x85\x13\x3c\x9e\xa2\x4d\x5a\x90\x00\x03(fcase =no)
[1028] string-match:pktsearch-req-text:\x91\x35\x40\xB2\x48\xC9\x57\xF5(fcase =no)
[1029] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3128:no
[1030] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1080:no
[1031] string-match:http-req-uri-query-param-value:|&(fcase =no)
[1032] string-match:http-req-uri-query-param-value:| (fcase =no)
[1033] string-match:http-req-uri-query-param-value:;id|(fcase =yes)
[1034] string-match:http-req-uri-query-param-value:/(etc|bin|sbin|usr)/(fcase =yes)
[1035] string-match:http-req-uri-path:FileSeek\.cgi(fcase =yes)
[1036] string-match:http-req-uri-query-param-value:\.\.\.\.//(fcase =yes)
[1037] string-match:http-req-uri-query-param-value:\.\.\.\.\\\\(fcase =yes)
[1038] string-match:http-req-uri-query-param-name:head(fcase =yes)
[1039] numerical-eq:smtp-message-header-counter:0xffffffff:400:no
[1040] string-match:pktsearch-rsp-text:^WinCrash Server (fcase =no)
[1041] string-match:pktsearch-rsp-text:^This Program can not be opered by a Telnet Conection.Use WinCrash Client 1.03.(fcase =no)
[1042] string-match:tds-mssql-client-query-payload:\x00x\x00p\x00_\x00l\x00o\x00g\x00a\x00t\x00t\x00a\x00c\x00h\x00(fcase =yes)
[1043] string-match:netbios-ss-tds-client-query-payload:\x00x\x00p\x00_\x00l\x00o\x00g\x00a\x00t\x00t\x00a\x00c\x00h\x00(fcase =yes)
[1044] string-match:http-req-uri-path:/site/(fcase =yes)
[1045] string-match:http-req-uri-path:\\site\\(fcase =yes)
[1046] string-match:http-req-uri-path:(\\|/)source\.asp$(fcase =yes)
[1047] unsigned-gt:nntp-authinfo-client-request-param-length:0xffffffff:512:no
[1048] string-match:pktsearch-req-text:^fil(fcase =no)
[1049] string-match:pktsearch-req-text:^msg(fcase =no)
[1050] string-match:pktsearch-req-text:^hide(fcase =no)
[1051] string-match:pktsearch-req-text:^show(fcase =no)
[1052] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1245:no
[1053] string-match:http-req-uri-path:/htsearch(fcase =no)
[1054] string-match:http-req-query-param-value:^\x60/(fcase =no)
[1055] string-match:pktsearch-req-text:\x83\xC4\x10\x4F\x8D\x94\x24\xE4\xFE\xFF\xFF\x8B\xEC\x03\xAA\xF8\x00\x00\x00\x90\x90\x90\x90\x8B\x82\xF0\x00\x00\x00\x8B\x00\x89\x82\x4E(fcase =no)
[1056] string-match:pktsearch-req-text:\x90\x47\x40\x00(fcase =no)
[1057] numerical-eq:ssrs-src-port:0xffffffff:1434:no
[1058] string-match:http-req-uri-query-param-name:HELP(fcase =yes)
[1059] string-match:http-req-uri-path:(\\|/)GWWEB\.EXE$(fcase =yes)
[1060] numerical-eq:pktsearch-udp-dst-port:0xffffffff:27500:no
[1061] string-match:pktsearch-req-text:^\xFF\xFF\xFF\xFFrcon tms (fcase =no)
[1062] unsigned-gt:smtp-mail-cmd-param-length:0xffffffff:255:no
[1063] string-match:smtp-mail-cmd-param:ENVID=(fcase =no)
[1064] string-match:http-req-uri-path:/csvform\.pl(fcase =yes)
[1065] string-match:http-req-uri-query-param-name:file(fcase =yes)
[1066] string-match:http-req-uri-query-param-value:\x00|(fcase =yes)
[1067] unsigned-gt:portmapper-fraglen:0xffffffff:0x7f000000:no
[1068] numerical-eq:h225-error-code:0xffffffff:DestinationAddressH323IDLengthAnomaly:no
[1069] string-match:pktsearch-sygate-rae-rsp-text:SyGate (fcase =no)
[1070] string-match:pktsearch-sygate-rae-rsp-text:Welcome to engine remote controller!(fcase =no)
[1071] string-match:pktsearch-sygate-rae-rsp-text:Ready to accept command.(fcase =no)
[1072] string-match:http-req-uri-path:(/|\\)msadcs\.dll(/|\\)(fcase =yes)
[1073] string-match:http-req-uri-path:(/|\\)DataFactory\.Query(fcase =yes)
[1074] string-match:http-req-uri-path:(/|\\)AdvancedDataFactory\.Query(fcase =yes)
[1075] string-match:http-post-req-uri-path:(/|\\)msadcs\.dll(/|\\)(fcase =yes)
[1076] string-match:http-post-req-uri-path:(/|\\)AdvancedDataFactory\.Query(fcase =yes)
[1077] string-match:http-post-req-message-body:multipart/mixed; boundary=!ADM!ROX!YOUR!WORLD!; num-args=(fcase =yes)
[1078] string-match:http-req-uri-path:(/|\\)VbBusObj\.(fcase =yes)
[1079] string-match:http-req-uri-path:\.VbBusObjCls(fcase =yes)
[1080] string-match:http-req-uri-path:\.GetRecordset(fcase =yes)
[1081] string-match:http-req-uri-path:\.GetMachineName(fcase =yes)
[1082] unsigned-gt:socks-v4a-user-len:0xffffffff:127:no
[1083] unsigned-gt:socks-v4-user-len:0xffffffff:127:no
[1084] unsigned-gt:socks-v4a-user-len:0xffffffff:1020:no
[1085] unsigned-gt:socks-v4-user-len:0xffffffff:1020:no
[1086] string-match:pktsearch-req-text:^Connect(fcase =no)
[1087] string-match:pktsearch-rsp-text:^ Connected to The Revenger ver(fcase =no)
[1088] unsigned-gt:http-req-uri-path-length:0xffffffff:2048:no
[1089] string-match:pktsearch-req-text:^password;(fcase =no)
[1090] string-match:pktsearch-rsp-text:^password;(fcase =no)
[1091] string-match:pktsearch-rsp-text:^server is password protected(fcase =no)
[1092] string-match:pktsearch-rsp-text:^YES, connected \.\.\.(fcase =no)
[1093] string-match:pktsearch-rsp-text:^the tHing 1\.6 server(fcase =no)
[1094] string-match:rpc-call-data:\xfe\xc3\x89\xf1\xcd\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\x2a\x66\x89\x46(fcase =no)
[1095] string-match:pktsearch-req-text:\xfe\xc3\x89\xf1\xcd\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\x2a\x66\x89\x46(fcase =no)
[1096] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00c\x00r\x00e\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[1097] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00c\x00r\x00e\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[1098] unsigned-gt:telnet-iac-bad-cmd-counter:0xffffffff:4:no
[1099] string-match:pktsearch-req-text:^del: (fcase =no)
[1100] string-match:pktsearch-req-text:^run: (fcase =no)
[1101] unsigned-gt:http-get-req-uri-query-param-value-length:0xffffffff:255:no
[1102] string-match:http-get-req-uri-path:httpsave\.dll$(fcase =yes)
[1103] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:555:no
[1104] string-match:pktsearch-rsp-text:^201 User authorisation\.\.\.(fcase =no)
[1105] numerical-eq:rpc-call-prognum:0xffffffff:100235:no
[1106] numerical-eq:rpc-call-procedure:0xffffffff:5:no
[1107] string-match:rpc-call-data:\x82\x10\x20.\x91\xd0\x20\x08(fcase =no)
[1108] unsigned-gt:rpc-call-data-len:0xffffffff:14000:no
[1109] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x87\x8B\x00\x00\x00\x01\x00\x00\x00\x05(fcase =no)
[1110] string-match:pktsearch-req-text:\x82\x10\x20.\x91\xd0\x20\x08(fcase =no)
[1111] string-match:http-req-uri-path:(\\|/)sojourn.cgi$(fcase =no)
[1112] string-match:irc-req-mode-cmd-param:+owgscfxeb(fcase =yes)
[1113] unsigned-gt:rlogin-username-client-login-length:0xffffffff:128:no
[1114] unsigned-gt:rlogin-client-handshake-serveruser-text-length:0xffffffff:128:no
[1115] string-match:http-req-uri-path:/secure_img_render\.php(fcase =yes)
[1116] string-match:http-req-uri-query-param-value:(ftp|http)://(fcase =yes)
[1117] string-match:pktsearch-rsp-text:^220 Mandar/Receber Arquivos no PCI\.(fcase =no)
[1118] string-match:pktsearch-rsp-text:^- Arquivo (fcase =no)
[1119] string-match:smtp-name-message-header:\.doc(fcase =yes)
[1120] string-match:smtp-message-body:JyBzdHlsZT0nYmFja2dyb3Vu(fcase =no)
[1121] string-match:smtp-message-body:ZC1pbWFnZTp1cmwoamF2YXNj(fcase =no)
[1122] string-match:smtp-message-body:IHN0eWxlPSdiYWNrZ3JvdW5k(fcase =no)
[1123] string-match:smtp-message-body:LWltYWdlOnVybChqYXZhc2Ny(fcase =no)
[1124] string-match:smtp-message-body:c3R5bGU9J2JhY2tncm91bmQt(fcase =no)
[1125] string-match:smtp-message-body:aW1hZ2U6dXJsKGphdmFzY3J(fcase =no)
[1126] string-match:smtp-expn-cmd-param:root(fcase =no)
[1127] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1234:no
[1128] string-match:pktsearch-rsp-text:^password: (fcase =no)
[1129] numerical-eq:h225-error-code:0xffffffff:SourceAddressURLLengthAnomaly:no
[1130] string-match:http-req-uri-path:\.(asp|asa|cer|cdx)(\\|/)(fcase =yes)
[1131] string-match:http-req-uri-path:\.(idc|htx)(\\|/)(fcase =yes)
[1132] string-match:http-req-uri-path:\.(stm|shtm|shtml)(\\|/)(fcase =yes)
[1133] string-match:http-req-uri-path:\.(htr|ida|idq)(\\|/)(fcase =yes)
[1134] string-match:http-req-uri-path:\.pl(\\|/)(fcase =yes)
[1135] string-match:http-req-uri-path:\.py(\\|/)(fcase =yes)
[1136] string-match:http-req-uri-path:\.cgi(\\|/)(fcase =yes)
[1137] string-match:http-req-header:Translate:  f( |\r|\n)(fcase =yes)
[1138] string-match:http-req-header:Translate: f( |\r|\n)(fcase =yes)
[1139] string-match:http-req-header:Translate:f( |\r|\n)(fcase =yes)
[1140] string-match:http-req-header:   f( |\r|\n)(fcase =yes)
[1141] unsigned-gt:tns-req-sys-context-param-text-len:0xffffffff:128:no
[1142] string-match:http-req-uri-path:pfdispaly\.cgi(fcase =yes)
[1143] string-match:http-req-uri-query-params:'\n(fcase =yes)
[1144] numerical-eq:http-error-code:0xffffffff:INVALID_AUTH_ASN_0411:no
[1145] string-match:http-req-authorization-header:oAAAAAFuB5PD(fcase =no)
[1146] string-match:http-req-authorization-header:gAAAAAW4Hk8P(fcase =no)
[1147] string-match:http-req-authorization-header:6AAAAABbgeT(fcase =no)
[1148] string-match:mysql-req-change_user-payload:\x00A\x00(fcase =no)
[1149] string-match:mysql-req-change_user-payload:\x00B\x00(fcase =no)
[1150] string-match:mysql-req-change_user-payload:\x00C\x00(fcase =no)
[1151] string-match:pktsearch-req-text:^PW[DN] (fcase =no)
[1152] string-match:pktsearch-rsp-text:^psychward (fcase =no)
[1153] string-match:pktsearch-rsp-text:^son-of-pw 0\.1\x0d\x0a\x00(fcase =no)
[1154] string-match:http-post-req-uri-path:Sites(/|\\)(fcase =yes)
[1155] string-match:http-post-req-uri-path:Publishing(/|\\)(fcase =yes)
[1156] string-match:http-post-req-uri-path:Users(/|\\)(fcase =yes)
[1157] string-match:http-post-req-uri-path:\.\.(\\|/)(fcase =yes)
[1158] numerical-eq:smtp-error-code:0xffffffff:WORD_FONT_FORMAT_ERROR:no
[1159] string-match:http-req-uri-path:checklogin\.php(fcase =yes)
[1160] string-match:http-req-uri-query-param-name:cfgProgDir(fcase =yes)
[1161] string-match:http-req-uri-query-param-value:(http|ftp)://(fcase =yes)
[1162] string-match:rpc-call-data:\x03\x68\x41\x5e\x6d\x7f\x6f\xd6\x57\x56\x55\x53(fcase =no)
[1163] string-match:pktsearch-req-text:\x03\x68\x41\x5e\x6d\x7f\x6f\xd6\x57\x56\x55\x53(fcase =no)
[1164] string-match:rpc-call-data:\x02\x71\x46\x62\x76\x8e\x78\xe7\x5b\x5a\x59\x58(fcase =no)
[1165] string-match:pktsearch-req-text:\x02\x71\x46\x62\x76\x8e\x78\xe7\x5b\x5a\x59\x58(fcase =no)
[1166] unsigned-gt:http-req-uri-query-param-name-length:0xffffffff:240:no
[1167] string-match:http-get-req-uri-path:wconsole\.dll(fcase =yes)
[1168] string-match:http-req-uri-path:^(/)?xsql/lib/xsqlconfig\.xml(fcase =yes)
[1169] string-match:http-req-uri-path:soapdocs/webapps/soap/WEB-INF/config/soapConfig\.xml(fcase =yes)
[1170] numerical-eq:snmp-err-code:0xffffffff:invalid-version-length:no
[1171] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TERM(\x00|\x01)\x2f(fcase =yes)
[1172] unsigned-lt:http-req-uri-query-params-length:0xffffffff:2:no
[1173] string-match:http-before-request-method:GET ?(fcase =yes)
[1174] string-match:http-req-uri-path:(\\|/)qshop(fcase =yes)
[1175] string-match:http-req-uri-path:(\\|/)admin(fcase =yes)
[1176] string-match:http-req-uri-path:(\\|/)upload\.htm$(fcase =yes)
[1177] string-match:lpr-receive-control-file-content:f/etc/(passwd|shadow)\n(fcase =no)
[1178] string-match:finger-client-data-text:search\..(fcase =no)
[1179] string-match:finger-client-data-text:search**(fcase =no)
[1180] string-match:http-req-uri-path:(FtpSaveCSP|FtpSaveCVP|HttpSaveCSP|HttpSaveCVP|smtpscan|RegGo)\.dll(fcase =yes)
[1181] unsigned-gt:http-req-uri-query-params-length:0xffffffff:128:no
[1182] string-match:pktsearch-rsp-text:^GateCrasher v1\.., Server On-Line\.\.\.(fcase =no)
[1183] string-match:http-req-uri-path:context-test/admin/shell(fcase =no)
[1184] string-match:http-req-uri-path:context-test/errors/internal(fcase =no)
[1185] string-match:http-req-uri-path:context-test/examples/counter(fcase =no)
[1186] string-match:http-req-uri-path:context-test/examples/snoop(fcase =no)
[1187] numerical-eq:snmp-msg-head-err-code:0xffffffff:1:no
[1188] numerical-eq:snmp-version-err-code:0xffffffff:1:no
[1189] numerical-eq:snmp-community-string-err-code:0xffffffff:1:no
[1190] numerical-eq:snmp-pdu-head-err-code:0xffffffff:1:no
[1191] numerical-eq:snmp-varbindlist-err-code:0xffffffff:1:no
[1192] numerical-eq:snmp-varbind-err-code:0xffffffff:1:no
[1193] numerical-eq:snmp-varbind-object-id-err-code:0xffffffff:1:no
[1194] numerical-eq:snmp-varbind-value-err-code:0xffffffff:1:no
[1195] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:785:no
[1196] string-match:pktsearch-rsp-text:^PhuCk y0u\x0d\x0a(fcase =no)
[1197] unsigned-gt:finger-client-data-text-len:0xffffffff:255:no
[1198] string-match:pktsearch-req-text:^Pass?INFO(fcase =no)
[1199] string-match:pktsearch-rsp-text:^\x2A Doly trojan v1.6 - Connected(fcase =no)
[1200] string-match:pktsearch-rsp-text:^Not right password !(fcase =no)
[1201] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1015:no
[1202] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1016:no
[1203] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3456:no
[1204] string-match:pktsearch-rsp-text:^\x2A Doly trojan(fcase =no)
[1205] string-match:pktsearch-rsp-text:Wtzup User(fcase =no)
[1206] string-match:pktsearch-rsp-text: Your Connected to : (fcase =no)
[1207] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00s\x00e\x00t\x00s\x00q\x00l\x00s\x00e\x00c\x00u\x00r\x00i\x00t\x00y(fcase =yes)
[1208] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00s\x00e\x00t\x00s\x00q\x00l\x00s\x00e\x00c\x00u\x00r\x00i\x00t\x00y(fcase =yes)
[1209] unsigned-gt:snmp-community-string-msg-qllength:0xffffffff:64:no
[1210] string-match:telnet-username-client-login:^root$(fcase =no)
[1211] string-match:telnet-server-data-text:login incorrect(fcase =yes)
[1212] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:512:no
[1213] string-match:http-req-uri-path:\.nsf(fcase =yes)
[1214] string-match:http-req-uri-query-param-value:s_ViewName(fcase =yes)
[1215] string-match:http-req-uri-query-param-name:PresetFields(fcase =yes)
[1216] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:27160:no
[1217] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:25685:no
[1218] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:25686:no
[1219] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:25982:no
[1220] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:16057:no
[1221] string-match:pktsearch-rsp-text:^ver[1234]\.(fcase =no)
[1222] string-match:pktsearch-rsp-text:^verBETA(fcase =no)
[1223] string-match:ssl-PCT-client-challange:\x57\x53\x32\x5f\x33\x32\x2e\x44\x4c\x4c(fcase =no)
[1224] numerical-eq:dcerpc-request-version:0xffffffff:0:no
[1225] numerical-eq:dcerpc-request-packet-type:0xffffffff:0:no
[1226] numerical-eq:dcerpc-request-packet-flags:0xffffffff:0:no
[1227] numerical-eq:dcerpc-req-frag-length:0xffffffff:0:no
[1228] unsigned-gt:http-req-uri-query-params-length:0xffffffff:1024:no
[1229] string-match:http-req-uri-path:(\\|/)Count\.cgi$(fcase =no)
[1230] string-match:http-req-uri-query-params:display=image(fcase =no)
[1231] string-match:http-req-uri-query-params:\.gif(fcase =yes)
[1232] string-match:tns-req-connect-data-text:\(COMMAND=log_directory\)(fcase =yes)
[1233] string-match:tns-req-connect-data-text:\(COMMAND=trc_directory\)(fcase =yes)
[1234] string-match:tns-req-connect-data-text:\(COMMAND=trc_file\)(fcase =yes)
[1235] string-match:tns-req-connect-data-text:\(COMMAND=log_file\)(fcase =yes)
[1236] string-match:tns-req-connect-data-text:\(VALUE=(fcase =yes)
[1237] unsigned-gt:snmp-request-community-string-field-length:0xffffffff:128:no
[1238] unsigned-gt:snmp-get-varbind-value-field-length:0xffffffff:512:no
[1239] unsigned-gt:snmp-get-next-varbind-value-field-length:0xffffffff:512:no
[1240] unsigned-gt:snmp-set-varbind-value-field-length:0xffffffff:512:no
[1241] unsigned-gt:snmp-trap-varbind-value-field-length:0xffffffff:512:no
[1242] unsigned-gt:snmp-v2-bulk-varbind-value-field-length:0xffffffff:512:no
[1243] unsigned-gt:snmp-v2-trap-varbind-value-field-length:0xffffffff:512:no
[1244] unsigned-gt:snmp-v2-inform-varbind-value-field-length:0xffffffff:512:no
[1245] unsigned-gt:snmp-get-varbind-object-id-field-length:0xffffffff:32:no
[1246] unsigned-gt:snmp-get-next-varbind-object-id-field-length:0xffffffff:32:no
[1247] unsigned-gt:snmp-set-varbind-object-id-field-length:0xffffffff:32:no
[1248] unsigned-gt:snmp-trap-varbind-object-id-field-length:0xffffffff:32:no
[1249] unsigned-gt:snmp-v2-bulk-varbind-object-id-field-length:0xffffffff:32:no
[1250] unsigned-gt:snmp-v2-trap-varbind-object-id-field-length:0xffffffff:32:no
[1251] unsigned-gt:snmp-v2-inform-varbind-object-id-field-length:0xffffffff:32:no
[1252] unsigned-gt:snmp-get-varbind-object-id-field-length:0xffffffff:128:no
[1253] unsigned-gt:snmp-get-next-varbind-object-id-field-length:0xffffffff:128:no
[1254] unsigned-gt:snmp-set-varbind-object-id-field-length:0xffffffff:128:no
[1255] unsigned-gt:snmp-trap-varbind-object-id-field-length:0xffffffff:128:no
[1256] unsigned-gt:snmp-v2-bulk-varbind-object-id-field-length:0xffffffff:128:no
[1257] unsigned-gt:snmp-v2-trap-varbind-object-id-field-length:0xffffffff:128:no
[1258] unsigned-gt:snmp-v2-inform-varbind-object-id-field-length:0xffffffff:128:no
[1259] unsigned-gt:snmp-trap-enterprise-object-id-field-length:0xffffffff:32:no
[1260] unsigned-gt:snmp-trap-enterprise-object-id-field-length:0xffffffff:128:no
[1261] numerical-eq:dns-request-question-type:0xffffffff:0xc00c:no
[1262] numerical-eq:dns-request-question-class:0xffffffff:0xc00c:no
[1263] string-match:dns-request-qname:thisleetostringwillcrashyourlittlenameserver(fcase =no)
[1264] string-match:smtp-ZIP-message-body:kmRXU0Gk6SIAzBSdEHsAWxeD(fcase =no)
[1265] string-match:smtp-ZIP-message-body:TJp0YyUYho06dJV1tVLuALjY(fcase =no)
[1266] string-match:finger-client-data-text:/W(fcase =no)
[1267] string-match:finger-server-data-text:Login name: /W(fcase =no)
[1268] unsigned-gt:finger-slash-counter:0xffffffff:1:no
[1269] string-match:finger-client-data-text:\|(fcase =no)
[1270] string-match:http-post-req-uri-path:BOHTTPD\.cgi(fcase =yes)
[1271] numerical-eq:http-rsp-server-type:0xffffffff:1:no
[1272] numerical-eq:http-rsp-server-type:0xffffffff:3:no
[1273] string-match:http-req-uri-path:(\\|/)ows-bin(\\|/)(fcase =yes)
[1274] string-match:http-req-uri-query-params:^&(fcase =no)
[1275] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:61466:no
[1276] string-match:pktsearch-rsp-text:^* TeLeCoMMaNDo SeRVeR * Version(fcase =no)
[1277] string-match:http-req-uri-path:fileexists\.cfm(fcase =yes)
[1278] string-match:pktsearch-req-text:^\x0b\x00\x00\x00\x07\x00\x00\x00\x43\x6f\x6e\x6e\x65\x63\x74(fcase =no)
[1279] string-match:pktsearch-rsp-text:^.\x00\x00\x00\x06\x00\x00\x00\x44\x72\x69\x76\x65\x73.\x00\x00\x00(fcase =no)
[1280] string-match:ftp-cmd-param:\.\.(/|\\)(fcase =no)
[1281] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00e\x00x\x00e\x00c\x00r\x00e\x00s\x00u\x00l\x00t\x00s\x00e\x00t\x00(fcase =yes)
[1282] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00e\x00x\x00e\x00c\x00r\x00e\x00s\x00u\x00l\x00t\x00s\x00e\x00t\x00(fcase =yes)
[1283] string-match:http-req-uri-path:(\\|/)win-c-sample\.exe(fcase =yes)
[1284] string-match:http-req-uri-query-params:+-+-+-+-+-+h(fcase =yes)
[1285] string-match:smtp-SCR-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1286] string-match:smtp-SCR-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1287] string-match:smtp-COM-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1288] string-match:smtp-COM-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1289] string-match:smtp-EXE-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1290] string-match:smtp-EXE-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1291] string-match:smtp-CPL-message-body:VG9DXmNk+e0vdyYncdqrZNwz(fcase =no)
[1292] string-match:smtp-CPL-message-body:Ze1XZOXjhN5k0HFaS0EsDl91(fcase =no)
[1293] string-match:pop3-SCR-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1294] string-match:pop3-SCR-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1295] string-match:pop3-COM-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1296] string-match:pop3-COM-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1297] string-match:pop3-EXE-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1298] string-match:pop3-EXE-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1299] string-match:pop3-CPL-message-body:VG9DXmNk+e0vdyYncdqrZNwz(fcase =no)
[1300] string-match:pop3-CPL-message-body:Ze1XZOXjhN5k0HFaS0EsDl91(fcase =no)
[1301] string-match:imap-SCR-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1302] string-match:imap-SCR-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1303] string-match:imap-COM-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1304] string-match:imap-COM-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1305] string-match:imap-EXE-message-body:pMnToTsKM+7AJtMd811lEdhP(fcase =no)
[1306] string-match:imap-EXE-message-body:cCPA2d0j/qTjwPZDHO/yEAmp(fcase =no)
[1307] string-match:imap-CPL-message-body:VG9DXmNk+e0vdyYncdqrZNwz(fcase =no)
[1308] string-match:imap-CPL-message-body:Ze1XZOXjhN5k0HFaS0EsDl91(fcase =no)
[1309] string-match:dns-rdata-NXT-typebitmap:(\xeb\x2c\xe8\xa7\xff\xff\xff\x2e\x00|\x3b\x91\xd0\x20\x00\x81\xc3\xe0\x08|\x30\x8d\x46\x30\x50\x8d\x46\x28\x50\x52\x50|\x8d\x46\x28\x50\x52\xb8\x3b\x00\x00\x00\xcd\x80)(fcase =no)
[1310] unsigned-gt:dns-response-additional-rdata-NXT-typebitmap-len:0xffffffff:1250:no
[1311] string-match:smtp-message-body:\x3chtml\x3e(fcase =yes)
[1312] string-match:smtp-message-body:\x3cscript(fcase =yes)
[1313] string-match:smtp-message-body:\.sort\((fcase =yes)
[1314] string-match:smtp-message-body:\x3c/script\x3e(fcase =yes)
[1315] string-match:smtp-message-body:\[0x.FFFFFFF\](fcase =yes)
[1316] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:2000:no
[1317] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x31323334:no
[1318] numerical-eq:pktsearch-udp-dst-port:0xffffffff:1745:no
[1319] string-match:snmp-request-community-string-field:ILMI(fcase =yes)
[1320] string-match:telnet-server-data-text:\xFF\xFD\x25(fcase =no)
[1321] unsigned-gt:telnet-client-authentication-sb-param-length:0xffffffff:128:no
[1322] string-match:telnet-client-authentication-sb-param:^\x03(fcase =no)
[1323] string-match:smtp-EXE-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1324] string-match:smtp-EXE-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1325] string-match:smtp-COM-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1326] string-match:smtp-COM-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1327] string-match:smtp-SCR-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1328] string-match:smtp-SCR-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1329] string-match:smtp-PIF-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1330] string-match:smtp-PIF-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1331] string-match:smtp-BAT-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1332] string-match:smtp-BAT-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1333] string-match:smtp-CMD-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1334] string-match:smtp-CMD-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1335] string-match:pop3-EXE-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1336] string-match:pop3-EXE-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1337] string-match:pop3-COM-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1338] string-match:pop3-COM-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1339] string-match:pop3-SCR-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1340] string-match:pop3-SCR-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1341] string-match:pop3-PIF-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1342] string-match:pop3-PIF-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1343] string-match:pop3-BAT-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1344] string-match:pop3-BAT-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1345] string-match:pop3-CMD-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1346] string-match:pop3-CMD-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1347] string-match:imap-EXE-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1348] string-match:imap-EXE-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1349] string-match:imap-COM-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1350] string-match:imap-COM-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1351] string-match:imap-SCR-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1352] string-match:imap-SCR-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1353] string-match:imap-PIF-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1354] string-match:imap-PIF-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1355] string-match:imap-BAT-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1356] string-match:imap-BAT-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1357] string-match:imap-CMD-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[1358] string-match:imap-CMD-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[1359] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:58008:no
[1360] string-match:pktsearch-req-text:\x3CSYSTMTIME\x3E(fcase =no)
[1361] string-match:pktsearch-req-text:\x3CREQSTFILE\x3E(fcase =no)
[1362] string-match:pktsearch-rsp-text:\x3CTHETIMEIS\x3E(fcase =no)
[1363] string-match:pktsearch-rsp-text:\x3CERROROCRD\x3E(fcase =no)
[1364] string-match:http-before-request-method:(GET|HEAD|POST|PUT)%00(fcase =yes)
[1365] numerical-eq:netbios-ss-smb-loginfailed-counter:0xffffffff:10:no
[1366] string-match:irc-rsp-message:scan\.(addnettrange |delrange |listnetranges|clearnetranges|resetnetranges|enable |disable |star|stop|stats|host ) (fcase =yes)
[1367] string-match:irc-rsp-message:ddos\.(httpflood|phaticmp|phatsyn|phatwonk|stop|synflood|targa3) (fcase =yes)
[1368] string-match:irc-rsp-message:http\.(execute|download|update)(fcase =yes)
[1369] string-match:irc-rsp-message:ftp\.(execute|download|update)(fcase =yes)
[1370] string-match:irc-rsp-message:cvar\.set (alospam|spam)_(fcase =yes)
[1371] string-match:irc-rsp-message:spam\.(setlist|settemplate|start|stop) (fcase =yes)
[1372] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4523:no
[1373] string-match:pktsearch-rsp-text:^ \x3e\x3e  MTX Celine Trojan .\..\.. By Del_Armg0(fcase =no)
[1374] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00u\x00n\x00w\x00e\x00b\x00t\x00a\x00s\x00k(fcase =yes)
[1375] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00u\x00n\x00w\x00e\x00b\x00t\x00a\x00s\x00k(fcase =yes)
[1376] string-match:irc-req-user-cmd-param:AAAAAAAAAA none none :w00w00(fcase =no)
[1377] string-match:irc-req-invite-cmd-param:\xeb\x28\x5e\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x8b\x7e\x0d\x8a\x5f\x38(fcase =no)
[1378] string-match:rlogin-username-client-login:^-froot(fcase =no)
[1379] string-match:rlogin-client-handshake-serveruser-text:^-froot(fcase =no)
[1380] numerical-eq:rlogin-password-provided:0xffffffff:0:no
[1381] string-match:pktsearch-rsp-text:^Conectado a (fcase =no)
[1382] string-match:pktsearch-rsp-text:- The Prayer (fcase =no)
[1383] string-match:http-req-uri-path:(/|\\)webid(/|\\)(fcase =yes)
[1384] string-match:http-req-uri-path:sdiis\.dll(fcase =yes)
[1385] unsigned-gt:http-post-req-content-length:0xffffffff:255:no
[1386] unsigned-gt:http-req-chunk-read-body-length:0xffffffff:4096:no
[1387] string-match:http-req-uri-path:/(+|<|>|%20)/(fcase =yes)
[1388] string-match:http-req-uri-path:\.jsp(fcase =yes)
[1389] unsigned-gt:smtp-send-cmd-param-length:0xffffffff:1024:no
[1390] numerical-eq:smtp-command-name:0xffffffff:21:no
[1391] string-match:smtp-rcpt-cmd-param:|sed -e '1,/\^\$/'(fcase =no)
[1392] numerical-eq:smtp-server-type:0xffffffff:1:yes
[1393] string-match:pktsearch-req-text:^//Message1(fcase =no)
[1394] string-match:http-before-request-method:^//Message1(fcase =no)
[1395] numerical-eq:h225-error-code:0xffffffff:DestinationURLLengthAnomaly:no
[1396] string-match:ftp-cmd-param: ~(fcase =no)
[1397] string-match:ftp-cmd-param:{[\r\n](fcase =no)
[1398] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00s\x00p\x00r\x00i\x00n\x00t\x00f(fcase =yes)
[1399] string-match:tds-mssql-client-query-payload:r\x00a\x00i\x00s\x00e\x00r\x00r\x00o\x00r(fcase =yes)
[1400] string-match:tds-mssql-client-query-payload:f\x00o\x00r\x00m\x00a\x00t\x00m\x00e\x00s\x00s\x00a\x00g\x00e(fcase =yes)
[1401] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00s\x00p\x00r\x00i\x00n\x00t\x00f(fcase =yes)
[1402] string-match:netbios-ss-tds-client-query-payload:r\x00a\x00i\x00s\x00e\x00r\x00r\x00o\x00r(fcase =yes)
[1403] string-match:netbios-ss-tds-client-query-payload:f\x00o\x00r\x00m\x00a\x00t\x00m\x00e\x00s\x00s\x00a\x00g\x00e(fcase =yes)
[1404] unsigned-gt:tns-req-fromtz-param-text-len:0xffffffff:128:no
[1405] unsigned-gt:tns-req-timezone-param-text-len:0xffffffff:128:no
[1406] unsigned-gt:tns-req-numtointerval-param-text-len:0xffffffff:128:no
[1407] string-match:smtp-PIF-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1408] string-match:smtp-PIF-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1409] string-match:smtp-SCR-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1410] string-match:smtp-SCR-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1411] string-match:smtp-EXE-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1412] string-match:smtp-EXE-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1413] string-match:smtp-BAT-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1414] string-match:smtp-BAT-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1415] string-match:smtp-COM-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1416] string-match:smtp-COM-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1417] string-match:smtp-CPL-message-body:EIbjpu0CPKsz/kTm8G3ihH5J(fcase =no)
[1418] string-match:smtp-CPL-message-body:GNAXse1Cu3Dmal1FF/jI0G0T(fcase =no)
[1419] string-match:pop3-PIF-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1420] string-match:pop3-PIF-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1421] string-match:pop3-SCR-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1422] string-match:pop3-SCR-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1423] string-match:pop3-EXE-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1424] string-match:pop3-EXE-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1425] string-match:pop3-BAT-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1426] string-match:pop3-BAT-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1427] string-match:pop3-COM-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1428] string-match:pop3-COM-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1429] string-match:pop3-CPL-message-body:EIbjpu0CPKsz/kTm8G3ihH5J(fcase =no)
[1430] string-match:pop3-CPL-message-body:GNAXse1Cu3Dmal1FF/jI0G0T(fcase =no)
[1431] string-match:imap-PIF-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1432] string-match:imap-PIF-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1433] string-match:imap-SCR-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1434] string-match:imap-SCR-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1435] string-match:imap-EXE-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1436] string-match:imap-EXE-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1437] string-match:imap-BAT-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1438] string-match:imap-BAT-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1439] string-match:imap-COM-message-body:J33iKoaA5cbJttB3GBUnzebK(fcase =no)
[1440] string-match:imap-COM-message-body:VjoxeT8RI2OeJ2b0G19GjQcD(fcase =no)
[1441] string-match:imap-CPL-message-body:EIbjpu0CPKsz/kTm8G3ihH5J(fcase =no)
[1442] string-match:imap-CPL-message-body:GNAXse1Cu3Dmal1FF/jI0G0T(fcase =no)
[1443] string-match:pktsearch-rsp-text:^1\.[24]5\x0d(fcase =no)
[1444] string-match:pktsearch-rsp-text:^R3C Server v1(fcase =no)
[1445] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9870:no
[1446] string-match:http-req-uri-path:\.cfm$(fcase =yes)
[1447] string-match:http-req-uri-path:\.jsp$(fcase =yes)
[1448] unsigned-gt:http-req-uri-path-length:0xffffffff:4096:no
[1449] string-match:http-req-uri-path:\.ns4(fcase =yes)
[1450] string-match:http-req-uri-path:\.box(fcase =yes)
[1451] string-match:http-req-uri-path:\.\.(\\|/)(fcase =no)
[1452] string-match:http-before-request-method:^INDEX /(fcase =yes)
[1453] numerical-eq:http-rsp-server-type:0xffffffff:3:yes
[1454] numerical-eq:rpc-call-procedure:0xffffffff:21:no
[1455] string-match:rpc-call-data:@foobar(fcase =no)
[1456] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xe4\x00\x00\x00\x04\x00\x00\x00\x15(fcase =no)
[1457] string-match:pktsearch-req-text:@foobar(fcase =no)
[1458] string-match:rpc-call-data:\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x6b\x73\x68(fcase =no)
[1459] string-match:pktsearch-req-text:\x91\xd0\x20\x08\x2f\x62\x69\x6e\x2f\x6b\x73\x68(fcase =no)
[1460] numerical-eq:icmp-echo-reply-id:0xffffffff:666:no
[1461] numerical-eq:icmp-echo-reply-id:0xffffffff:6666:no
[1462] string-match:icmp-echo-reply-payload:skillz(fcase =no)
[1463] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00o\x00l\x00e\x00d\x00b\x00i\x00n\x00f\x00o\x00 (fcase =yes)
[1464] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00o\x00l\x00e\x00d\x00b\x00i\x00n\x00f\x00o\x00 (fcase =yes)
[1465] string-match:http-req-uri-path:^(/)?pls/(fcase =no)
[1466] string-match:http-req-uri-path:owa_util\.signature(fcase =no)
[1467] string-match:http-req-uri-path:owa_util\.showsource(fcase =no)
[1468] string-match:http-req-uri-path:owa_util\.cellsprint(fcase =no)
[1469] string-match:http-req-uri-path:owa_util\.listprint(fcase =no)
[1470] string-match:http-req-uri-path:owa_util\.show_query_columns(fcase =no)
[1471] unsigned-gt:http-req-user-agent-header-length:0xffffffff:200:no
[1472] string-match:http-req-uri-path:cgitest\.exe(fcase =yes)
[1473] numerical-eq:telnet-iac-in-client-login-counter:0xffffffff:1:no
[1474] string-match:http-post-req-uri-path:/content\.hts(fcase =yes)
[1475] string-match:http-req-message-body-query-param-value:Httpd:ExecuteFile\((fcase =yes)
[1476] string-match:http-req-message-body-query-param-value:inetd(fcase =yes)
[1477] string-match:http-req-message-body-query-param-value:cmd\.exe(fcase =yes)
[1478] string-match:http-post-req-uri-path:\.asp(fcase =yes)
[1479] string-match:http-req-uri-path:(\\|/)(changepw|redirect)\.exe$(fcase =yes)
[1480] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1026:no
[1481] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1025:no
[1482] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10887:no
[1483] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31887:no
[1484] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:32000:no
[1485] string-match:pktsearch-rsp-text:^ER 0\r\n(fcase =no)
[1486] string-match:pktsearch-req-text:^HASL (fcase =no)
[1487] string-match:http-post-req-uri-path:/cart.(cgi|pl)(fcase =no)
[1488] string-match:http-post-req-message-body:3fdj939jf(fcase =no)
[1489] string-match:http-post-req-uri-query-param-name:3fdj939jf(fcase =no)
[1490] unsigned-gt:ftp-site-cmd-param-length:0xffffffff:256:no
[1491] string-match:ftp-site-cmd-param:CPWD(fcase =yes)
[1492] string-match:http-req-uri-path:web-inf/config\.xml(fcase =no)
[1493] string-match:http-req-uri-path:/server-info(fcase =no)
[1494] string-match:http-req-uri-path:/oprocmgr-status(fcase =no)
[1495] string-match:http-req-uri-path:onlineorders_html/main\.jsp(fcase =no)
[1496] numerical-eq:snmp-msg-head-length-of-length:0xffffffff:0:no
[1497] numerical-eq:snmp-version-length-of-length:0xffffffff:0:no
[1498] numerical-eq:snmp-community-string-length-of-length:0xffffffff:0:no
[1499] numerical-eq:snmp-pdu-head-length-of-length:0xffffffff:0:no
[1500] numerical-eq:snmp-varbindlist-length-of-length:0xffffffff:0:no
[1501] numerical-eq:snmp-varbind-length-of-length:0xffffffff:0:no
[1502] numerical-eq:snmp-varbind-object-id-length-of-length:0xffffffff:0:no
[1503] numerical-eq:snmp-varbind-value-length-of-length:0xffffffff:0:no
[1504] numerical-eq:pktsearch-edonkey-counter:0xffffffff:1:no
[1505] numerical-eq:pktsearch-req-pktlen:0xffffffff:6:no
[1506] string-match-ap:req-content-text:(\xE3|\xC5|\xD4).\x00\x00\x00\x01(fcase =no)(offset=0, depth=0)
[1507] string-match-ap:rsp-content-text:(\xE3|\xC5|\xD4).\x00\x00\x00(fcase =no)(offset=0, depth=0)
[1508] string-match:smtp-PIF-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1509] string-match:smtp-PIF-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1510] string-match:smtp-EXE-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1511] string-match:smtp-EXE-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1512] string-match:pop3-PIF-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1513] string-match:pop3-PIF-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1514] string-match:pop3-EXE-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1515] string-match:pop3-EXE-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1516] string-match:imap-PIF-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1517] string-match:imap-PIF-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1518] string-match:imap-EXE-message-body:FoCG/gZoFZhlF5XX7uHXzFmQ(fcase =no)
[1519] string-match:imap-EXE-message-body:sqYnn2wedsfuOyNW6OwpyPh1(fcase =no)
[1520] string-match:telnet-client-data-text:\xFF\xFB\x18\xFF\xFC\x20\xFF\xFC\x23\xFF\xFC\x24(fcase =no)
[1521] string-match:telnet-client-data-text:\xFF\xFD\x03\xFF\xFB\x01\xFF\xFC\x1F\xFF\xFE\x05\xFF\xFC\x21(fcase =no)
[1522] string-match:telnet-client-data-text:\x90\x90\x90\x90\x90\x90\xEB\xFE\x90\x90\x90\x90\x90\x90\x90\x90(fcase =no)
[1523] string-match:telnet-client-data-text:\x90\x90\x90\x90\x90\x90\x90\x90\x59\xF6\x12(fcase =no)
[1524] numerical-eq:http-error-code:0xffffffff:11:no
[1525] string-match:http-req-uri-path:phpBB2(\\|/)(fcase =yes)
[1526] string-match:http-req-uri-path:(\\|/)db\.php(fcase =yes)
[1527] string-match:http-req-uri-query-param-name:phpbb_root_path(fcase =yes)
[1528] string-match:http-req-uri-path:/AdvancedDataFactory\.Query(fcase =yes)
[1529] string-match:http-post-req-message-body:\r\ncontent-type:(fcase =yes)
[1530] string-match:http-req-uri:wp-(cs-dump|ver-info|html-rend|usr-prop|ver-diff|verify-link|start-ver|stop-ver|uncheckout)(fcase =yes)
[1531] unsigned-gt:snmp-trap-generic-code:0xffffffff:6:no
[1532] unsigned-gt:telnet-username-client-login-length:0xffffffff:256:no
[1533] unsigned-gt:telnet-username-client-login-length:0xffffffff:512:no
[1534] string-match:telnet-server-data-text:Windows Telnet Server Version 1.0(fcase =no)
[1535] string-match:http-req-uri-path://welcome\.jsp(fcase =yes)
[1536] unsigned-in-range:wins-later-req-msg-len:0xffffffff:1500:0x2f8701::no
[1537] numerical-eq:wins-later-req-cmd:0x7800:0x7800:no
[1538] unsigned-gt:wins-later-req-pointer:0xffffffff:0xFFFF:no
[1539] unsigned-gt:wins-later-dword5:0xffffffff:0x1FFFF:no
[1540] unsigned-in-range:wins-first-req-msg-len:0xffffffff:0:0x2f8701::no
[1541] numerical-eq:wins-first-req-cmd:0x7800:0x7800:no
[1542] unsigned-gt:wins-first-req-pointer:0xffffffff:0:no
[1543] numerical-eq:wins-later-dword5:0xFF:0x6:no
[1544] unsigned-gt:wins-later-dword6:0xffffffff:276:no
[1545] numerical-eq:ssl-renegotiation-flag:0xffffffff:client-negotiation:no
[1546] string-match:pktsearch-req-text:^NSClient-(fcase =no)
[1547] string-match:pktsearch-rsp-text:^NSServer-(fcase =no)
[1548] string-match:pktsearch-req-text:^GETPW(fcase =no)
[1549] string-match:pktsearch-req-text:^ABCJZ(fcase =no)
[1550] string-match:pktsearch-req-text:^WINDIR(fcase =no)
[1551] string-match:pktsearch-req-text:^SYSDIR(fcase =no)
[1552] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:22222:no
[1553] numerical-eq:pktsearch-msn-counter:0xffffffff:2:no
[1554] string-match-ap:req-content-text:VER (.|..|...) MSNP(fcase =no)(offset=0, depth=0)
[1555] string-match-ap:rsp-content-text:VER (.|..|...) MSNP(fcase =no)(offset=0, depth=0)
[1556] string-match:http-req-uri-path:gateway[/\\]gateway\.dll$(fcase =no)
[1557] string-match:http-req-host-header:gateway\.messenger\.hotmail\.com(fcase =no)
[1558] string-match:http-req-message-body:VER (.|..|...) MSNP(fcase =no)
[1559] string-match:http-post-req-uri-path:uilogin\.srf(fcase =no)
[1560] string-match:http-post-req-uri-query-param-name:id(fcase =yes)
[1561] string-match:http-post-req-uri-query-param-value:45940(fcase =no)
[1562] string-match:tns-req-connect-data-text:\(DESCRIPTION(fcase =yes)
[1563] string-match:tns-req-connect-data-text:\(COMMAND=dbsnmp_start\)(fcase =yes)
[1564] string-match:tns-req-connect-data-text:COMMAND=dbsnmp_stop\)(fcase =yes)
[1565] string-match:http-req-uri-path:(\\|/)admin\.php3(fcase =no)
[1566] string-match:http-req-uri-query-param-name:step(fcase =no)
[1567] string-match:http-req-uri-query-param-name:option(fcase =no)
[1568] string-match:http-req-uri-query-param-value:pass(fcase =no)
[1569] string-match:http-req-uri-query-param-name:confirm(fcase =no)
[1570] string-match:http-req-uri-query-param-name:newPssword(fcase =no)
[1571] string-match:snmp-request-community-string-field:^private$(fcase =yes)
[1572] string-match:snmp-request-community-string-field:^read$(fcase =yes)
[1573] string-match:snmp-request-community-string-field:^write$(fcase =yes)
[1574] string-match:snmp-request-community-string-field:^all private$(fcase =yes)
[1575] string-match:snmp-request-community-string-field:^monitor$(fcase =yes)
[1576] string-match:snmp-request-community-string-field:^manager$(fcase =yes)
[1577] string-match:snmp-request-community-string-field:^security$(fcase =yes)
[1578] string-match:snmp-request-community-string-field:^origequipmfr$(fcase =yes)
[1579] string-match:snmp-request-community-string-field:^secret code$(fcase =yes)
[1580] string-match:snmp-request-community-string-field:^admin$(fcase =yes)
[1581] string-match:snmp-request-community-string-field:^default$(fcase =yes)
[1582] string-match:snmp-request-community-string-field:^password$(fcase =yes)
[1583] string-match:snmp-request-community-string-field:^tivoli$(fcase =yes)
[1584] string-match:snmp-request-community-string-field:^openview$(fcase =yes)
[1585] string-match:snmp-request-community-string-field:^community$(fcase =yes)
[1586] string-match:snmp-request-community-string-field:^snmp$(fcase =yes)
[1587] string-match:snmp-request-community-string-field:^snmpd$(fcase =yes)
[1588] string-match:snmp-request-community-string-field:^system$(fcase =yes)
[1589] string-match:snmp-request-community-string-field:^gate$(fcase =yes)
[1590] numerical-eq:snmp-msg-type:0xffffffff:4:no
[1591] string-match:snmp-varbind-object-id-field:^\x2b\x06\x01(fcase =no)
[1592] string-match:snmp-varbind-object-id-field:^\x2b\x80\x06\x80\x01(fcase =no)
[1593] string-match:snmp-varbind-object-id-field:\x80\x80\x06\x80\x80(fcase =no)
[1594] unsigned-gt:nntp-server-list-param-length:0xffffffff:14:no
[1595] string-match:http-req-uri-path:Carello(/|\\)add\.exe(fcase =yes)
[1596] string-match:http-req-uri-query-params:[abcdefghi]:\\(fcase =yes)
[1597] unsigned-gt:finger-redirect-counter:0xffffffff:1:no
[1598] string-match:finger-client-data-text:@@(fcase =no)
[1599] unsigned-gt:rtsp-req-uri-len:0xffffffff:4000:no
[1600] string-match:rtsp-req-transport-header-text:THCr0x!(fcase =no)
[1601] unsigned-gt:rtsp-req-uri-len:0xffffffff:4096:no
[1602] unsigned-gt:rtsp-req-uri-len:0xffffffff:1024:no
[1603] string-match:ftp-list-cmd-param:%u%u%u%u%[0-9](fcase =no)
[1604] string-match:ftp-list-cmd-param:u%n(fcase =no)
[1605] string-match:http-req-uri-path:\x0a\xf7\x02\x97(fcase =no)
[1606] string-match:http-req-uri-path:\x0b\x18\x02\x98(fcase =no)
[1607] string-match:http-req-uri-path:\x0b\x39\x02\x99(fcase =no)
[1608] string-match:http-req-uri-path:\x0b\x5a\x02\x9a(fcase =no)
[1609] string-match:http-req-uri-path:\x20\x20\x08\x01(fcase =no)
[1610] string-match:http-req-uri-path:\xe4\x20\xe0\x08(fcase =no)
[1611] string-match:http-req-uri-path:\x24\x02\x04\x53(fcase =no)
[1612] string-match:http-req-uri-path:\x24\x02\x03\xf3(fcase =no)
[1613] string-match:http-req-uri-path:\x24\x02\x04\x25(fcase =no)
[1614] string-match:http-req-uri-path:\x24\x02\x03\xee(fcase =no)
[1615] string-match:http-req-uri-path:\x24\x02\x03\xeb(fcase =no)
[1616] string-match:http-req-uri-path:\x03\xff\xff\xcc(fcase =no)
[1617] string-match:http-req-uri-path:\x02..\x0c(fcase =no)
[1618] string-match:http-req-uri-path:\x01\x01\x01\x0c(fcase =no)
[1619] string-match:http-req-uri-path:\x13\x74\xf0\x47(fcase =no)
[1620] string-match:http-req-uri-path:\x12\x74\xf0\x47(fcase =no)
[1621] string-match:http-req-uri-path:\x11\x74\xf0\x47(fcase =no)
[1622] string-match:http-req-uri-path:/bin/sh(fcase =no)
[1623] string-match:http-req-uri-path:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[1624] string-match:http-req-uri-path:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[1625] string-match:http-req-uri-path:h....X5....H..PP..PPa(fcase =no)
[1626] string-match:http-req-uri-path:PQX-....-....-....PQX(fcase =no)
[1627] string-match:http-req-uri-path:PQX-....-....PQX(fcase =no)
[1628] string-match:http-req-uri-path:\x80\x30.\x40\xe2\xfa(fcase =no)
[1629] string-match:http-req-uri-path:\xac\x34.\xaa\xe2\xfa(fcase =no)
[1630] string-match:http-req-uri-path:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[1631] string-match:http-req-uri-path:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[1632] string-match:http-req-uri-path:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[1633] string-match:http-req-uri-path:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[1634] string-match:http-req-uri-path:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[1635] string-match:http-req-uri-path:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[1636] string-match:http-req-uri-path:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[1637] string-match:http-req-uri-path:cgi-bin(fcase =no)
[1638] string-match:http-req-uri-path:(\\|/)rpm_query(fcase =no)
[1639] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_LIBRARY_PATH(\x00|\x01)\x2f(fcase =yes)
[1640] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_LIBRARY_PATH(fcase =yes)
[1641] unsigned-gt:telnet-client-environ-sb-param-length:0xffffffff:512:no
[1642] string-match:pktsearch-openview-req-text:\x00\x20\x30\x00\x20\x30\x00\x20\x30\x00\x20(fcase =no)
[1643] string-match:pktsearch-openview-req-text:28\x00/\.\./\.\./\.\./bin/sh\x00\x00dig(fcase =no)
[1644] unsigned-gt:imap-proxy-cmd-param-length:0xffffffff:128:no
[1645] string-match:http-req-uri-path:mall_log_files(/|\\)order\.log$(fcase =yes)
[1646] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:63536:no
[1647] string-match:pktsearch-rsp-text:^Insane Network vs [45]\.0 by Suid Flow(fcase =no)
[1648] string-match:ssl-tbs-issuer-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1649] string-match:ssl-tbs-subject-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1650] string-match:ssl-tbs-exts-item-value-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1651] string-match:ssl-tbs-sig-param-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1652] string-match:ssl-tbs-pkinf-algid-param-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1653] string-match:ssl-sigalg-param-msg-sfield:\x84(\xFF\xFF\xFF\xFD|\xFF\xFF\xFF\xFE|\xFF\xFF\xFF\xFF)(fcase =no)
[1654] string-match:pktsearch-rsp-text:^--Ahhhhhhhhhh My Mouth Is Open(fcase =no)
[1655] string-match:pktsearch-rsp-text:- Ahhhhh My Mouth Is Open \(v2\)(fcase =no)
[1656] string-match:pktsearch-rsp-text:- Ahhhhh My Mouth Is Open \(v3\.0\)(fcase =no)
[1657] string-match:pktsearch-rsp-text:- Ahhhh My Mouth Is Open \(v3\.1\)(fcase =no)
[1658] string-match:ftp-site-cmd-param:EXEC(fcase =yes)
[1659] string-match:ftp-site-cmd-param:\.\./\.\./(fcase =no)
[1660] string-match:ftp-site-cmd-param:--use-compress-program(fcase =no)
[1661] string-match:ftp-site-cmd-param:--rsh-command(fcase =no)
[1662] string-match:ftp-site-cmd-param:--info-script(fcase =no)
[1663] string-match:ftp-site-cmd-param:--new-volume-script(fcase =no)
[1664] unsigned-gt:http-req-uri-query-params-length:0xffffffff:2002:no
[1665] string-match:http-req-uri-path:dvwssr\.dll$(fcase =yes)
[1666] unsigned-gt:pop3-login-fail-counter:0xffffffff:0:no
[1667] string-match:smtp-CMD-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1668] string-match:smtp-CMD-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1669] string-match:smtp-PIF-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1670] string-match:smtp-PIF-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1671] string-match:smtp-BAT-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1672] string-match:smtp-BAT-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1673] string-match:smtp-COM-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1674] string-match:smtp-COM-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1675] string-match:smtp-ZIP-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1676] string-match:smtp-ZIP-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1677] string-match:smtp-ZIP-message-body:DzB3S4c4esNidPfURLxvWOU6(fcase =no)
[1678] string-match:smtp-ZIP-message-body:VQEvMzJaSTDzYE6cTDVZRztK(fcase =no)
[1679] string-match:smtp-ZIP-message-body:MHdLhzh6w2J099REvG9Y5TpV(fcase =no)
[1680] string-match:smtp-ZIP-message-body:AS8zMlpJMPNgTpxMNVlHO0p3(fcase =no)
[1681] string-match:pop3-CMD-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1682] string-match:pop3-CMD-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1683] string-match:pop3-PIF-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1684] string-match:pop3-PIF-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1685] string-match:pop3-BAT-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1686] string-match:pop3-BAT-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1687] string-match:pop3-COM-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1688] string-match:pop3-COM-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1689] string-match:pop3-ZIP-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1690] string-match:pop3-ZIP-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1691] string-match:pop3-ZIP-message-body:DzB3S4c4esNidPfURLxvWOU6(fcase =no)
[1692] string-match:pop3-ZIP-message-body:VQEvMzJaSTDzYE6cTDVZRztK(fcase =no)
[1693] string-match:pop3-ZIP-message-body:MHdLhzh6w2J099REvG9Y5TpV(fcase =no)
[1694] string-match:pop3-ZIP-message-body:AS8zMlpJMPNgTpxMNVlHO0p3(fcase =no)
[1695] string-match:imap-CMD-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1696] string-match:imap-CMD-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1697] string-match:imap-PIF-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1698] string-match:imap-PIF-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1699] string-match:imap-BAT-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1700] string-match:imap-BAT-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1701] string-match:imap-COM-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1702] string-match:imap-COM-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1703] string-match:imap-ZIP-message-body:SQ8wd0uHOHrDYnT31ES8b1jl(fcase =no)
[1704] string-match:imap-ZIP-message-body:OlUBLzMyWkkw82BOnEw1WUc7(fcase =no)
[1705] string-match:imap-ZIP-message-body:DzB3S4c4esNidPfURLxvWOU6(fcase =no)
[1706] string-match:imap-ZIP-message-body:VQEvMzJaSTDzYE6cTDVZRztK(fcase =no)
[1707] string-match:imap-ZIP-message-body:MHdLhzh6w2J099REvG9Y5TpV(fcase =no)
[1708] string-match:imap-ZIP-message-body:AS8zMlpJMPNgTpxMNVlHO0p3(fcase =no)
[1709] unsigned-gt:imap-login-fail-counter:0xffffffff:0:no
[1710] string-match:http-req-uri-path:(/|\\)\.bash_history(fcase =no)
[1711] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:30700:no
[1712] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3723:no
[1713] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:37237:no
[1714] numerical-eq:pktsearch-rsp-1st-4b:0xffffffff:0x6d73673a:no
[1715] string-match:ftp-stor-cmd-param:--use-compress-program(fcase =no)
[1716] string-match:ftp-retr-cmd-param:--use-compress-program(fcase =no)
[1717] string-match:http-req-uri-path:/ctguestb\.idc$(fcase =yes)
[1718] string-match:http-req-uri-path:/details\.idc$(fcase =yes)
[1719] string-match:http-req-uri-path:/scripts/(fcase =yes)
[1720] string-match:http-req-uri-path:\\ctguestb\.idc$(fcase =yes)
[1721] string-match:http-req-uri-path:\\details\.idc$(fcase =yes)
[1722] string-match:http-req-uri-path:\\scripts\\(fcase =yes)
[1723] string-match:http-req-uri-path:(\\|/)advworks(fcase =yes)
[1724] string-match:http-req-uri-path:(\\|/)equipment(fcase =yes)
[1725] string-match:http-req-uri-path:(\\|/)catalog_type\.asp$(fcase =yes)
[1726] string-match:rexec-username-client-login:^root[\r\n](fcase =no)
[1727] string-match:rexec-client-handshake-serveruser-text:^root$(fcase =no)
[1728] numerical-eq:snmp-msg-type:0xffffffff:5:no
[1729] numerical-eq:snmp-msg-type:0xffffffff:8:no
[1730] numerical-eq:snmp-msg-type:0xffffffff:9:no
[1731] unsigned-gt:snmp-octestring-msg-qllength:0xffffffff:305:no
[1732] string-match:http-req-uri-path:/changedisplay\.pl(fcase =yes)
[1733] string-match:http-req-uri-query-params:'Administrator'(fcase =yes)
[1734] numerical-eq:pktsearch-dst-port:0xffffffff:16661:no
[1735] numerical-eq:pktsearch-dst-port:0xffffffff:19991:no
[1736] string-match:pktsearch-req-text:^001(fcase =no)
[1737] string-match:pktsearch-req-text:^085(fcase =no)
[1738] string-match:pktsearch-rsp-text:^001(fcase =no)
[1739] string-match:pktsearch-rsp-text:^085(fcase =no)
[1740] string-match:http-req-uri-path:(\\|/)htmlscript$(fcase =yes)
[1741] string-match:pktsearch-trin00-m2d-req-text:l44adsl(fcase =no)
[1742] string-match:pktsearch-trin00-m2d-req-text:\[\]\.\.Ks(fcase =no)
[1743] string-match:smtp-EXE-message-body:NoUeIK5ltb1aGa9mJlwTCaBR(fcase =no)
[1744] string-match:smtp-EXE-message-body:2Fd5UmcdEyObQfwKTRv8VRAa(fcase =no)
[1745] string-match:pop3-EXE-message-body:NoUeIK5ltb1aGa9mJlwTCaBR(fcase =no)
[1746] string-match:pop3-EXE-message-body:2Fd5UmcdEyObQfwKTRv8VRAa(fcase =no)
[1747] string-match:imap-EXE-message-body:NoUeIK5ltb1aGa9mJlwTCaBR(fcase =no)
[1748] string-match:imap-EXE-message-body:2Fd5UmcdEyObQfwKTRv8VRAa(fcase =no)
[1749] string-match:dhcp-req-sf-client-full-name-option:%(n|hn)%(fcase =no)
[1750] unsigned-gt:dhcp-req-cf-client-full-name-option-len:0xffffffff:127:no
[1751] string-match:imap-cmd-param:\x0a\xf7\x02\x97(fcase =no)
[1752] string-match:imap-cmd-param:\x0b\x18\x02\x98(fcase =no)
[1753] string-match:imap-cmd-param:\x0b\x39\x02\x99(fcase =no)
[1754] string-match:imap-cmd-param:\x0b\x5a\x02\x9a(fcase =no)
[1755] string-match:imap-cmd-param:\x20\x20\x08\x01(fcase =no)
[1756] string-match:imap-cmd-param:\xe4\x20\xe0\x08(fcase =no)
[1757] string-match:imap-cmd-param:\x24\x02\x04\x53(fcase =no)
[1758] string-match:imap-cmd-param:\x24\x02\x03\xf3(fcase =no)
[1759] string-match:imap-cmd-param:\x24\x02\x04\x25(fcase =no)
[1760] string-match:imap-cmd-param:\x24\x02\x03\xee(fcase =no)
[1761] string-match:imap-cmd-param:\x24\x02\x03\xeb(fcase =no)
[1762] string-match:imap-cmd-param:\x03\xff\xff\xcc(fcase =no)
[1763] string-match:imap-cmd-param:\x02..\x0c(fcase =no)
[1764] string-match:imap-cmd-param:\x01\x01\x01\x0c(fcase =no)
[1765] string-match:imap-cmd-param:\x13\x74\xf0\x47(fcase =no)
[1766] string-match:imap-cmd-param:\x12\x74\xf0\x47(fcase =no)
[1767] string-match:imap-cmd-param:\x11\x74\xf0\x47(fcase =no)
[1768] string-match:imap-cmd-param:/bin/sh(fcase =no)
[1769] string-match:imap-cmd-param:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[1770] string-match:imap-cmd-param:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[1771] string-match:imap-cmd-param:h....X5....H..PP..PPa(fcase =no)
[1772] string-match:imap-cmd-param:\x80\x30.\x40\xe2\xfa(fcase =no)
[1773] string-match:imap-cmd-param:\xac\x34.\xaa\xe2\xfa(fcase =no)
[1774] string-match:imap-cmd-param:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[1775] string-match:imap-cmd-param:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[1776] string-match:imap-cmd-param:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[1777] string-match:imap-cmd-param:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[1778] string-match:imap-cmd-param:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[1779] string-match:imap-cmd-param:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[1780] string-match:imap-cmd-param:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[1781] unsigned-gt:smtp-date-message-header-length:0xffffffff:140:no
[1782] unsigned-gt:smtp-date-message-header-length:0xffffffff:70:no
[1783] string-match:smtp-message-body:\x00shell32\.dll\x00(fcase =no)
[1784] string-match:http-req-uri-path:/search\.php(fcase =yes)
[1785] string-match:http-req-uri-query-param-name:search_id(fcase =yes)
[1786] string-match:http-req-uri-query-param-value:select (fcase =yes)
[1787] string-match:http-req-uri-query-param-value: from (fcase =yes)
[1788] numerical-eq:pktsearch-req-1st-4b:0xFFFFFF00:0x633A5C00:no
[1789] numerical-eq:pktsearch-req-1st-4b:0xFFFFFF00:0x433A5D00:no
[1790] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4567:no
[1791] numerical-eq:h225-error-code:0xffffffff:SourceAddressE164LengthAnomaly:no
[1792] string-match:http-req-uri-path:/cgi-win(fcase =yes)
[1793] string-match:http-req-uri-path:(\\|/)uploader\.exe$(fcase =yes)
[1794] string-match:pop3-cmd-param:\x0a\xf7\x02\x97(fcase =no)
[1795] string-match:pop3-cmd-param:\x0b\x18\x02\x98(fcase =no)
[1796] string-match:pop3-cmd-param:\x0b\x39\x02\x99(fcase =no)
[1797] string-match:pop3-cmd-param:\x0b\x5a\x02\x9a(fcase =no)
[1798] string-match:pop3-cmd-param:\x20\x20\x08\x01(fcase =no)
[1799] string-match:pop3-cmd-param:\xe4\x20\xe0\x08(fcase =no)
[1800] string-match:pop3-cmd-param:\x24\x02\x04\x53(fcase =no)
[1801] string-match:pop3-cmd-param:\x24\x02\x03\xf3(fcase =no)
[1802] string-match:pop3-cmd-param:\x24\x02\x04\x25(fcase =no)
[1803] string-match:pop3-cmd-param:\x24\x02\x03\xee(fcase =no)
[1804] string-match:pop3-cmd-param:\x24\x02\x03\xeb(fcase =no)
[1805] string-match:pop3-cmd-param:\x03\xff\xff\xcc(fcase =no)
[1806] string-match:pop3-cmd-param:\x02..\x0c(fcase =no)
[1807] string-match:pop3-cmd-param:\x01\x01\x01\x0c(fcase =no)
[1808] string-match:pop3-cmd-param:\x13\x74\xf0\x47(fcase =no)
[1809] string-match:pop3-cmd-param:\x12\x74\xf0\x47(fcase =no)
[1810] string-match:pop3-cmd-param:\x11\x74\xf0\x47(fcase =no)
[1811] string-match:pop3-cmd-param:/bin/sh(fcase =no)
[1812] string-match:pop3-cmd-param:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[1813] string-match:pop3-cmd-param:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[1814] string-match:pop3-cmd-param:h....X5....H..PP..PPa(fcase =no)
[1815] string-match:pop3-cmd-param:\x80\x30.\x40\xe2\xfa(fcase =no)
[1816] string-match:pop3-cmd-param:\xac\x34.\xaa\xe2\xfa(fcase =no)
[1817] string-match:pop3-cmd-param:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[1818] string-match:pop3-cmd-param:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[1819] string-match:pop3-cmd-param:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[1820] string-match:pop3-cmd-param:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[1821] string-match:pop3-cmd-param:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[1822] string-match:pop3-cmd-param:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[1823] string-match:pop3-cmd-param:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[1824] string-match:smtp-EXE-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1825] string-match:smtp-EXE-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1826] string-match:smtp-PIF-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1827] string-match:smtp-PIF-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1828] string-match:smtp-SCR-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1829] string-match:smtp-SCR-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1830] string-match:smtp-BAT-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1831] string-match:smtp-BAT-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1832] string-match:smtp-CMD-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1833] string-match:smtp-CMD-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1834] string-match:smtp-COM-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1835] string-match:smtp-COM-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1836] string-match:smtp-ZIP-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1837] string-match:smtp-ZIP-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1838] string-match:smtp-ZIP-message-body:xqZpmqbHyMnKy5qmaZrMzc7P(fcase =no)
[1839] string-match:smtp-ZIP-message-body:0NE1TbNt0nM309TV1pfbZtkn(fcase =no)
[1840] string-match:smtp-ZIP-message-body:pmmapsfIycrLmqZpmszNzs/Q(fcase =no)
[1841] string-match:smtp-ZIP-message-body:0TVNs23SczfT1NXWl9tm2SfX(fcase =no)
[1842] string-match:pop3-EXE-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1843] string-match:pop3-EXE-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1844] string-match:pop3-PIF-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1845] string-match:pop3-PIF-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1846] string-match:pop3-SCR-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1847] string-match:pop3-SCR-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1848] string-match:pop3-BAT-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1849] string-match:pop3-BAT-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1850] string-match:pop3-CMD-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1851] string-match:pop3-CMD-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1852] string-match:pop3-COM-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1853] string-match:pop3-COM-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1854] string-match:pop3-ZIP-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1855] string-match:pop3-ZIP-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1856] string-match:pop3-ZIP-message-body:xqZpmqbHyMnKy5qmaZrMzc7P(fcase =no)
[1857] string-match:pop3-ZIP-message-body:0NE1TbNt0nM309TV1pfbZtkn(fcase =no)
[1858] string-match:pop3-ZIP-message-body:pmmapsfIycrLmqZpmszNzs/Q(fcase =no)
[1859] string-match:pop3-ZIP-message-body:0TVNs23SczfT1NXWl9tm2SfX(fcase =no)
[1860] string-match:imap-EXE-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1861] string-match:imap-EXE-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1862] string-match:imap-PIF-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1863] string-match:imap-PIF-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1864] string-match:imap-SCR-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1865] string-match:imap-SCR-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1866] string-match:imap-BAT-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1867] string-match:imap-BAT-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1868] string-match:imap-CMD-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1869] string-match:imap-CMD-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1870] string-match:imap-COM-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1871] string-match:imap-COM-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1872] string-match:imap-ZIP-message-body:xcamaZqmx8jJysuapmmazM3O(fcase =no)
[1873] string-match:imap-ZIP-message-body:z9DRNU2zbdJzN9PU1daX22bZ(fcase =no)
[1874] string-match:imap-ZIP-message-body:xqZpmqbHyMnKy5qmaZrMzc7P(fcase =no)
[1875] string-match:imap-ZIP-message-body:0NE1TbNt0nM309TV1pfbZtkn(fcase =no)
[1876] string-match:imap-ZIP-message-body:pmmapsfIycrLmqZpmszNzs/Q(fcase =no)
[1877] string-match:imap-ZIP-message-body:0TVNs23SczfT1NXWl9tm2SfX(fcase =no)
[1878] string-match:mysql-req-init_db-payload:^LPT1$(fcase =yes)
[1879] string-match:mysql-req-init_db-payload:^PRN$(fcase =yes)
[1880] unsigned-gt:imap-list-cmd-param-length:0xffffffff:1024:no
[1881] unsigned-gt:cvs-revision-length:0xffffffff:60:no
[1882] unsigned-gt:netbios-ss-smb-rsp-param-session_setup_andx-securityblob-length:0xffffffff:0x8000:no
[1883] numerical-eq:netbios-ss-error-code:0xffffffff:SESSION_SETUP_SECURITYBLOB_OVERFLOW:no
[1884] string-match:http-req-uri-query-params:(vars|env|db)$(fcase =yes)
[1885] string-match:http-req-uri-query-params:cat+/etc/passwd(fcase =yes)
[1886] string-match:http-req-uri-path:cart\.(cgi|pl)(fcase =yes)
[1887] unsigned-gt:smtp-helo-cmd-param-length:0xffffffff:170:no
[1888] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1095:no
[1889] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1097:no
[1890] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1098:no
[1891] string-match:pktsearch-rsp-text:^B\.F\. Evolution RAT (fcase =no)
[1892] string-match:pktsearch-trin00-a2m-req-text:betaalmostdone(fcase =no)
[1893] unsigned-gt:ftp-pass-cmd-param-length:0xffffffff:800:no
[1894] string-match:ftp-pass-cmd-param:\x90\x90\x31\xdb\x89(fcase =no)
[1895] string-match:ftp-mkd-cmd-param:\x8d\x5e\x08\xb0\x3d\xcd\x80\xfe\x0e\xb0\x30\xfe\xc8\x88(fcase =no)
[1896] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:100:no
[1897] string-match:ftp-mkd-cmd-param:\xcd\x80\x31\xc0\xb0\x17\xcd\x80(fcase =no)
[1898] string-match:ftp-mkd-cmd-param:bin/sh(fcase =no)
[1899] string-match:http-get-req-uri-path:nessus_is_probing_you_(fcase =no)
[1900] string-match:pop3-list-cmd-param:\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa\x89\xf9\x89(fcase =no)
[1901] string-match:pop3-list-cmd-param:/bin/sh(fcase =no)
[1902] string-match:pop3-list-cmd-param:\x31\xdb\x31\xc9\xb0\x40\x83\xc0\x06\xcd\x80\xb0(fcase =no)
[1903] string-match:pop3-list-cmd-param:\xff\xff/bin/sh\.\.\.\.\.\.(fcase =no)
[1904] string-match:smtp-message-body:ey, dude, it's me \^(fcase =no)
[1905] string-match:smtp-message-body:rgh, i don't l(fcase =no)
[1906] string-match:smtp-message-body:I don't bite, w(fcase =no)
[1907] string-match:smtp-message-body:Looking forward for a response :P(fcase =no)
[1908] string-match:smtp-name-message-header:\.zip"(fcase =yes)
[1909] string-match:telnet-client-environ-sb-param:\x0a\xf7\x02\x97(fcase =no)
[1910] string-match:telnet-client-environ-sb-param:\x0b\x18\x02\x98(fcase =no)
[1911] string-match:telnet-client-environ-sb-param:\x0b\x39\x02\x99(fcase =no)
[1912] string-match:telnet-client-environ-sb-param:\x0b\x5a\x02\x9a(fcase =no)
[1913] string-match:telnet-client-environ-sb-param:\x20\x20\x08\x01(fcase =no)
[1914] string-match:telnet-client-environ-sb-param:\xe4\x20\xe0\x08(fcase =no)
[1915] string-match:telnet-client-environ-sb-param:\x24\x02\x04\x53(fcase =no)
[1916] string-match:telnet-client-environ-sb-param:\x24\x02\x03\xf3(fcase =no)
[1917] string-match:telnet-client-environ-sb-param:\x24\x02\x04\x25(fcase =no)
[1918] string-match:telnet-client-environ-sb-param:\x24\x02\x03\xee(fcase =no)
[1919] string-match:telnet-client-environ-sb-param:\x24\x02\x03\xeb(fcase =no)
[1920] string-match:telnet-client-environ-sb-param:\x03\xff\xff\xcc(fcase =no)
[1921] string-match:telnet-client-environ-sb-param:\x02..\x0c(fcase =no)
[1922] string-match:telnet-client-environ-sb-param:\x01\x01\x01\x0c(fcase =no)
[1923] string-match:telnet-client-environ-sb-param:\x13\x74\xf0\x47(fcase =no)
[1924] string-match:telnet-client-environ-sb-param:\x12\x74\xf0\x47(fcase =no)
[1925] string-match:telnet-client-environ-sb-param:\x11\x74\xf0\x47(fcase =no)
[1926] string-match:telnet-client-environ-sb-param:/bin/sh(fcase =no)
[1927] string-match:telnet-client-environ-sb-param:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[1928] string-match:telnet-client-environ-sb-param:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[1929] string-match:telnet-client-environ-sb-param:h....X5....H..PP..PPa(fcase =no)
[1930] string-match:telnet-client-environ-sb-param:-....-....-....PQX-....-....-....PQX(fcase =no)
[1931] string-match:telnet-client-environ-sb-param:-....-....PQX-....-....PQX(fcase =no)
[1932] string-match:telnet-client-environ-sb-param:\x80\x30.\x40\xe2\xfa(fcase =no)
[1933] string-match:telnet-client-environ-sb-param:\xac\x34.\xaa\xe2\xfa(fcase =no)
[1934] string-match:telnet-client-environ-sb-param:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[1935] string-match:telnet-client-environ-sb-param:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[1936] string-match:telnet-client-environ-sb-param:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[1937] string-match:telnet-client-environ-sb-param:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[1938] string-match:telnet-client-environ-sb-param:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[1939] string-match:telnet-client-environ-sb-param:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[1940] string-match:telnet-client-environ-sb-param:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[1941] string-match:smtp-cmd-param:\x0a\xf7\x02\x97(fcase =no)
[1942] string-match:smtp-cmd-param:\x0b\x18\x02\x98(fcase =no)
[1943] string-match:smtp-cmd-param:\x0b\x39\x02\x99(fcase =no)
[1944] string-match:smtp-cmd-param:\x0b\x5a\x02\x9a(fcase =no)
[1945] string-match:smtp-cmd-param:\x20\x20\x08\x01(fcase =no)
[1946] string-match:smtp-cmd-param:\xe4\x20\xe0\x08(fcase =no)
[1947] string-match:smtp-cmd-param:\x24\x02\x04\x53(fcase =no)
[1948] string-match:smtp-cmd-param:\x24\x02\x03\xf3(fcase =no)
[1949] string-match:smtp-cmd-param:\x24\x02\x04\x25(fcase =no)
[1950] string-match:smtp-cmd-param:\x24\x02\x03\xee(fcase =no)
[1951] string-match:smtp-cmd-param:\x24\x02\x03\xeb(fcase =no)
[1952] string-match:smtp-cmd-param:\x03\xff\xff\xcc(fcase =no)
[1953] string-match:smtp-cmd-param:\x02..\x0c(fcase =no)
[1954] string-match:smtp-cmd-param:\x01\x01\x01\x0c(fcase =no)
[1955] string-match:smtp-cmd-param:\x13\x74\xf0\x47(fcase =no)
[1956] string-match:smtp-cmd-param:\x12\x74\xf0\x47(fcase =no)
[1957] string-match:smtp-cmd-param:\x11\x74\xf0\x47(fcase =no)
[1958] string-match:smtp-cmd-param:/bin/sh(fcase =no)
[1959] string-match:smtp-cmd-param:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[1960] string-match:smtp-cmd-param:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[1961] string-match:smtp-cmd-param:h....X5....H..PP..PPa(fcase =no)
[1962] string-match:smtp-cmd-param:\x80\x30.\x40\xe2\xfa(fcase =no)
[1963] string-match:smtp-cmd-param:\xac\x34.\xaa\xe2\xfa(fcase =no)
[1964] string-match:smtp-cmd-param:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[1965] string-match:smtp-cmd-param:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[1966] string-match:smtp-cmd-param:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[1967] string-match:smtp-cmd-param:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[1968] string-match:smtp-cmd-param:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[1969] string-match:smtp-cmd-param:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[1970] string-match:smtp-cmd-param:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[1971] string-match:http-req-uri-path:(nhtml|nphpd|nfunc)\.php(fcase =yes)
[1972] string-match:http-req-uri-query-params:<~>(fcase =yes)
[1973] unsigned-gt:rpc-call-data-len:0xffffffff:800:no
[1974] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1850:no
[1975] string-match:pktsearch-rsp-text:Connected to host \((fcase =no)
[1976] string-match:http-req-uri-path:\.asp%2e(fcase =yes)
[1977] unsigned-in-range:pktsearch-tcp-dst-port:0xffffffff:7777:7778::no
[1978] unsigned-gt:pktsearch-http-discovery-req-len:0xffffffff:432:no
[1979] string-match:http-req-uri-path:(\\|/)apexec\.pl$(fcase =no)
[1980] string-match:http-req-query-params:template(fcase =no)
[1981] string-match:http-req-query-param-value:\.\.(/|\\)(fcase =no)
[1982] unsigned-gt:pop3-retr-cmd-param-length:0xffffffff:9:no
[1983] unsigned-lt:pop3-retr-cmd-param-length:0xffffffff:20:no
[1984] numerical-eq:icmp-destination-unreachable-code:0xffffffff:3:no
[1985] numerical-eq:icmp-destination-unreachable-src-port:0xffffffff:49:no
[1986] numerical-eq:icmp-destination-unreachable-dst-port:0xffffffff:49:no
[1987] string-match:smtp-COM-message-body:EDPLOc/DfQcKhPB1jUkm/BYR(fcase =no)
[1988] string-match:smtp-COM-message-body:BYJoKFXpNM0UO0eMkQ+FaWW4(fcase =no)
[1989] string-match:pop3-COM-message-body:EDPLOc/DfQcKhPB1jUkm/BYR(fcase =no)
[1990] string-match:pop3-COM-message-body:BYJoKFXpNM0UO0eMkQ+FaWW4(fcase =no)
[1991] string-match:imap-COM-message-body:EDPLOc/DfQcKhPB1jUkm/BYR(fcase =no)
[1992] string-match:imap-COM-message-body:BYJoKFXpNM0UO0eMkQ+FaWW4(fcase =no)
[1993] string-match:http-req-uri-path:/servlet/(fcase =yes)
[1994] string-match:http-req-uri-path:/UploadServlet(fcase =yes)
[1995] numerical-eq:telnet-invalid-client:0xffffffff:1:no
[1996] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:200:no
[1997] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:201:no
[1998] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:202:no
[1999] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:401:no
[2000] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:402:no
[2001] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:211:no
[2002] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:212:no
[2003] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:299:no
[2004] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1001:no
[2005] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:56565:no
[2006] string-match:pktsearch-rsp-text:^OK         (fcase =no)
[2007] unsigned-gt:imap-login-cmd-param-length:0xffffffff:1024:no
[2008] numerical-eq:smtp-error-code:0xffffffff:X-LINK2STATE-CHUNK-OVERFLOW:no
[2009] string-match:http-req-uri-path:/htgrep(fcase =yes)
[2010] string-match:http-req-uri:hdr=/(fcase =yes)
[2011] string-match:http-req-uri:qry=/(fcase =yes)
[2012] numerical-eq:rpc-call-procedure:0xffffffff:103:no
[2013] string-match:pktsearch-req-text:\x2a\x02....\x00\x04\x00\x06\x00\x00(fcase =no)
[2014] string-match:pktsearch-req-text:aim:AddExternalApp\?(fcase =no)
[2015] string-match:pktsearch-req-text:\x27\x12..0x00\x00\x02\x00\x05\x07\x4c\x7f\x11\xd1\x82\x22\x44\x45\x53\x54\x00\x00\x00\x0b\x00\x09(fcase =no)
[2016] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00c\x00m\x00d\x00s\x00h\x00e\x00l\x00l\x00(fcase =yes)
[2017] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00c\x00m\x00d\x00s\x00h\x00e\x00l\x00l\x00(fcase =yes)
[2018] unsigned-gt:sip-req-invite-uri-len:0xffffffff:512:no
[2019] unsigned-gt:sip-req-uri-len:0xffffffff:1024:no
[2020] unsigned-gt:sip-req-uri-len:0xffffffff:512:no
[2021] string-match:sip-req-invite-uri-text:(%|\x2E|-|\x30#F0)\x30#F0\x30#F0[ndoxucsefg]%(fcase =no)
[2022] string-match:sip-req-invite-uri-text:\x30#F0\x30#F0(\$n|\$hn)%(fcase =no)
[2023] string-match:sip-req-invite-uri-text:%\x40#E0%\x40#E0%\x40#E0%[ndoxucsefg]%(fcase =no)
[2024] string-match:sip-req-uri-text:(%|\x2E|-|\x30#F0)\x30#F0\x30#F0[ndoxucsefg]%(fcase =no)
[2025] string-match:sip-req-uri-text:\x30#F0\x30#F0(\$n|\$hn)%(fcase =no)
[2026] string-match:sip-req-uri-text:%\x40#E0%\x40#E0%\x40#E0%[ndoxucsefg]%(fcase =no)
[2027] string-match:http-req-uri-path:search(fcase =yes)
[2028] string-match:http-req-uri-query-param-name:NS-query-pat(fcase =yes)
[2029] string-match:http-req-uri-query-param-value:\.\.(\\|/)\.\.(fcase =no)
[2030] unsigned-gt:http-post-req-content-length:0xffffffff:4353:no
[2031] string-match:pktsearch-req-text:User-Agent: PHEX(fcase =yes)
[2032] string-match:http-get-req-user-agent-header:PHEX(fcase =yes)
[2033] numerical-eq:pktsearch-udp-dst-port:0xffffffff:1:no
[2034] string-match:pktsearch-req-text:^/udp/ connect (fcase =no)
[2035] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:30303:no
[2036] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:50505:no
[2037] string-match:pktsearch-req-text:^\x2f\x2f\x20(fcase =no)
[2038] string-match:pktsearch-trin00-d2m-req-text:*HELLO*(fcase =no)
[2039] string-match:http-req-uri-path:read\.php3$(fcase =no)
[2040] string-match:http-req-uri-query-param-name:sSQL(fcase =no)
[2041] string-match:http-req-uri-query-param-value:(CREAT|INSERT|DROP)(fcase =no)
[2042] string-match:smtp-SCR-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2043] string-match:smtp-SCR-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2044] string-match:smtp-PIF-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2045] string-match:smtp-PIF-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2046] string-match:smtp-CMD-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2047] string-match:smtp-CMD-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2048] string-match:smtp-EXE-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2049] string-match:smtp-EXE-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2050] string-match:smtp-BAT-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2051] string-match:smtp-BAT-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2052] string-match:pop3-SCR-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2053] string-match:pop3-SCR-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2054] string-match:pop3-PIF-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2055] string-match:pop3-PIF-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2056] string-match:pop3-CMD-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2057] string-match:pop3-CMD-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2058] string-match:pop3-EXE-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2059] string-match:pop3-EXE-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2060] string-match:pop3-BAT-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2061] string-match:pop3-BAT-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2062] string-match:imap-SCR-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2063] string-match:imap-SCR-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2064] string-match:imap-PIF-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2065] string-match:imap-PIF-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2066] string-match:imap-CMD-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2067] string-match:imap-CMD-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2068] string-match:imap-EXE-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2069] string-match:imap-EXE-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2070] string-match:imap-BAT-message-body:IpIACgooc3luYy0xLv3/b/8w(fcase =no)
[2071] string-match:imap-BAT-message-body:MTsgYW5keQVJJ20ganVzdCBk(fcase =no)
[2072] string-match:smtp-ZIP-message-body:P/njAHIAAABy(fcase =no)
[2073] string-match:pop3-ZIP-message-body:P/njAHIAAABy(fcase =no)
[2074] string-match:imap-ZIP-message-body:P/njAHIAAABy(fcase =no)
[2075] string-match:pktsearch-rsp-text:^MSG00020(fcase =no)
[2076] string-match:pktsearch-rsp-text:The Phoenix is ready(fcase =no)
[2077] string-match:pktsearch-rsp-text:Phoenix II - Server(fcase =no)
[2078] string-match:finger-client-data-text:^\.(\r|\r\n)?(fcase =no)
[2079] string-match:finger-client-data-text:^0(\r|\r\n)?(fcase =no)
[2080] numerical-eq:pktsearch-rsp-pktlen:0xffffffff:1:no
[2081] string-match:pktsearch-req-text:^GET(fcase =no)
[2082] string-match:pktsearch-req-text:^SEND(fcase =no)
[2083] string-match:pktsearch-rsp-text:^Crazzynet(fcase =no)
[2084] string-match:http-req-uri-path:viewsource/template.html?[\t ](fcase =no)
[2085] string-match:snmp-request-community-string-field:public(fcase =yes)
[2086] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_PRELOAD(\x00|\x01)\x2f(fcase =no)
[2087] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_LIBRARY_PATH(\x00|\x01)\x2f(fcase =no)
[2088] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_AOUT_LIBRARY_PATH(\x00|\x01)\x2f(fcase =no)
[2089] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)ELF_LD_LIBRARY_PATH(\x00|\x01)\x2f(fcase =no)
[2090] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)_RLD_(\x00|\x01)\x2f(fcase =no)
[2091] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LIBPATH(\x00|\x01)\x2f(fcase =no)
[2092] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)IFS(\x00|\x01)\x2f(fcase =no)
[2093] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_PRELOAD(fcase =no)
[2094] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_LIBRARY_PATH(fcase =no)
[2095] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LD_AOUT_LIBRARY_PATH(fcase =no)
[2096] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)ELF_LD_LIBRARY_PATH(fcase =no)
[2097] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)_RLD_(fcase =no)
[2098] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)LIBPATH(fcase =no)
[2099] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)IFS(fcase =no)
[2100] string-match:telnet-client-environ-sb-param:[0-9][dxuioc]%(fcase =no)
[2101] string-match:telnet-client-environ-sb-param:%(n|hn)%(fcase =no)
[2102] string-match:telnet-client-environ-sb-param:%[1-9]$(n|hn)%(fcase =no)
[2103] string-match:telnet-client-environ-sb-param:%1[1-9]$(n|hn)%(fcase =no)
[2104] unsigned-gt:smtp-from-blace-counter:0xffffffff:20:no
[2105] string-match:smtp-from-message-header:<><><><><><>(fcase =no)
[2106] unsigned-gt:smtp-from-message-header-length:0xffffffff:256:no
[2107] unsigned-gt:smtp-to-message-header-length:0xffffffff:256:no
[2108] string-match:smtp-to-message-header:<><><><><><>(fcase =no)
[2109] unsigned-gt:smtp-cc-message-header-length:0xffffffff:256:no
[2110] string-match:smtp-cc-message-header:<><><><><><>(fcase =no)
[2111] unsigned-gt:smtp-resent-sender-blace-counter:0xffffffff:20:no
[2112] string-match:smtp-resent-sender-message-header:<><><><><><>(fcase =no)
[2113] unsigned-gt:smtp-resent-sender-message-header-length:0xffffffff:256:no
[2114] unsigned-gt:smtp-resent-from-blace-counter:0xffffffff:20:no
[2115] string-match:smtp-resent-from-message-header:<><><><><><>(fcase =no)
[2116] unsigned-gt:smtp-resent-from-message-header-length:0xffffffff:256:no
[2117] unsigned-gt:smtp-reply-to-blace-counter:0xffffffff:20:no
[2118] string-match:smtp-reply-to-message-header:<><><><><><>(fcase =no)
[2119] unsigned-gt:smtp-reply-to-message-header-length:0xffffffff:256:no
[2120] unsigned-gt:smtp-resent-reply-to-blace-counter:0xffffffff:20:no
[2121] string-match:smtp-resent-reply-to-message-header:<><><><><><>(fcase =no)
[2122] unsigned-gt:smtp-resent-reply-to-message-header-length:0xffffffff:256:no
[2123] unsigned-gt:smtp-sender-blace-counter:0xffffffff:20:no
[2124] string-match:smtp-sender-message-header:<><><><><><>(fcase =no)
[2125] unsigned-gt:smtp-sender-message-header-length:0xffffffff:256:no
[2126] unsigned-gt:smtp-errors-to-blace-counter:0xffffffff:20:no
[2127] string-match:smtp-errors-to-message-header:<><><><><><>(fcase =no)
[2128] unsigned-gt:smtp-errors-to-message-header-length:0xffffffff:256:no
[2129] unsigned-gt:smtp-helo-cmd-param-length:0xffffffff:1200:no
[2130] string-match:smtp-helo-cmd-param:_safebomb__safe(fcase =no)
[2131] string-match:http-req-uri-path:(/|\\)AuthFiles(/|\\)(fcase =yes)
[2132] string-match:http-req-uri-path:(/|\\)Login\.asp(fcase =yes)
[2133] unsigned-gt:http-req-uri-query-params-length:0xffffffff:512:no
[2134] numerical-eq:dns-hdr-id:0xffffffff:0x5641:no
[2135] string-match:dns-request-qname:\x07\x2d\x37\x33\x35\x30(fcase =no)
[2136] numerical-eq:dns-request-question-type:0xffffffff:0x9090:no
[2137] numerical-eq:dns-request-question-class:0xffffffff:0x9090:no
[2138] string-match:dns-request-qname:\xeb\xfe\x0a\x90(fcase =no)
[2139] unsigned-gt:imap-continue-cmd-param-length:0xffffffff:0x80000000:no
[2140] string-match:http-req-uri:/etc/(fcase =no)
[2141] string-match:http-req-uri:/(passwd|shadow)(fcase =no)
[2142] string-match:http-req-uri:\.pwl( |\x26)(fcase =yes)
[2143] numerical-eq:upnp-protocol:0xffffffff:1900:no
[2144] unsigned-gt:upnp-req-webdav-notify-uri-len:0xffffffff:256:no
[2145] unsigned-gt:upnp-req-webdav-search-uri-len:0xffffffff:256:no
[2146] unsigned-gt:upnp-req-header-len:0xffffffff:256:no
[2147] string-match:pktsearch-req-text:^\{C:\\(fcase =no)
[2148] string-match:pktsearch-rsp-text:^\{C:\\(fcase =no)
[2149] string-match:pktsearch-req-text:UserAgent: KazaaClient(fcase =yes)
[2150] string-match:pktsearch-req-text:UserAgent: Grokster(fcase =yes)
[2151] string-match:pktsearch-req-text:UserAgent: fileshare(fcase =yes)
[2152] string-match:pktsearch-req-text:UserAgent: MusicCity(fcase =yes)
[2153] numerical-eq:pktsearch-http-counter:0xffffffff:1:no
[2154] string-match:http-req-user-agent-header:KazaaClient(fcase =yes)
[2155] string-match:http-req-user-agent-header:Grokster(fcase =yes)
[2156] string-match:http-req-user-agent-header:fileshare(fcase =yes)
[2157] string-match:http-req-user-agent-header:MusicCity(fcase =yes)
[2158] string-match-ap:req-content-text:\nX-Kazaa-Network:(fcase =no)
[2159] string-match-ap:rsp-content-text:\nX-Kazaa-Network:(fcase =no)
[2160] unsigned-gt:rexec-client-handshake-password-text-length:0xffffffff:128:no
[2161] unsigned-gt:rexec-password-client-login-length:0xffffffff:128:no
[2162] string-match:snmp-get-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x86\x76\x01\x01\x01(fcase =no)
[2163] string-match:snmp-get-next-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x86\x76\x01\x01\x01(fcase =no)
[2164] string-match:snmp-set-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x86\x76\x01\x01\x01(fcase =no)
[2165] string-match:snmp-v2-bulk-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x86\x76\x01\x01\x01(fcase =no)
[2166] numerical-eq:netbios-ss-dcerpc-req-LSARPC-request-op-num:0xffffffff:0:no
[2167] unsigned-gt:netbios-ss-dcerpc-req-LSARPC-request-frag-length:0xffffffff:700:no
[2168] string-match:http-req-uri-path:\.htaccess(fcase =yes)
[2169] string-match:http-req-uri-path:DCShop/(fcase =yes)
[2170] string-match:http-req-uri-path:orders\.txt(fcase =yes)
[2171] string-match:http-req-uri-path:auth_user_file\.txt(fcase =yes)
[2172] string-match:http-req-uri-path:/\.history$(fcase =no)
[2173] string-match:pktsearch-shaft-a2h-req-text:alive(fcase =no)
[2174] string-match:smtp-PIF-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2175] string-match:smtp-PIF-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2176] string-match:smtp-EXE-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2177] string-match:smtp-EXE-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2178] string-match:smtp-SCR-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2179] string-match:smtp-SCR-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2180] string-match:smtp-BAT-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2181] string-match:smtp-BAT-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2182] string-match:smtp-CMD-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2183] string-match:smtp-CMD-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2184] string-match:pop3-PIF-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2185] string-match:pop3-PIF-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2186] string-match:pop3-EXE-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2187] string-match:pop3-EXE-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2188] string-match:pop3-SCR-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2189] string-match:pop3-SCR-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2190] string-match:pop3-BAT-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2191] string-match:pop3-BAT-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2192] string-match:pop3-CMD-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2193] string-match:pop3-CMD-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2194] string-match:imap-PIF-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2195] string-match:imap-PIF-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2196] string-match:imap-EXE-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2197] string-match:imap-EXE-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2198] string-match:imap-SCR-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2199] string-match:imap-SCR-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2200] string-match:imap-BAT-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2201] string-match:imap-BAT-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2202] string-match:imap-CMD-message-body:fpOqxea9Mfh/azyyu+JlDGmL(fcase =no)
[2203] string-match:imap-CMD-message-body:F8KD3c5+ar8O8y7029Qxw7f1(fcase =no)
[2204] unsigned-gt:dhcp-req-cf-hostname-length:0xffffffff:764:no
[2205] unsigned-gt:imap-create-cmd-param-length:0xffffffff:1024:no
[2206] numerical-eq:radius-access-request-length:0xffffffff:1024:no
[2207] numerical-eq:radius-access-request-length:0xffffffff:2048:no
[2208] numerical-eq:radius-access-request-length:0xffffffff:4096:no
[2209] numerical-eq:radius-access-request-length:0xffffffff:8192:no
[2210] numerical-eq:radius-access-request-attr-counter:0xffffffff:500:no
[2211] string-match:pktsearch-req-text:\x13\x74\xf0\x47(fcase =no)
[2212] string-match:pktsearch-req-text:\x12\x74\xf0\x47(fcase =no)
[2213] string-match:pktsearch-req-text:\x11\x74\xf0\x47(fcase =no)
[2214] string-match:pktsearch-req-text:/bin/sh(fcase =no)
[2215] string-match:pktsearch-req-text:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[2216] string-match:pktsearch-req-text:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[2217] string-match:smtp-subject-message-header:mail(fcase =no)
[2218] string-match:smtp-name-message-header:masteraz\.exe(fcase =yes)
[2219] string-match:smtp-subject-message-header:Improve your Credit(fcase =yes)
[2220] string-match:smtp-name-message-header:jimkre\.exe(fcase =yes)
[2221] string-match:http-post-req-uri-path:/sendeditfile(fcase =yes)
[2222] string-match:http-req-cookie-header:login=0(fcase =yes)
[2223] string-match:http-req-uri-path:/runfile=(fcase =yes)
[2224] string-match:pktsearch-rsp-text:^ver:Ghost version .\.. server(fcase =no)
[2225] unsigned-gt:dcerpc-dcom-meow-custom-size:0xffffffff:0xffff:no
[2226] string-match:rpc-call-data:\xb0\x06\x89\x46\x08\xb0\x66\x8d\x0e\xcd\x80\x89\x06\x8d\x4e\x0c\x89\x4e\x04\x31\xc0\x89\x46\x10\x89\x46\x14\xb0(fcase =no)
[2227] string-match:pktsearch-req-text:\xb0\x06\x89\x46\x08\xb0\x66\x8d\x0e\xcd\x80\x89\x06\x8d\x4e\x0c\x89\x4e\x04\x31\xc0\x89\x46\x10\x89\x46\x14\xb0(fcase =no)
[2228] string-match:http-req-uri-path:tarantella(\\|/)(fcase =yes)
[2229] string-match:http-req-uri-path:ttawebtop.cgi(\\|/)$(fcase =yes)
[2230] string-match:http-req-uri-query-param-name:action(fcase =yes)
[2231] string-match:http-req-uri-query-param-value:start(fcase =yes)
[2232] string-match:http-req-uri-query-param-name:pg(fcase =yes)
[2233] string-match:http-post-req-uri-path:(\\|/)webgais(fcase =no)
[2234] string-match:http-post-req-message-body:query(fcase =no)
[2235] string-match:http-post-req-message-body:output(fcase =no)
[2236] string-match:http-post-req-message-body:subject(fcase =no)
[2237] string-match:http-post-req-message-body:domain(fcase =no)
[2238] string-match:http-post-req-message-body:paragraph(fcase =no)
[2239] unsigned-gt:rsh-username-client-login-length:0xffffffff:128:no
[2240] unsigned-gt:rsh-client-handshake-serveruser-text-length:0xffffffff:128:no
[2241] unsigned-gt:pop3-list-cmd-param-length:0xffffffff:200:no
[2242] string-match:smtp-CPL-message-body:RT0pxgN9h6MbugyS9M+xvArY(fcase =no)
[2243] string-match:smtp-CPL-message-body:APOKVKihCTZLqLJrVFYn489L(fcase =no)
[2244] string-match:smtp-EXE-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2245] string-match:smtp-EXE-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2246] string-match:smtp-SCR-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2247] string-match:smtp-SCR-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2248] string-match:smtp-COM-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2249] string-match:smtp-COM-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2250] string-match:imap-CPL-message-body:RT0pxgN9h6MbugyS9M+xvArY(fcase =no)
[2251] string-match:imap-CPL-message-body:APOKVKihCTZLqLJrVFYn489L(fcase =no)
[2252] string-match:imap-EXE-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2253] string-match:imap-EXE-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2254] string-match:imap-SCR-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2255] string-match:imap-SCR-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2256] string-match:imap-COM-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2257] string-match:imap-COM-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2258] string-match:pop3-CPL-message-body:RT0pxgN9h6MbugyS9M+xvArY(fcase =no)
[2259] string-match:pop3-CPL-message-body:APOKVKihCTZLqLJrVFYn489L(fcase =no)
[2260] string-match:pop3-EXE-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2261] string-match:pop3-EXE-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2262] string-match:pop3-SCR-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2263] string-match:pop3-SCR-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2264] string-match:pop3-COM-message-body:GrPRg958gOhzA9rbOFrg8mUw(fcase =no)
[2265] string-match:pop3-COM-message-body:xfVnkPZ/1cMc+zKHwT9ii5A+(fcase =no)
[2266] unsigned-gt:imap-search-cmd-param-length:0xffffffff:1024:no
[2267] string-match:http-req-uri-path:PDG_Cart(/|\\)shopper\.conf(fcase =yes)
[2268] string-match:http-req-uri-path:PDG_Cart(/|\\)order\.log(fcase =yes)
[2269] string-match:pktsearch-req-text:^Test Server(fcase =no)
[2270] string-match:pktsearch-rsp-text:^Server is online(fcase =no)
[2271] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4488:no
[2272] string-match:ftp-pass-cmd-param:wh00t(fcase =no)
[2273] string-match:pop3-invalid-cmd-text:\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa(fcase =no)
[2274] string-match:pop3-invalid-cmd-text:\xff\xff/bin/sh\.\.\.\.\.\.\.\.\.(fcase =no)
[2275] string-match:smtp-EXE-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2276] string-match:smtp-EXE-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2277] string-match:smtp-ZIP-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2278] string-match:smtp-ZIP-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2279] string-match:smtp-ZIP-message-body:om2jb2EAcQCqoYubeHMAdL92(fcase =no)
[2280] string-match:smtp-ZIP-message-body:AHdtebC6C21VY1+qADD7Mtf0(fcase =no)
[2281] string-match:smtp-ZIP-message-body:baNvYQBxAKqhi5t4cwB0v3YA(fcase =no)
[2282] string-match:smtp-ZIP-message-body:d215sLoLbVVjX6oAMPsy1/Rb(fcase =no)
[2283] string-match:pop3-EXE-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2284] string-match:pop3-EXE-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2285] string-match:pop3-ZIP-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2286] string-match:pop3-ZIP-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2287] string-match:pop3-ZIP-message-body:om2jb2EAcQCqoYubeHMAdL92(fcase =no)
[2288] string-match:pop3-ZIP-message-body:AHdtebC6C21VY1+qADD7Mtf0(fcase =no)
[2289] string-match:pop3-ZIP-message-body:baNvYQBxAKqhi5t4cwB0v3YA(fcase =no)
[2290] string-match:pop3-ZIP-message-body:d215sLoLbVVjX6oAMPsy1/Rb(fcase =no)
[2291] string-match:imap-EXE-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2292] string-match:imap-EXE-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2293] string-match:imap-ZIP-message-body:aKJto29hAHEAqqGLm3hzAHS/(fcase =no)
[2294] string-match:imap-ZIP-message-body:dgB3bXmwugttVWNfqgAw+zLX(fcase =no)
[2295] string-match:imap-ZIP-message-body:om2jb2EAcQCqoYubeHMAdL92(fcase =no)
[2296] string-match:imap-ZIP-message-body:AHdtebC6C21VY1+qADD7Mtf0(fcase =no)
[2297] string-match:imap-ZIP-message-body:baNvYQBxAKqhi5t4cwB0v3YA(fcase =no)
[2298] string-match:imap-ZIP-message-body:d215sLoLbVVjX6oAMPsy1/Rb(fcase =no)
[2299] string-match:tftp-filename:\.\.(\\|/)(fcase =yes)
[2300] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31745:no
[2301] numerical-eq:pktsearch-req-1st-4b:0xFFFFFF00:0x76657200:no
[2302] string-match:pktsearch-rsp-text:\*VERBuHa 1\.0\r\n(fcase =no)
[2303] string-match:pktsearch-rsp-text:\*VERBuHa 1\.21\r\n(fcase =no)
[2304] string-match:pktsearch-rsp-text:\*VERBuHa 1\.22\r\n(fcase =no)
[2305] string-match:pktsearch-rsp-text:\*VERBuHa TNG 1\.22\r\n(fcase =no)
[2306] unsigned-gt:http-req-authorization-header-length:0xffffffff:800:no
[2307] string-match:http-req-authorization-header:Basic (fcase =yes)
[2308] string-match:http-req-uri-path:/campas$(fcase =no)
[2309] string-match:http-req-uri-query-params:^%0(A|a)(fcase =no)
[2310] string-match:pop3-user-cmd-param:\x90\x90\x40\x40\x40(fcase =no)
[2311] string-match:pop3-user-cmd-param:\xeb\x4b\x5b\x53\x32\xe4\x83\xc3(fcase =no)
[2312] string-match:pop3-user-cmd-param:\x33\xc0\x50\xff\xd7\xe8\xb0\xff\xff\xffmsvcrt\.dll\.system\.exit\.(fcase =no)
[2313] string-match:smtp-PIF-message-body:60Ox67g0ilzCkCELUY1H/wys(fcase =no)
[2314] string-match:smtp-PIF-message-body:OVrHBQaDPWSAwIUBfg5qVwSQ(fcase =no)
[2315] string-match:pop3-PIF-message-body:60Ox67g0ilzCkCELUY1H/wys(fcase =no)
[2316] string-match:pop3-PIF-message-body:OVrHBQaDPWSAwIUBfg5qVwSQ(fcase =no)
[2317] string-match:imap-PIF-message-body:60Ox67g0ilzCkCELUY1H/wys(fcase =no)
[2318] string-match:imap-PIF-message-body:OVrHBQaDPWSAwIUBfg5qVwSQ(fcase =no)
[2319] unsigned-gt:imap-select-cmd-param-length:0xffffffff:250:no
[2320] string-match:lpr-unsupport-cmd-buffer:\xe8.\xff\xff(fcase =no)
[2321] string-match:lpr-unsupport-cmd-buffer:\x90{12}(fcase =no)
[2322] string-match:lpr-unsupport-cmd-buffer:\x9a....\x07(fcase =no)
[2323] string-match:lpr-unsupport-cmd-buffer:\xcd\x80(fcase =no)
[2324] unsigned-gt:smtp-vrfy-cmd-param-length:0xffffffff:512:no
[2325] string-match:http-req-uri-path:SQLQHit\.asp(fcase =yes)
[2326] string-match:http-req-uri-query-params:CiScope=(webinfo|fileinfo|extended_fileinfo|extended_webinfo)(fcase =yes)
[2327] string-match:pktsearch-req-text:aim:AddGame\?(fcase =no)
[2328] string-match:pktsearch-req-text:\x27\x11..0x00\x00\x02\x00\x05\x07\x4c\x7f\x11\xd1\x82\x22\x44\x45\x53\x54\x00\x00\x00\x0b\x00\x09(fcase =no)
[2329] unsigned-gt:ftp-iac-cmd-counter:0xffffffff:0:no
[2330] string-match:ftp-invalid-cmd-text:CWD ~root(fcase =yes)
[2331] string-match:ftp-cwd-cmd-param:~root(fcase =no)
[2332] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7597:no
[2333] numerical-eq:pktsearch-rsp-1st-4b:0xFF000000:0x3A000000:no
[2334] unsigned-gt:netbios-ss-smb-open-bytecount:0xffffffff:2048:no
[2335] string-match:netbios-ss-smb-open-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2336] unsigned-gt:netbios-ss-smb-create-bytecount:0xffffffff:2048:no
[2337] string-match:netbios-ss-smb-create-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2338] unsigned-gt:netbios-ss-smb-delete-bytecount:0xffffffff:2048:no
[2339] string-match:netbios-ss-smb-delete-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2340] unsigned-gt:netbios-ss-smb-rename-bytecount:0xffffffff:2048:no
[2341] string-match:netbios-ss-smb-rename-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2342] unsigned-gt:netbios-ss-smb-query_information-bytecount:0xffffffff:2048:no
[2343] string-match:netbios-ss-smb-query_information-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2344] unsigned-gt:netbios-ss-smb-set_information-bytecount:0xffffffff:2048:no
[2345] string-match:netbios-ss-smb-set_information-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2346] unsigned-gt:netbios-ss-smb-create_new-bytecount:0xffffffff:2048:no
[2347] string-match:netbios-ss-smb-create_new-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2348] unsigned-gt:netbios-ss-smb-copy-bytecount:0xffffffff:2048:no
[2349] string-match:netbios-ss-smb-copy-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2350] unsigned-gt:netbios-ss-smb-move-bytecount:0xffffffff:2048:no
[2351] string-match:netbios-ss-smb-move-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2352] unsigned-gt:netbios-ss-smb-open_andx-bytecount:0xffffffff:2048:no
[2353] string-match:netbios-ss-smb-open_andx-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2354] unsigned-gt:netbios-ss-smb-find-bytecount:0xffffffff:2048:no
[2355] string-match:netbios-ss-smb-find-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2356] unsigned-gt:netbios-ss-smb-find_unique-bytecount:0xffffffff:2048:no
[2357] string-match:netbios-ss-smb-find_unique-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2358] unsigned-gt:netbios-ss-smb-find_close-bytecount:0xffffffff:2048:no
[2359] string-match:netbios-ss-smb-find_close-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2360] unsigned-gt:netbios-ss-smb-nt_create_andx-bytecount:0xffffffff:2048:no
[2361] string-match:netbios-ss-smb-nt_create_andx-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2362] unsigned-gt:netbios-ss-smb-nt_rename-bytecount:0xffffffff:2048:no
[2363] string-match:netbios-ss-smb-nt_rename-buffer:\x00\x7e\x00.\x00.\x00\.(fcase =no)
[2364] string-match:tds-sybase-client-query-payload:dbcc checkverify\((fcase =yes)
[2365] string-match:smtp-mail-cmd-param:\x90\x90\x90\xeb\x32\x5b\x53\x32\xe4\x83\xc3\x0b\x4b(fcase =no)
[2366] numerical-eq:http-dst-port:0xffffffff:6588:no
[2367] unsigned-gt:http-req-uri-length:0xffffffff:340:no
[2368] string-match:tds-mssql-client-query-payload:\x00p\x00w\x00d\x00e\x00n\x00c\x00r\x00y\x00p\x00t\x00(fcase =yes)
[2369] string-match:tds-mssql-client-query-payload:\x00r\x00e\x00p\x00l\x00i\x00c\x00a\x00t\x00e\x00\(\x00(fcase =yes)
[2370] string-match:netbios-ss-tds-client-query-payload:\x00p\x00w\x00d\x00e\x00n\x00c\x00r\x00y\x00p\x00t\x00(fcase =yes)
[2371] string-match:netbios-ss-tds-client-query-payload:\x00r\x00e\x00p\x00l\x00i\x00c\x00a\x00t\x00e\x00\(\x00(fcase =yes)
[2372] numerical-eq:icmp-echo-reply-id:0xffffffff:667:no
[2373] numerical-eq:icmp-echo-reply-id:0xffffffff:6667:no
[2374] string-match:icmp-echo-reply-payload:\x66\x69\x63\x6B\x65\x6e(fcase =no)
[2375] string-match:smtp-SCR-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2376] string-match:smtp-SCR-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2377] string-match:smtp-PIF-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2378] string-match:smtp-PIF-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2379] string-match:smtp-CMD-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2380] string-match:smtp-CMD-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2381] string-match:smtp-EXE-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2382] string-match:smtp-EXE-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2383] string-match:smtp-BAT-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2384] string-match:smtp-BAT-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2385] string-match:pop3-SCR-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2386] string-match:pop3-SCR-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2387] string-match:pop3-PIF-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2388] string-match:pop3-PIF-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2389] string-match:pop3-CMD-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2390] string-match:pop3-CMD-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2391] string-match:pop3-EXE-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2392] string-match:pop3-EXE-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2393] string-match:pop3-BAT-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2394] string-match:pop3-BAT-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2395] string-match:imap-SCR-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2396] string-match:imap-SCR-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2397] string-match:imap-PIF-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2398] string-match:imap-PIF-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2399] string-match:imap-CMD-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2400] string-match:imap-CMD-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2401] string-match:imap-EXE-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2402] string-match:imap-EXE-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2403] string-match:imap-BAT-message-body:opAAZDRQAFwDmqZpmlRMRDw0(fcase =no)
[2404] string-match:imap-BAT-message-body:LGmapmkkHBQMBNM0zbL8M/Ts(fcase =no)
[2405] string-match:smtp-ZIP-message-body:m2jMCIcAAAiH(fcase =no)
[2406] string-match:smtp-ZIP-message-body:jKgF7YcAAO2H(fcase =no)
[2407] string-match:pop3-ZIP-message-body:m2jMCIcAAAiH(fcase =no)
[2408] string-match:pop3-ZIP-message-body:jKgF7YcAAO2H(fcase =no)
[2409] string-match:imap-ZIP-message-body:m2jMCIcAAAiH(fcase =no)
[2410] string-match:imap-ZIP-message-body:jKgF7YcAAO2H(fcase =no)
[2411] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5631:no
[2412] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5632:no
[2413] string-match:pktsearch-rsp-text:09\xA4\xA40(fcase =no)
[2414] string-match:pktsearch-rsp-text:00000129(fcase =no)
[2415] string-match:smtp-expn-cmd-param:\x8b\xc4\x83\xc0\x17\x50\xb8\x0e\xb5\xe9\x77\xff\xd0\x33\xdb\x53\xb8\x2d\xf3\xe8\x77\xff\xd0\x63\x6d\x64\x2e\x65\x78\x65\x0d\x0a(fcase =no)
[2416] string-match:dns-response-qname:update.messenger.yahoo.com(fcase =no)
[2417] string-match:dns-response-qname:update.pager.yahoo.com(fcase =no)
[2418] string-match:dns-response-qname:msg.yahoo.com(fcase =no)
[2419] string-match:dns-response-qname:cs.yahoo.com(fcase =no)
[2420] string-match:pktsearch-req-text:\x00File Transfer\x00(fcase =no)
[2421] string-match-ap:req-content-text:OFT2\x01\x00\x01\x01(fcase =no)(offset=0, depth=0)
[2422] string-match-ap:req-content-text:OFT2\x01\x00\x02\x02(fcase =no)(offset=0, depth=0)
[2423] string-match-ap:rsp-content-text:OFT2\x01\x00\x01\x01(fcase =no)(offset=0, depth=0)
[2424] string-match-ap:rsp-content-text:OFT2\x01\x00\x02\x02(fcase =no)(offset=0, depth=0)
[2425] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TERM(fcase =yes)
[2426] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TERMCAP(\x00|\x01)\x2f(fcase =yes)
[2427] string-match:telnet-client-environ-sb-param:(\x03|\x00|\x01)TERMCAP\x01(fcase =yes)
[2428] string-match:netbios-ss-dcerpc-req-WINREG-request-payload:R\x00A\x00S\x00\x00(fcase =no)
[2429] string-match:smtp-user-cmd-param:^bin(fcase =no)
[2430] string-match:http-req-uri-path:webspris\.cgi(fcase =yes)
[2431] string-match:http-req-uri-query-param-name:sp\.nextform(fcase =yes)
[2432] string-match:ntp-control-message-data:\xe8.\xff\xff(fcase =no)
[2433] string-match:ntp-control-message-data:\x90{12}(fcase =no)
[2434] string-match:ntp-control-message-data:\x99\x99\x99/x99(fcase =no)
[2435] string-match:ntp-control-message-data:\x9a....\x07(fcase =no)
[2436] string-match:ntp-control-message-data:\xcd\x80(fcase =no)
[2437] unsigned-gt:ntp-control-message-count:0xffffffff:0x100:no
[2438] string-match:ntp-control-message-data:stratum=\x90\x90(fcase =no)
[2439] string-match:ntp-control-message-data:xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b(fcase =no)
[2440] string-match:ntp-control-message-data:\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f(fcase =no)
[2441] string-match:pktsearch-req-text:^version(fcase =no)
[2442] string-match:pktsearch-rsp-text:^WindowsMite Server v1\.0(fcase =no)
[2443] string-match:http-req-uri-query-params:^/jsp/(fcase =yes)
[2444] string-match:http-req-uri-query-params:^? (fcase =yes)
[2445] string-match:http-req-uri-path:source\.jsp$(fcase =yes)
[2446] string-match:http-req-uri-path:realpath\.jsp(fcase =yes)
[2447] numerical-eq:netbios-ss-dcerpc-req-SRVSVC-request-op-num:0xffffffff:15:no
[2448] string-match:netbios-ss-dcerpc-req-SRVSVC-request-payload:\x01\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff(fcase =no)
[2449] string-match:smtp-invalid-cmd-text:Croot\x09\x09\x09\x09\x09\x09\x09Mprog,P=/bin(fcase =no)
[2450] string-match:smtp-invalid-cmd-text:C\x3adaemon(fcase =no)
[2451] string-match:smtp-invalid-cmd-text:Croot(fcase =no)
[2452] string-match:smtp-invalid-cmd-text:Mprog,P=/bin/(fcase =no)
[2453] string-match:upnp-req-post-uri-text:/upnp/service/WANPPPConnection(fcase =no)
[2454] string-match:upnp-req-soapaction-header-text:#GetUserName(fcase =no)
[2455] unsigned-gt:kerberos-length:0xffffffff:0xfffffffc:no
[2456] string-match:pktsearch-req-text:User-Agent: Morpheus(fcase =yes)
[2457] string-match:pktsearch-req-text:UserAgent: Morpheus(fcase =yes)
[2458] string-match:pktsearch-req-text:User-Agent: MMMM(fcase =yes)
[2459] string-match:pktsearch-req-text:User-Agent: morph(fcase =yes)
[2460] string-match:pktsearch-req-text:GNUTELLA CONNECT(fcase =yes)
[2461] string-match:http-get-req-header:User-Agent: Morpheus(fcase =yes)
[2462] string-match:http-get-req-header:UserAgent: Morpheus(fcase =yes)
[2463] string-match:http-get-req-header:User-Agent: MMMM(fcase =yes)
[2464] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5555:no
[2465] string-match:pktsearch-rsp-text:^ServeMe 1\.(fcase =no)
[2466] string-match:http-req-uri-path:\.(idc|idw|ida|idq)(fcase =yes)
[2467] string-match:http-req-uri-query-params:\x90\x90\x68\x58\xcb\xd3\x78\x01\x90\x90\x68\x58\xcb\xd3\x78\x01\x90\x90\x68\x58\xcb\xd3\x78\x01\x90\x90\x90\x90\x81\x90\xc3\x03\x8b\x00\x53\x1b\x53\xff\x78\x00\x25\x75\x30\x30(fcase =no)
[2468] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:260:no
[2469] string-match:http-req-uri-path:forms\.exe(fcase =yes)
[2470] numerical-eq:icmp-echo-reply-id:0xffffffff:9015:no
[2471] string-match:icmp-echo-reply-payload:niggahbitch(fcase =no)
[2472] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7306:no
[2473] string-match:pktsearch-rsp-text:Netspy Version (fcase =no)
[2474] string-match:pktsearch-rsp-text:Netspy Version .\.(fcase =no)
[2475] string-match:pktsearch-rsp-text:OK!\x0d\x0a(fcase =no)
[2476] string-match:rpc-call-data:\x90\x03\xe0\x34\x92\x23\xe0\x20\xa2\x02\x20\x0c(fcase =no)
[2477] string-match:pktsearch-req-text:\x90\x03\xe0\x34\x92\x23\xe0\x20\xa2\x02\x20\x0c(fcase =no)
[2478] string-match:ftp-cwd-cmd-param: **********(fcase =no)
[2479] string-match:ftp-retr-cmd-param: **********(fcase =no)
[2480] string-match:ftp-stor-cmd-param: **********(fcase =no)
[2481] string-match:ftp-stou-cmd-param: **********(fcase =no)
[2482] string-match:ftp-appe-cmd-param: **********(fcase =no)
[2483] string-match:ftp-rnfr-cmd-param: **********(fcase =no)
[2484] string-match:ftp-rnto-cmd-param: **********(fcase =no)
[2485] string-match:ftp-dele-cmd-param: **********(fcase =no)
[2486] string-match:ftp-rmd-cmd-param: **********(fcase =no)
[2487] string-match:ftp-mkd-cmd-param: **********(fcase =no)
[2488] string-match:ftp-list-cmd-param: **********(fcase =no)
[2489] string-match:ftp-nlst-cmd-param: **********(fcase =no)
[2490] string-match:ftp-stat-cmd-param: **********(fcase =no)
[2491] string-match:ftp-size-cmd-param: **********(fcase =no)
[2492] string-match:ftp-xcwd-cmd-param: **********(fcase =no)
[2493] string-match:ftp-xrmd-cmd-param: **********(fcase =no)
[2494] string-match:ftp-xmkd-cmd-param: **********(fcase =no)
[2495] string-match:ftp-mdtm-cmd-param: **********(fcase =no)
[2496] unsigned-gt:ftp-site-cmd-param-length:0xffffffff:35:no
[2497] string-match:ftp-site-cmd-param:CHOWN (fcase =yes)
[2498] unsigned-gt:http-req-if-modified-since-header-length:0xffffffff:1300:no
[2499] string-match:pktsearch-mstream-h2a-req-text:ping(fcase =no)
[2500] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:54321:no
[2501] numerical-eq:pktsearch-req-1st-4b:0xFF000000:0x21000000:no
[2502] numerical-eq:pktsearch-rsp-1st-4b:0xFF000000:0x21000000:no
[2503] unsigned-gt:ident-req-text-len:0xffffffff:127:no
[2504] numerical-eq:ident-valid-ident-req:0xffffffff:2:no
[2505] numerical-eq:ident-rsp-type:0xffffffff:3:no
[2506] numerical-eq:http-dst-port:0xffffffff:2002:no
[2507] string-match:http-req-uri-path:login\.exe(fcase =yes)
[2508] string-match:http-req-uri-query-param-name:user(fcase =yes)
[2509] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:400:no
[2510] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:33333:no
[2511] string-match:pktsearch-rsp-text:^210 Prosiak v. (fcase =no)
[2512] string-match:pktsearch-rsp-text:^210 Prosiak v\.0\.65(fcase =no)
[2513] string-match:pktsearch-rsp-text:^210 Prosiak v\.(fcase =no)
[2514] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:44444:no
[2515] string-match:pktsearch-req-text:^getinfo(fcase =no)
[2516] string-match:pktsearch-req-text:^#GUI#(fcase =no)
[2517] string-match:rpc-call-data:\x33\xDB\x33\xC0\xB0\x1B\xCD\x80\x33\xD2\x33\xc0\x8b\xDA\xb0\x06\xcd\x80\xfe\xc2\x75\xf4\x31\xc0\xb0\x02\xcd\x80(fcase =no)
[2518] string-match:pktsearch-req-text:\x33\xDB\x33\xC0\xB0\x1B\xCD\x80\x33\xD2\x33\xc0\x8b\xDA\xb0\x06\xcd\x80\xfe\xc2\x75\xf4\x31\xc0\xb0\x02\xcd\x80(fcase =no)
[2519] string-match:rpc-call-data:\xeb\x3c\x5e\x31\xc0\x88\x46\xfa\x89\x46\xf5\x89\xf7\x83\xc7\x10\x89\x3e\x4f\x47\xfe\x07\x75\xfb\x47\x89\x7e\x04\x4f\x47\xfe\x07\x75\xfb\x47\x89\x7e\x08\x4f(fcase =no)
[2520] string-match:pktsearch-req-text:\xeb\x3c\x5e\x31\xc0\x88\x46\xfa\x89\x46\xf5\x89\xf7\x83\xc7\x10\x89\x3e\x4f\x47\xfe\x07\x75\xfb\x47\x89\x7e\x04\x4f\x47\xfe\x07\x75\xfb\x47\x89\x7e\x08\x4f(fcase =no)
[2521] unsigned-gt:netbios-ss-dcerpc-mgmt-element-11:0xffffffff:4:no
[2522] unsigned-gt:dcerpc-mgmt-element-11:0xffffffff:4:no
[2523] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00i\x00s\x00p\x00l\x00a\x00y\x00q\x00u\x00e\x00u\x00e\x00m\x00e\x00s\x00g\x00s(fcase =yes)
[2524] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00i\x00s\x00p\x00l\x00a\x00y\x00q\x00u\x00e\x00u\x00e\x00m\x00e\x00s\x00g\x00s(fcase =yes)
[2525] string-match:ftp-mkd-cmd-param:\x31\xdb\x89\xd8\xb0\x17\xcd\x80(fcase =no)
[2526] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:512:no
[2527] unsigned-gt:ftp-cwd-cmd-param-length:0xffffffff:512:no
[2528] unsigned-gt:ftp-mkd-cmd-param-length:0xffffffff:200:no
[2529] string-match:http-req-uri-path:(\\|/)auktion.pl$(fcase =yes)
[2530] string-match:http-req-uri-query-param-name:menue(fcase =yes)
[2531] numerical-eq:rsh-username-client-login-length:0xffffffff:0:no
[2532] numerical-eq:rsh-client-handshake-serveruser-text-length:0xffffffff:0:no
[2533] unsigned-gt:pop3-top-cmd-param-length:0xffffffff:512:no
[2534] string-match:irc-req-invite-cmd-param:x%n%[1-9](fcase =no)
[2535] string-match:irc-req-kill-cmd-param:x%n%[1-9](fcase =no)
[2536] string-match:irc-req-privmsg-cmd-param:\xeb\x5b\x5e\x31\xc0\xb0\x02\x31\xdb\xcd\x80(fcase =no)
[2537] numerical-eq:dns-request-additional-type:0xffffffff:41:no
[2538] unsigned-gt:dns-request-additional-class:0xffffffff:32766:no
[2539] unsigned-gt:imap-copy-cmd-param-length:0xffffffff:1024:no
[2540] string-match:http-req-uri-path:quikstore\.cfg(fcase =yes)
[2541] unsigned-gt:smtp-rcpt-cmd-param-length:0xffffffff:800:no
[2542] string-match:smtp-rcpt-cmd-param:a%A%A%A%A%A(fcase =no)
[2543] unsigned-gt:http-req-uri-query-params-length:0xffffffff:2000:no
[2544] string-match:http-req-uri-path:\.jsp$(fcase =no)
[2545] string-match:pktsearch-rsp-text:^\x0d\x0d\x0aC:\\(fcase =no)
[2546] string-match:pktsearch-rsp-text:^\x0d\x0d\x0aD:\\(fcase =no)
[2547] string-match:pktsearch-rsp-text:^\x0d\x0d\x0aE:\\(fcase =no)
[2548] string-match:pktsearch-rsp-text:^\x0d\x0d\x0aF:\\(fcase =no)
[2549] string-match:pktsearch-rsp-text:^\x0d\x0d\x0aG:\\(fcase =no)
[2550] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7777:no
[2551] unsigned-gt:ftp-user-cmd-param-length:0xffffffff:240:no
[2552] string-match:ftp-pass-cmd-param:-saint(fcase =no)
[2553] string-match:http-req-uri-path:passwd\.php3$(fcase =no)
[2554] string-match:http-req-uri-query-param-name:try(fcase =yes)
[2555] string-match:http-req-uri-query-param-value:g23(fcase =yes)
[2556] string-match:http-req-uri-query-param-value:+;+(fcase =no)
[2557] string-match:pktsearch-req-text:^hidestart(fcase =no)
[2558] string-match:pktsearch-req-text:^showstart(fcase =no)
[2559] string-match:pktsearch-req-text:^hidetastbar(fcase =no)
[2560] string-match:pktsearch-req-text:^4testmessage(fcase =no)
[2561] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4545:no
[2562] string-match:smtp-message-body:[\x22\x27]jav\x26\x23X41sc\x26\x230010;ript:(fcase =yes)
[2563] string-match:smtp-message-body:javasc\x26\x230010;\x26\x230010;ript(fcase =yes)
[2564] string-match:smtp-message-body:\x3cimg src=[\x22\x27](java|vb)script:(fcase =yes)
[2565] string-match:smtp-message-body:\x3cframe src=[\x22\x27](java|vb)script:(fcase =yes)
[2566] string-match:smtp-message-body:\x3ciframe src=[\x22\x27](java|vb)script:(fcase =yes)
[2567] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:23432:no
[2568] string-match:pktsearch-rsp-text:^PAS(fcase =no)
[2569] string-match:pktsearch-req-text:^PAS (fcase =no)
[2570] string-match:pktsearch-rsp-text:^RQS 1(fcase =no)
[2571] string-match:pktsearch-req-text:^RQS(fcase =no)
[2572] numerical-eq:dcerpc-error-code:0xffffffff:12:no
[2573] numerical-eq:netbios-ss-error-code:0xffffffff:16:no
[2574] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00s\x00h\x00o\x00w\x00c\x00o\x00l\x00v(fcase =yes)
[2575] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00s\x00h\x00o\x00w\x00c\x00o\x00l\x00v(fcase =yes)
[2576] string-match:http-req-uri-path:(\\|/)active\.log$(fcase =yes)
[2577] string-match:pop3-user-cmd-param:^x#(9){100}(fcase =no)
[2578] string-match:upnp-req-before-method-text:\x90\x90\x4D\x3F\xE3\x77\x90\x90(fcase =no)
[2579] string-match:imap-lsub-cmd-param:\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b(fcase =no)
[2580] string-match:imap-lsub-cmd-param:\xeb\x35\x5e\x80\x46\x01\x30\x80\x46\x02\x30\x80\x46\x03\x30(fcase =no)
[2581] unsigned-gt:imap-lsub-cmd-param-length:0xffffffff:1024:no
[2582] string-match:lpr-receive-control-file-content:\nProot(fcase =no)
[2583] string-match:lpr-receive-control-file-content:\nU(fcase =no)
[2584] string-match:smtp-vrfy-cmd-param:\x90\x90\xEB\x53\xEB\x20\x5B\xFC(fcase =no)
[2585] numerical-eq:ident-rsp-type:0xffffffff:2:no
[2586] unsigned-gt:ident-rsp-text-len:0xffffffff:980:no
[2587] numerical-eq:pktsearch-udp-dst-port:0xffffffff:47262:no
[2588] numerical-eq:pktsearch-udp-dst-port:0xffffffff:26274:no
[2589] string-match:pktsearch-req-text:^Ping(fcase =no)
[2590] string-match:pktsearch-req-text:^\|y7MS5(fcase =no)
[2591] string-match:pktsearch-rsp-text:^Delta Source (fcase =no)
[2592] string-match:pktsearch-rsp-text:^\x68\x75\x35\x5E\x02\x3B\x42\x5D\x22\x29\x47\x29\x04\x09\x63\x22\x75(fcase =no)
[2593] string-match:ftp-mkd-cmd-param:\xb0\x3d\xcd\x80(fcase =no)
[2594] string-match:ftp-mkd-cmd-param:\xb0\x3b\xcd\x80(fcase =no)
[2595] string-match:http-req-uri-path:(\\|/)webdist\.cgi$(fcase =no)
[2596] string-match:http-req-uri-query-param-name:distloc(fcase =no)
[2597] string-match:http-req-uri-query-param-value:;(cat|cp|sendmail|/bin/|/usr/|/sbin/|/etc/)(fcase =no)
[2598] numerical-eq:dns-loop-check:0xffffffff:1:no
[2599] string-match:pktsearch-req-text:^con(fcase =no)
[2600] string-match:pktsearch-rsp-text:^con1\.08(fcase =no)
[2601] unsigned-gt:smtp-invalid-cmd-text-length:0xffffffff:1000:no
[2602] unsigned-gt:smtp-cmd-param-length:0xffffffff:1000:no
[2603] numerical-eq:smtp-command-counter:0xffffffff:1000:no
[2604] numerical-eq:rdp-protocol-anomaly:0xffffffff:1:no
[2605] unsigned-lt:rdp-rsp-text-len:0xffffffff:64:no
[2606] numerical-eq:pktsearch-dst-port:0xffffffff:27184:no
[2607] string-match:pktsearch-req-text:^stTestMessage(fcase =no)
[2608] string-match:pktsearch-rsp-text:^stAlvgus's Trojan Server(fcase =no)
[2609] numerical-eq:tds-mssql-req-type:0xffffffff:0x12:no
[2610] numerical-eq:tds-error-code:0xffffffff:3:no
[2611] numerical-eq:tds-error-code:0xffffffff:5:no
[2612] string-match:http-req-uri-path:(\\|/)cgiproc$(fcase =no)
[2613] string-match:http-req-query-param-name:Nocfile(fcase =yes)
[2614] unsigned-gt:snmp-OID-msg-qllength:0xffffffff:128:no
[2615] string-match:http-req-uri-path:owssvr\.dll(fcase =yes)
[2616] string-match:http-req-uri-query-param-value:%250D%250A(fcase =yes)
[2617] string-match:smtp-ZIP-message-body:H8ydAD4AAAA+(fcase =no)
[2618] string-match:pop3-ZIP-message-body:H8ydAD4AAAA+(fcase =no)
[2619] string-match:imap-ZIP-message-body:H8ydAD4AAAA+(fcase =no)
[2620] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:6666:no
[2621] numerical-eq:pktsearch-req-1st-4b:0xFFFFFF00:0x36363600:no
[2622] numerical-eq:pktsearch-rsp-1st-4b:0xFFFFFF00:0x36363600:no
[2623] string-match:smtp-invalid-cmd-text:^WIZ[ \t\n\r](fcase =yes)
[2624] string-match:http-req-uri-path:talkback\.cgi(fcase =yes)
[2625] string-match:http-req-uri-query-param-value:\.\.(/|\\)(fcase =yes)
[2626] string-match:rtsp-req-content-text:GET_PARAMETER / RTSP/1.0[\r\n](fcase =no)
[2627] string-match:rtsp-req-content-text:DESCRIBE / RTSP/1.0\nSession:[\r\n](fcase =no)
[2628] string-match:pktsearch-req-text:^Girl(fcase =no)
[2629] string-match:pktsearch-rsp-text:^GirlFriend Server (fcase =no)
[2630] string-match:http-req-uri-path:carbo\.dll(fcase =yes)
[2631] string-match:http-req-uri-query-param-name:icatcommand(fcase =yes)
[2632] string-match:http-req-uri-query-param-value:\.\.\\\.\.\\(fcase =yes)
[2633] string-match:http-req-uri-query-param-name:catalogname(fcase =yes)
[2634] string-match:pktsearch-rsp-text:^Vagr Nocker (fcase =no)
[2635] string-match:smtp-helo-cmd-param:all-mail\.overrun\.test(fcase =no)
[2636] string-match:smtp-mail-cmd-param:\x90\x90\x90\x90\x8b\xec\x8b\xdc\xb8\x86\xa9\xf1\x77\x33\xf6\x56\xb9\xff\xff\xff\xff\x83\xe9\xd7\x83\x6b(fcase =no)
[2637] string-match:http-req-uri-path:(\\|/)fpcount\.exe(fcase =yes)
[2638] string-match:pktsearch-req-text:X-MMS-IM-Format:(fcase =no)
[2639] string-match:pktsearch-req-text:FN=(fcase =no)
[2640] string-match:pktsearch-req-text:%20%20(fcase =no)
[2641] string-match:http-req-uri-path:(\\|/)(mylog\.html|mlog\.html|mylog\.phtml|mlog\.phtml)(fcase =no)
[2642] string-match:http-req-uri-query-param-name:screen(fcase =no)
[2643] string-match:pktsearch-rsp-text:^\x0d\x0a-------- YOU ARE(fcase =no)
[2644] string-match:pktsearch-rsp-text:^\x23\x20\x2b\x2d(fcase =no)
[2645] string-match:pktsearch-rsp-text:YAT copyright by HSE(fcase =no)
[2646] string-match:http-req-uri-path:\.bat"+(fcase =yes)
[2647] string-match:netbios-ss-smb-CREATE-filename:s\x00c\x00r\x00s\x00v\x00r\x00\.\x00e\x00x\x00e(fcase =yes)
[2648] string-match:netbios-ss-smb-CREATE-filename:scrsvr\.exe(fcase =yes)
[2649] string-match:smtp-rcpt-cmd-param:\.(com|net|org|gov|edu)\.[\r\n](fcase =no)
[2650] string-match:http-get-req-uri-path:/LoginResponse(fcase =yes)
[2651] string-match:http-get-req-header:\nCompaq-WBEM-UserName: (fcase =yes)
[2652] unsigned-gt:http-get-req-header-length:0xffffffff:420:no
[2653] numerical-eq:h225-error-code:0xffffffff:SourceAddressH323IDLengthAnomaly:no
[2654] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:20000:no
[2655] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:20001:no
[2656] string-match:pktsearch-rsp-text:^Millenium [12]\.(fcase =no)
[2657] string-match:pktsearch-req-text:^Millenium [12]\.(fcase =no)
[2658] unsigned-gt:rpc-fraglen:0xffffffff:0x7f000000:no
[2659] string-match:pktsearch-req-text:X-Kazaa-Network: Grokster\r\n(fcase =no)
[2660] string-match:http-req-header:X-Kazaa-Network: Grokster\r(fcase =no)
[2661] unsigned-gt:http-req-uri-path-length:0xffffffff:300:no
[2662] string-match:http-req-uri-path:\.printer\?(fcase =yes)
[2663] unsigned-gt:http-req-host-header-length:0xffffffff:260:no
[2664] string-match:http-req-uri-path:\.printer(fcase =yes)
[2665] string-match:http-req-host-header:\xc0\x11\x33\xc9\x66\xb9\x20\x01\x80\x30\x03\x40\xe2\xfa\xeb\x03(fcase =no)
[2666] numerical-eq:socks-v5-domainname-text-len:0xffffffff:255:no
[2667] unsigned-gt:socks-v5-domainname-text-len:0xffffffff:127:no
[2668] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4540:no
[2669] string-match:pktsearch-req-text:^swap(fcase =no)
[2670] string-match:netbios-ss-smb-open_andx-buffer:\\shadow\x00(fcase =no)
[2671] string-match:netbios-ss-smb-open_andx-buffer:\\\x00s\x00h\x00a\x00d\x00o\x00w\x00(fcase =no)
[2672] string-match:netbios-ss-smb-nt_create_andx-buffer:\\passwd\x00(fcase =no)
[2673] string-match:netbios-ss-smb-nt_create_andx-buffer:\\\x00p\x00a\x00s\x00s\x00w\x00d\x00(fcase =no)
[2674] numerical-eq:rpc-call-version:0xffffffff:10:no
[2675] numerical-eq:rpc-call-prognum:0xffffffff:100232:no
[2676] string-match:rpc-call-data:\x89\x3e\x83\xc7\x08\x88\x47\xff\x89\x7e\x04(fcase =no)
[2677] string-match:rpc-call-data:\x2f\x62\x69\x6e\x2f\x73\x68\xff\x2d\x63\xff(fcase =no)
[2678] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x87\x88\x00\x00\x00\x0a\x00\x00\x00\x01(fcase =no)
[2679] string-match:pktsearch-req-text:\x89\x3e\x83\xc7\x08\x88\x47\xff\x89\x7e\x04(fcase =no)
[2680] string-match:pktsearch-req-text:\x2f\x62\x69\x6e\x2f\x73\x68\xff\x2d\x63\xff(fcase =no)
[2681] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00c\x00r\x00e\x00a\x00t\x00e\x00p\x00r\x00i\x00v\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[2682] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00c\x00r\x00e\x00a\x00t\x00e\x00p\x00r\x00i\x00v\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[2683] string-match:http-req-uri-path:/doc/(fcase =no)
[2684] string-match:http-req-uri-path:/packages$(fcase =no)
[2685] string-match:http-req-uri-path:(\\|/)shtml\.(exe|dll)(\\|/)(fcase =yes)
[2686] string-match:http-req-uri-path:\.(asp|shtml|html)(fcase =yes)
[2687] string-match:http-req-uri-path:\.(asp|asa)%3(F|f)+\.htr(fcase =yes)
[2688] string-match:pktsearch-req-text:\x44\xff\xff\x02(fcase =no)
[2689] string-match:pktsearch-req-text:\x3c\x60\x2f\x73\x60\x63\x68\x01\x38\x63\xff(fcase =no)
[2690] string-match:pktsearch-req-text:\x7c\x65\x1b\x78\x7c\x63\x1a\x78\x44\xff\xff\x02(fcase =no)
[2691] string-match:http-post-req-message-body:y3k(@|%40)server\.y3k(fcase =no)
[2692] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:667:no
[2693] string-match:pktsearch-req-text:^cmdping(fcase =no)
[2694] string-match:pktsearch-rsp-text:^pingback(fcase =no)
[2695] numerical-eq:portmapper-call-version:0xffffffff:2:no
[2696] numerical-eq:portmapper-call-prognum:0xffffffff:100000:no
[2697] numerical-eq:portmapper-call-procedure:0xffffffff:4:no
[2698] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00e\x00a\x00d\x00p\x00k\x00f\x00r\x00o\x00m\x00v\x00a\x00r\x00b\x00i\x00n\x00 (fcase =yes)
[2699] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00e\x00a\x00d\x00p\x00k\x00f\x00r\x00o\x00m\x00v\x00a\x00r\x00b\x00i\x00n\x00 (fcase =yes)
[2700] string-match:http-req-uri-path:bb-hostsvc\.sh$(fcase =no)
[2701] string-match:http-req-uri-query-param-name:HOSTSVC(fcase =yes)
[2702] string-match:http-req-uri-query-param-value:/\.\.(/|\\)(fcase =no)
[2703] unsigned-gt:pktsearch-calicense-req-pktlen:0xffffffff:100:no
[2704] string-match:pktsearch-calicense-req-text: GCR CHECKSUMS(fcase =no)
[2705] unsigned-gt:pktsearch-calicense-req-pktlen:0xffffffff:200:no
[2706] string-match:pktsearch-calicense-req-text: GCR HOSTNAME(fcase =no)
[2707] string-match:pktsearch-calicense-req-text: GCR NETWORK(fcase =no)
[2708] unsigned-gt:pktsearch-calicense-req-pktlen:0xffffffff:226:no
[2709] string-match:pktsearch-calicense-req-text: GETCONFIG SELF(fcase =no)
[2710] unsigned-gt:pktsearch-calicense-req-pktlen:0xffffffff:300:no
[2711] string-match:pktsearch-calicense-req-text: PUTOLF (fcase =no)
[2712] string-match:irc-req-user-cmd-param:\xb0\x29\xcd\x80(fcase =no)
[2713] string-match:irc-req-user-cmd-param:\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80(fcase =no)
[2714] string-match:irc-req-user-cmd-param:\xb0\x10\x89\x46\x08\xb0\x66\xfe\xc3\xcd\x80(fcase =no)
[2715] unsigned-gt:rlogin-login-fail-counter:0xffffffff:0:no
[2716] string-match:pktsearch-rsp-text:Optix (fcase =no)
[2717] string-match:pktsearch-rsp-text:Optix Pro v(fcase =no)
[2718] string-match:pktsearch-rsp-text:Connected Successfully!\x0d\x0a(fcase =no)
[2719] unsigned-gt:smtp-url-length:0xffffffff:256:no
[2720] string-match:smtp-expn-cmd-param:decode(fcase =no)
[2721] string-match:smtp-vrfy-cmd-param:decode(fcase =no)
[2722] string-match:smtp-rcpt-cmd-param:\x3cdecode\x3c(fcase =no)
[2723] string-match:smtp-rcpt-cmd-param:\x22decode\x22(fcase =no)
[2724] string-match:smtp-rcpt-cmd-param:[ \t]decode[ \t\r\n](fcase =no)
[2725] string-match:http-get-req-uri-path:(\\|/)tbl_copy\.php(fcase =yes)
[2726] string-match:http-get-req-uri-query-param-name:strCopyTableOK(fcase =no)
[2727] string-match:http-get-req-uri-query-param-value:\.passthru(fcase =no)
[2728] string-match:http-get-req-uri-path:(\\|/)tbl_rename\.php(fcase =yes)
[2729] string-match:http-get-req-uri-query-param-name:strRenameTableOK(fcase =no)
[2730] numerical-eq:h225-error-code:0xffffffff:SourceAddressEmailLengthAnomaly:no
[2731] string-match:telnet-server-data-text:^Truva Server v1.2 (fcase =no)
[2732] string-match:tds-mssql-client-query-payload:\x39\x20\xd0\x00\x92\x01\xc2\x00\x52\x00\x55\x00\x39\x20\xec\x00(fcase =no)
[2733] string-match:tds-mssql-client-query-payload:\x48\x00\x25\x00\x78\x00\x77\x00\x90\x00\x90\x00\x90\x00\x90\x00\x90\x00\x33\x00\xc0\x00\x50\x00\x68\x00\x2e\x00(fcase =no)
[2734] unsigned-gt:tds-mssql-query-req-packet-length:0xffffffff:1024:no
[2735] string-match:netbios-ss-tds-client-query-payload:\x39\x20\xd0\x00\x92\x01\xc2\x00\x52\x00\x55\x00\x39\x20\xec\x00(fcase =no)
[2736] string-match:netbios-ss-tds-client-query-payload:\x48\x00\x25\x00\x78\x00\x77\x00\x90\x00\x90\x00\x90\x00\x90\x00\x90\x00\x33\x00\xc0\x00\x50\x00\x68\x00\x2e\x00(fcase =no)
[2737] unsigned-gt:netbios-ss-tds-client-query-packet-length:0xffffffff:1024:no
[2738] string-match:http-req-uri-path:pccsmysqladm(fcase =no)
[2739] string-match:http-req-uri-path:incs(\\|/)(fcase =no)
[2740] string-match:http-req-uri-path:(\\|/)dbconnect\.inc$(fcase =no)
[2741] unsigned-gt:tns-req-ksdwrt-param-text-len:0xffffffff:128:no
[2742] unsigned-gt:snmp-err-index-msg-qllength:0xffffffff:4:no
[2743] unsigned-gt:snmp-err-index-length-of-length:0xffffffff:2:no
[2744] string-match:tftp-rrq-filename:hello\.all(fcase =yes)
[2745] string-match:http-req-uri-path: (http|ftp)://\[( |?|/|#)(fcase =yes)
[2746] string-match:http-req-uri-path: (http|ftp)://\[:( |?|/|#)(fcase =yes)
[2747] string-match:mysql-req-authenticate-payload:root(fcase =yes)
[2748] string-match:mysql-rsp-error-payload:Access denied for user(fcase =yes)
[2749] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:32100:no
[2750] string-match:pktsearch-rsp-text:^Accept,(fcase =no)
[2751] string-match:http-req-uri-path:asp\x80#80$(fcase =yes)
[2752] string-match:http-req-uri-path:asp\x80#80[ \t](fcase =yes)
[2753] string-match:icmp-echo-payload:+++ATH0(fcase =no)
[2754] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:13473:no
[2755] string-match:pktsearch-req-text:^sndmsg\\(fcase =no)
[2756] string-match:pktsearch-req-text:^get(fcase =no)
[2757] string-match:rpc-call-data:\xc0\x2c\x7f\xff\xe2\x22\x3f\xf4\xa2\x04\x60\x03\xc0\x2c\x7f\xff\xe2\x22\x3f\xf8(fcase =no)
[2758] string-match:pktsearch-req-text:\xc0\x2c\x7f\xff\xe2\x22\x3f\xf4\xa2\x04\x60\x03\xc0\x2c\x7f\xff\xe2\x22\x3f\xf8(fcase =no)
[2759] string-match:tds-mssql-client-query-payload:\x0a\x00x\x00p\x00_\x00(fcase =yes)
[2760] string-match:tds-mssql-client-query-payload:^x\x00p\x00_\x00(fcase =yes)
[2761] unsigned-gt:tds-mssql-query-req-packet-length:0xffffffff:1000:no
[2762] string-match:netbios-ss-tds-client-query-payload:\x0a\x00x\x00p\x00_\x00(fcase =yes)
[2763] string-match:netbios-ss-tds-client-query-payload:^x\x00p\x00_\x00(fcase =yes)
[2764] unsigned-gt:netbios-ss-tds-client-query-packet-length:0xffffffff:1000:no
[2765] string-match:http-req-uri-path:^(/)?pls/admin_/$(fcase =yes)
[2766] string-match:telnet-server-data-text:WinGate>(fcase =no)
[2767] string-match:telnet-client-data-text:localhost(fcase =no)
[2768] string-match:telnet-server-data-text:Connecting to host localhost\.\.\.Connected(fcase =no)
[2769] string-match:telnet-server-data-text:Connecting to host localhost\.\.\.Out of buffers(fcase =no)
[2770] string-match:telnet-client-data-text:localhost\nlocalhost\nlocalhost(fcase =no)
[2771] string-match:telnet-client-data-text:localhost\r\nlocalhost\r\nlocalhost(fcase =no)
[2772] string-match:http-req-header:Host: /(fcase =no)
[2773] numerical-eq:pptp-req-control-msg-code:0xffffffff:7:no
[2774] string-match:pptp-req-text:\x00\x03\x00\x03\x00\x00\x00\x00(fcase =no)
[2775] numerical-eq:lpr-command-code:0xffffffff:77:no
[2776] string-match:lpr-unsupport-cmd-buffer:user\n(fcase =no)
[2777] string-match:smtp-message-body:mailto:&quot;,/c,,/m,,/folder,&quot;javascr(fcase =yes)
[2778] string-match:smtp-message-body:<img src\x3d\x22mailto:(fcase =yes)
[2779] string-match:finger-client-data-text:^root(\r)?$(fcase =no)
[2780] string-match:finger-client-data-text: root(\r)?$(fcase =no)
[2781] string-match:ident-rsp-text:(%|$)n%(fcase =no)
[2782] string-match:ident-rsp-text:(%|$)hn%(fcase =no)
[2783] string-match:http-req-uri-query-param-name:CiWebHitsFile(fcase =yes)
[2784] string-match:http-req-uri-query-param-value:\.asp $(fcase =yes)
[2785] string-match:pktsearch-req-text:^lIST(fcase =no)
[2786] string-match:pktsearch-req-text:^CDOPEN(fcase =no)
[2787] string-match:pktsearch-req-text:^NETSTAT(fcase =no)
[2788] string-match:pktsearch-req-text:^TIME(fcase =no)
[2789] string-match:pktsearch-req-text:^DATE(fcase =no)
[2790] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1257:no
[2791] string-match:pktsearch-rsp-text:^Frenzy 1\.01\x0d\x0a(fcase =no)
[2792] string-match:pktsearch-rsp-text:^Frenzy 2000\x0d\x0a(fcase =no)
[2793] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:12043:no
[2794] string-match:pktsearch-req-text:^icggui(fcase =no)
[2795] string-match:pktsearch-rsp-text:^ICQON\x00ICU(fcase =no)
[2796] unsigned-in-range:netbios-ss-dcerpc-req-WKSSVC-op-num:0xffffffff:0x10:0x1e::no
[2797] unsigned-gt:netbios-ss-dcerpc-req-WKSSVC-frag-length:0xffffffff:2000:no
[2798] unsigned-in-range:dcerpc-udp-req-WKSSVC-request-udp-op-num:0xffffffff:0x10:0x1e::no
[2799] unsigned-gt:dcerpc-udp-WKSSVC-request-udp-length:0xffffffff:2000:no
[2800] unsigned-in-range:dcerpc-WKSSVC-request-op-num:0xffffffff:0x10:0x1e::no
[2801] unsigned-gt:dcerpc-req-WKSSVC-request-frag-length:0xffffffff:2000:no
[2802] string-match:ftp-pass-cmd-param:(%|$)hn%(fcase =no)
[2803] string-match:ftp-pass-cmd-param:(%|$)n%(fcase =no)
[2804] string-match:ftp-pass-cmd-param:\x90\x1B\xC0\x0F\x82\x10\x20\x17\x91\xD0\x20\x08(fcase =no)
[2805] string-match:http-req-uri-path:(\\|/)shtml\.exe(fcase =yes)
[2806] string-match:http-req-uri-path:(\\|/)(com1|com2|com3|com4|prn|aux)\.htm$(fcase =yes)
[2807] string-match:http-req-uri-path:cgi-bin/printenv(fcase =no)
[2808] string-match:http-req-uri-path:perl/printenv(fcase =no)
[2809] string-match:http-req-uri-path:/user\.cgi(fcase =yes)
[2810] string-match:http-req-uri-query-param-name:page(fcase =yes)
[2811] string-match:http-req-uri-query-param-value:\.\./\.\.(fcase =no)
[2812] unsigned-gt:rsync-client-checksum-count:0xffffffff:0x071c71c7:no
[2813] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:23006:no
[2814] string-match:pktsearch-rsp-text:FE20starting funny Mouse(fcase =yes)
[2815] string-match:pktsearch-req-text:^0400004(fcase =no)
[2816] string-match:pktsearch-rsp-text:FE1[78]Taskbar(fcase =yes)
[2817] string-match:pktsearch-req-text:^00010B0(fcase =no)
[2818] string-match:http-req-uri-path:\.php(fcase =no)
[2819] string-match:http-req-cookie-header:phpbb2mysql_data=(fcase =no)
[2820] string-match:http-req-cookie-header:%22autologinid%22%3Bb%3A1%3Bs%3A6%3A(fcase =no)
[2821] unsigned-gt:finger-space-counter:0xffffffff:20:no
[2822] string-match:finger-client-data-text: b (fcase =no)
[2823] string-match:pktsearch-rsp-text:^TARGET'S USERNAME: (fcase =no)
[2824] string-match:pktsearch-rsp-text:^Remote: You are connected to me\.(fcase =no)
[2825] string-match:pktsearch-rsp-text:^INIRemote: You are connected to me\.(fcase =no)
[2826] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00i\x00s\x00p\x00l\x00a\x00y\x00p\x00a\x00r\x00a\x00m\x00s\x00t\x00m\x00t(fcase =yes)
[2827] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00i\x00s\x00p\x00l\x00a\x00y\x00p\x00a\x00r\x00a\x00m\x00s\x00t\x00m\x00t(fcase =yes)
[2828] string-match:http-req-uri-path:wsisa\.dll(\\|/)WService=(fcase =yes)
[2829] string-match:http-req-uri-query-params:^WSMadmin(fcase =yes)
[2830] numerical-eq:dns-type:0xffffffff:24:no
[2831] unsigned-gt:dns-rdlength:0xffffffff:2048:no
[2832] string-match:http-req-uri-path:tmp_view\.php(fcase =yes)
[2833] string-match:http-req-uri-path:admbrowse\.php(fcase =yes)
[2834] string-match:http-req-uri-query-params:down=1(fcase =yes)
[2835] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5401:no
[2836] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5402:no
[2837] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:4666:no
[2838] string-match:pktsearch-rsp-text:^Mneah Remote Control, 1\.0(fcase =no)
[2839] string-match:pktsearch-rsp-text:^Meah v0\.1 ready\.(fcase =no)
[2840] numerical-eq:ssl-error-code:0xffffffff:constructed-primitive-type:no
[2841] string-match:pktsearch-rsp-text:<DIR>          \.\.\r\n(fcase =no)
[2842] string-match:pktsearch-rsp-text:\r\n\r\nDirectory of (fcase =no)
[2843] string-match:pktsearch-rsp-text:File Not Found\r\n(fcase =no)
[2844] string-match:pktsearch-req-text:dir( |\r\n)(fcase =no)
[2845] string-match:pktsearch-rsp-text:Volume Serial Number is (fcase =no)
[2846] string-match:pktsearch-rsp-text:\r\nAccess is denied\.\r\n(fcase =no)
[2847] string-match:pktsearch-rsp-text:The command completed successfully\.\r\n(fcase =no)
[2848] string-match:pktsearch-req-text:net (fcase =no)
[2849] string-match:pktsearch-rsp-text:Transfer successful:(fcase =no)
[2850] string-match:pktsearch-rsp-text:Error on server :(fcase =no)
[2851] string-match:pktsearch-req-text:tftp(fcase =no)
[2852] string-match:pktsearch-req-text:get(fcase =no)
[2853] numerical-eq:pktsearch-win-sh-counter:0xffffffff:2:no
[2854] string-match-ap:rsp-content-text:Microsoft\(R\) Windows NT\(TM\)(fcase =no)(offset=0, depth=0)
[2855] string-match-ap:rsp-content-text:Microsoft Windows 2000 \[Version 5\.00(fcase =no)(offset=0, depth=0)
[2856] string-match-ap:rsp-content-text:Microsoft Windows XP \[Version 5\..\.(fcase =no)(offset=0, depth=0)
[2857] string-match-ap:rsp-content-text:Microsoft Windows \[Version 5\..\.(fcase =no)(offset=0, depth=0)
[2858] numerical-eq:ssrs-cmd:0xffffffff:5:no
[2859] unsigned-gt:ssrs-req-pktlen:0xffffffff:256:no
[2860] numerical-eq:ssrs-invalid-flow:0xffffffff:1:no
[2861] string-match:ssrs-req-text:;;;(fcase =no)
[2862] unsigned-gt:ssrs-req-pktlen:0xffffffff:512:no
[2863] numerical-eq:ssrs-invalid-flow:0xffffffff:2:no
[2864] string-match:http-req-uri-path:(\\|/)convert\.bas$(fcase =yes)
[2865] string-match:http-req-uri-path:^(/)?ows-bin/(fcase =no)
[2866] string-match:http-req-uri-path:bat\x3F\x26(fcase =no)
[2867] string-match:http-req-uri-path:\.bat(fcase =no)
[2868] numerical-eq:smtp-error-code:0xffffffff:XEXCH50-FORMAT-ERROR:no
[2869] unsigned-gt:smtp-xexch50-size:0xffffffff:0x80000000:no
[2870] numerical-eq:finger-server-data-text-len:0xffffffff:38:no
[2871] numerical-eq:finger-server-data-text-len:0xffffffff:39:no
[2872] string-match:finger-server-data-text:That user does not want to be fingered(fcase =no)
[2873] string-match:http-req-uri-path:(\\|/)nph-test-cgi(fcase =yes)
[2874] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1441:no
[2875] string-match:pktsearch-req-text:^Hu r u?\x0d\x0a(fcase =no)
[2876] string-match:pktsearch-rsp-text:^FreeServ\x0d\x0a(fcase =no)
[2877] string-match:pktsearch-rsp-text:^ServerProt => Need Pass\.\.\.\x0d\x0a(fcase =no)
[2878] string-match:http-req-uri-path:cfcache\.map(fcase =yes)
[2879] string-match:pktsearch-req-text:^xchello(fcase =no)
[2880] string-match:pktsearch-rsp-text:^xrR_Server version:(fcase =no)
[2881] string-match:ssl-req-content-text:\xb0\xa4\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80(fcase =no)
[2882] string-match:ssl-req-content-text:\.bugtraq(fcase =no)
[2883] string-match:ssl-req-content-text:\.cinik(fcase =no)
[2884] string-match:ssl-req-content-text:\.unlock(fcase =no)
[2885] string-match:ssl-req-content-text:/tmp/script\.sh(fcase =no)
[2886] string-match:pktsearch-req-text:^VERSI(fcase =no)
[2887] string-match:pktsearch-rsp-text:^VERSI(fcase =no)
[2888] string-match:pktsearch-rsp-text:^VERSI \(TheTheef\) - v1\.2(fcase =no)
[2889] string-match:pktsearch-rsp-text:^VERSI \(TheTheef\) - v1\.3(fcase =no)
[2890] unsigned-gt:ftp-cmd-param-length:0xffffffff:256:no
[2891] string-match:ftp-cmd-param:%.%.%.%.%.%.(fcase =no)
[2892] string-match:http-req-uri-path:(\\|/)wguest\.exe$(fcase =yes)
[2893] string-match:http-req-query-param-name:template(fcase =yes)
[2894] string-match:http-req-query-param-value:c:\\winnt\\system32\\(fcase =yes)
[2895] numerical-eq:dns-request-hdr-opcode:0xffffffff:1:no
[2896] numerical-eq:dns-request-answer-type:0xffffffff:1:no
[2897] numerical-eq:dns-request-answer-class:0xffffffff:1:no
[2898] string-match:dns-request-answer-rdata:(\xeb\x6e\x5e\xc6\x06\x9a\x31\xc9\x89\x4e\x01|\x80\xe8\xd7\xff\xff\xff/bin/sh)(fcase =no)
[2899] string-match:dns-request-answer-rdata:(\xff\xff\xff/usr/bin/X11/xterm\xff-display|\xe8\xd7\xff\xff\xff/tmp/hi)(fcase =no)
[2900] unsigned-gt:dns-request-answer-host-addr-length:0xffffffff:4:no
[2901] unsigned-gt:dns-request-answer-host-addr-length:0xffffffff:1500:no
[2902] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1218:no
[2903] string-match:pktsearch-rsp-text:Connection to (fcase =no)
[2904] string-match:pktsearch-rsp-text:Schneckenkorn V1\.0(fcase =no)
[2905] string-match:smtp-helo-cmd-param:\x90\x90\x90\x90\x90\x90\x90\xbb\x10(fcase =no)
[2906] unsigned-gt:http-req-uri-query-params-length:0xffffffff:10240:no
[2907] string-match:pktsearch-req-text:^\|FOLDERS\|(fcase =no)
[2908] string-match:pktsearch-rsp-text:^\|FOLDERS\|(fcase =no)
[2909] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00e\x00l\x00e\x00t\x00e\x00p\x00r\x00i\x00v\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[2910] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00e\x00l\x00e\x00t\x00e\x00p\x00r\x00i\x00v\x00a\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[2911] string-match:http-req-uri-path:\.asp::\$DATA(fcase =yes)
[2912] unsigned-gt:snmp-set-varbind-value-field-length:0xffffffff:256:no
[2913] string-match:snmp-set-varbind-object-id-field:^\x2b\x06\x01\x02\x01\x01\x05(fcase =no)
[2914] string-match:smtp-EXE-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2915] string-match:smtp-EXE-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2916] string-match:smtp-COM-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2917] string-match:smtp-COM-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2918] string-match:smtp-BAT-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2919] string-match:smtp-BAT-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2920] string-match:smtp-CMD-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2921] string-match:smtp-CMD-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2922] string-match:smtp-PIF-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2923] string-match:smtp-PIF-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2924] string-match:smtp-SCR-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2925] string-match:smtp-SCR-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2926] string-match:smtp-ZIP-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2927] string-match:smtp-ZIP-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2928] string-match:smtp-ZIP-message-body:OJW/Oc7U9a7Y5dhFO2iRJN6q(fcase =no)
[2929] string-match:smtp-ZIP-message-body:0KJ1U5wXTjzcEHrA8GkNdyi+(fcase =no)
[2930] string-match:smtp-ZIP-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[2931] string-match:smtp-ZIP-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[2932] string-match:pop3-EXE-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2933] string-match:pop3-EXE-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2934] string-match:pop3-COM-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2935] string-match:pop3-COM-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2936] string-match:pop3-BAT-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2937] string-match:pop3-BAT-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2938] string-match:pop3-CMD-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2939] string-match:pop3-CMD-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2940] string-match:pop3-PIF-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2941] string-match:pop3-PIF-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2942] string-match:pop3-SCR-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2943] string-match:pop3-SCR-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2944] string-match:pop3-ZIP-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2945] string-match:pop3-ZIP-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2946] string-match:pop3-ZIP-message-body:OJW/Oc7U9a7Y5dhFO2iRJN6q(fcase =no)
[2947] string-match:pop3-ZIP-message-body:0KJ1U5wXTjzcEHrA8GkNdyi+(fcase =no)
[2948] string-match:pop3-ZIP-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[2949] string-match:pop3-ZIP-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[2950] string-match:imap-EXE-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2951] string-match:imap-EXE-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2952] string-match:imap-COM-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2953] string-match:imap-COM-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2954] string-match:imap-BAT-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2955] string-match:imap-BAT-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2956] string-match:imap-CMD-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2957] string-match:imap-CMD-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2958] string-match:imap-PIF-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2959] string-match:imap-PIF-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2960] string-match:imap-SCR-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2961] string-match:imap-SCR-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2962] string-match:imap-ZIP-message-body:8DiVvznO1PWu2OXYRTtokSTe(fcase =no)
[2963] string-match:imap-ZIP-message-body:qtCidVOcF0483BB6wPBpDXco(fcase =no)
[2964] string-match:imap-ZIP-message-body:OJW/Oc7U9a7Y5dhFO2iRJN6q(fcase =no)
[2965] string-match:imap-ZIP-message-body:0KJ1U5wXTjzcEHrA8GkNdyi+(fcase =no)
[2966] string-match:imap-ZIP-message-body:lb85ztT1rtjl2EU7aJEk3qrQ(fcase =no)
[2967] string-match:imap-ZIP-message-body:onVTnBdOPNwQesDwaQ13KL4e(fcase =no)
[2968] string-match:telnet-server-data-text:Bus Error\r\n(fcase =no)
[2969] string-match:telnet-server-data-text:Segmentation fault\r\n(fcase =no)
[2970] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1981:no
[2971] numerical-eq:pktsearch-rsp-1st-4b:0xFFFFFF00:0x30303100:no
[2972] string-match:http-req-uri-path:(<|lt;)script(>|&gt;)(fcase =yes)
[2973] string-match:http-req-uri-path:/file/(fcase =yes)
[2974] string-match:netbios-ss-smb-tree_connect_andx-buffer:::(fcase =no)
[2975] string-match:netbios-ss-smb-tree_connect_andx-buffer::(/|\\)bin(/|\\)sh(fcase =yes)
[2976] string-match:netbios-ss-smb-tree_connect_andx-buffer::\x00:\x00(fcase =no)
[2977] string-match:netbios-ss-smb-tree_connect_andx-buffer:\x00:\x00(/|\\)B\x00I\x00N\x00(/|\\)\x00S\x00H(fcase =yes)
[2978] string-match:irc-rsp-message:\.(advscan|asc) (fcase =yes)
[2979] string-match:irc-rsp-message:\.(scanall|sa) (fcase =yes)
[2980] string-match:irc-rsp-message:\.(scanstat|scanstop)(fcase =yes)
[2981] string-match:irc-rsp-message:\.(scandel|stat) (fcase =yes)
[2982] string-match:irc-rsp-message:\.ddos\.(syn|ack|random) \x30#f0(fcase =yes)
[2983] string-match:irc-rsp-message:\.(syn|synflood) \x30#f0(fcase =yes)
[2984] string-match:irc-rsp-message:\.(udp|udpflood) (fcase =yes)
[2985] string-match:irc-rsp-message:\.(tcp|tcpflood) (syn|ack|random) \x30#f0(fcase =yes)
[2986] string-match:irc-rsp-message:\.(ping|pingflood) (fcase =yes)
[2987] string-match:irc-rsp-message:\.(icmpflood|imcp) \x30#f0(fcase =yes)
[2988] string-match:irc-rsp-message:\.ddos\.stop(fcase =yes)
[2989] string-match:irc-rsp-message:\.synstop(fcase =yes)
[2990] string-match:irc-rsp-message:\.pingstop(fcase =yes)
[2991] string-match:irc-rsp-message:\.udpstop(fcase =yes)
[2992] string-match:irc-rsp-message:\.(update|up) (http|ftp)://(fcase =yes)
[2993] string-match:irc-rsp-message:\.(download|dl) (http|ftp)://(fcase =yes)
[2994] string-match:irc-rsp-message::\.(execute|e) (fcase =yes)
[2995] string-match:irc-rsp-message:\.(findfile|ff) (fcase =yes)
[2996] string-match:irc-rsp-message:\.(rename|mv) (fcase =yes)
[2997] string-match:irc-rsp-message:\.filefilestopp (fcase =yes)
[2998] string-match:irc-rsp-message:\.email (fcase =yes)
[2999] string-match:irc-rsp-message:\.(clone|c) (fcase =yes)
[3000] string-match:irc-rsp-message:\.(clonestop) \x30#f0(fcase =yes)
[3001] string-match:irc-rsp-message:\.(c_raw|c_r) \x30#f0(fcase =yes)
[3002] string-match:irc-rsp-message:\.(c_mode|c_m) \x30#f0(fcase =yes)
[3003] string-match:irc-rsp-message:\.(c_nick|c_n) \x30#f0(fcase =yes)
[3004] string-match:irc-rsp-message:\.(c_join|c_j) \x30#f0(fcase =yes)
[3005] string-match:irc-rsp-message:\.(c_part|c_p) \x30#f0(fcase =yes)
[3006] string-match:irc-rsp-message:\.(c_privmsg|c_pm) \x30#f0(fcase =yes)
[3007] string-match:irc-rsp-message:\.(c_action|c_a) \x30#f0(fcase =yes)
[3008] string-match:http-req-uri:/?PageServices(fcase =yes)
[3009] numerical-eq:portmapper-call-procedure:0xffffffff:1:no
[3010] numerical-eq:portmapper-call-procedure:0xffffffff:2:no
[3011] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00u\x00n\x00p\x00a\x00c\x00k\x00c\x00a\x00b\x00 (fcase =yes)
[3012] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00u\x00n\x00p\x00a\x00c\x00k\x00c\x00a\x00b\x00 (fcase =yes)
[3013] numerical-eq:pktsearch-cabrightstor-counter:0xffffffff:2:no
[3014] string-match:irc-rsp-topic-msg-param:\x4b\x88\x23\xb8....\xff\xd0(fcase =no)
[3015] string-match:irc-rsp-topic-msg-param:\x83\xc3\x04\x88\x23\xb8....\xff\xd0(fcase =no)
[3016] string-match:irc-rsp-topic-msg-param:\xe8..\xff\xff(fcase =no)
[3017] string-match:rlogin-server-data-text:\$ $(fcase =no)
[3018] string-match:rlogin-server-data-text:\# $(fcase =no)
[3019] string-match:rlogin-server-data-text:\% $(fcase =no)
[3020] string-match:rlogin-server-data-text:\] $(fcase =no)
[3021] unsigned-gt:http-req-uri-query-params-length:0xffffffff:120:no
[3022] string-match:http-req-uri-path:gozilla.cgi(fcase =yes)
[3023] string-match:http-req-uri-query-params:syspasswd(fcase =yes)
[3024] string-match:http-req-uri-query-params:syspasswdconfig(fcase =yes)
[3025] numerical-eq:dhcp-req-cf-bootfile-f4b:0xffffffff:0x90909090:no
[3026] unsigned-gt:dhcp-req-cf-pktlen:0xffffffff:1000:no
[3027] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1991:no
[3028] string-match:pktsearch-rsp-text:^\x1b\x5b\x32\x4a\x1b\x5b\x34\x30\x6d\x1b\x5b\x33\x37\x6dPitFall(fcase =no)
[3029] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:11991:no
[3030] string-match:pktsearch-rsp-text:^A01\x08A03PitFall (fcase =no)
[3031] string-match:http-req-uri-path:php\.exe$(fcase =yes)
[3032] string-match:http-req-uri-query-params:(c|d):\x5c(fcase =yes)
[3033] string-match:smtp-mail-cmd-param:\x3a\x20\x22\x7c(fcase =no)
[3034] string-match:http-req-uri-path:\.php(fcase =yes)
[3035] string-match:http-req-uri-query-param-name:includedir(fcase =yes)
[3036] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10001:no
[3037] string-match:pktsearch-req-text:^dtr\x06\x02(fcase =no)
[3038] numerical-eq:h225-error-code:0xffffffff:DestinationEmailLengthAnomaly:no
[3039] numerical-eq:pktsearch-udp-dst-port:0xffffffff:5882:no
[3040] numerical-eq:pktsearch-udp-dst-port:0xffffffff:5888:no
[3041] string-match:pktsearch-req-text:^Y3K(fcase =no)
[3042] string-match:pktsearch-rsp-text:^con(fcase =no)
[3043] string-match:pktsearch-req-text:^ftp(fcase =no)
[3044] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5880:no
[3045] string-match:pktsearch-rsp-text:^host(fcase =no)
[3046] string-match:pktsearch-req-text:^getclient(fcase =no)
[3047] string-match:pktsearch-rsp-text:^thepwd(fcase =no)
[3048] string-match:pktsearch-req-text:^thepwd(fcase =no)
[3049] string-match:ftp-retr-cmd-param: |(fcase =no)
[3050] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00u\x00p\x00d\x00a\x00t\x00e\x00c\x00o\x00l\x00v\x00b\x00m(fcase =yes)
[3051] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00u\x00p\x00d\x00a\x00t\x00e\x00c\x00o\x00l\x00v\x00b\x00m(fcase =yes)
[3052] string-match:http-req-uri-path:^///cgi-bin(fcase =no)
[3053] string-match:ftp-rsp-text:Oracle XML DB(fcase =no)
[3054] string-match:ftp-invalid-cmd-text:^UNLOCK(fcase =no)
[3055] unsigned-gt:ftp-invalid-cmd-text-length:0xffffffff:800:no
[3056] string-match:ftp-invalid-cmd-text:^TEST(fcase =no)
[3057] unsigned-gt:ftp-user-cmd-param-length:0xffffffff:800:no
[3058] string-match:smtp-SCR-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3059] string-match:smtp-SCR-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3060] string-match:smtp-EXE-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3061] string-match:smtp-EXE-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3062] string-match:smtp-COM-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3063] string-match:smtp-COM-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3064] string-match:smtp-CPL-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3065] string-match:smtp-CPL-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3066] string-match:smtp-VBS-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3067] string-match:smtp-VBS-message-body:68,90,145,73,242,127,60,(fcase =no)
[3068] string-match:smtp-HTA-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3069] string-match:smtp-HTA-message-body:68,90,145,73,242,127,60,(fcase =no)
[3070] string-match:pop3-SCR-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3071] string-match:pop3-SCR-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3072] string-match:pop3-EXE-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3073] string-match:pop3-EXE-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3074] string-match:pop3-COM-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3075] string-match:pop3-COM-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3076] string-match:pop3-CPL-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3077] string-match:pop3-CPL-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3078] string-match:pop3-VBS-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3079] string-match:pop3-VBS-message-body:68,90,145,73,242,127,60,(fcase =no)
[3080] string-match:pop3-HTA-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3081] string-match:pop3-HTA-message-body:68,90,145,73,242,127,60,(fcase =no)
[3082] string-match:imap-SCR-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3083] string-match:imap-SCR-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3084] string-match:imap-EXE-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3085] string-match:imap-EXE-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3086] string-match:imap-COM-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3087] string-match:imap-COM-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3088] string-match:imap-CPL-message-body:jfs5kirbc34RHDlQYOQRVvqS(fcase =no)
[3089] string-match:imap-CPL-message-body:ADnU8LwJ+gXKWJKCyLFHjyEZ(fcase =no)
[3090] string-match:imap-VBS-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3091] string-match:imap-VBS-message-body:68,90,145,73,242,127,60,(fcase =no)
[3092] string-match:imap-HTA-message-body:121,51,106,116,43,80,7,7(fcase =no)
[3093] string-match:imap-HTA-message-body:68,90,145,73,242,127,60,(fcase =no)
[3094] string-match:http-req-uri-path:/viewtopic\.php(fcase =yes)
[3095] string-match:http-req-uri-query-params:highlight=%2527(fcase =yes)
[3096] numerical-eq:mysql-error-code:0xffffffff:V4_AUTH_BYPASS:no
[3097] string-match:pktsearch-req-text:^R0X_(fcase =no)
[3098] string-match:pktsearch-rsp-text:^R0X_STATUS\|(fcase =no)
[3099] string-match:p2p-req-text:^R0X_(fcase =no)
[3100] string-match:p2p-rsp-text:^R0X_STATUS\|(fcase =no)
[3101] numerical-eq:http-error-code:0xffffffff:SMUGGLING_MULTIPLE_LENGTH_EXIST:no
[3102] string-match:http-req-message-body:(GET|POST) (fcase =yes)
[3103] numerical-eq:http-error-code:0xffffffff:SMUGGLING_LENGTH_CHUNK_EXIST:no
[3104] string-match:http-req-header:\n\r\r\n(GET|Post) (fcase =yes)
[3105] unsigned-gt:http-get-req-content-length:0xffffffff:0:no
[3106] string-match:http-post-req-message-body:^(GET|POST) http://(fcase =yes)
[3107] string-match:http-req-header:\n[ \t]\r\n(GET|POST) (fcase =yes)
[3108] string-match:http-req-uri-path:%.%.%.%.%.%.%.%.(fcase =no)
[3109] string-match:http-req-uri-path:[%$](h|hn)%(fcase =no)
[3110] string-match:http-req-uri-path:dcforum/dcboard\.cgi$(fcase =yes)
[3111] string-match:http-req-uri-query-param-name:(lastname|firstname)(fcase =yes)
[3112] string-match:http-req-uri-query-param-value:\|admin(fcase =yes)
[3113] string-match:rpc-call-data:\x3f\xfe\x82\x10\x20\x29\x91\xd0\x20\x08\xaa\x25\x7f\xff\x80\xa5(fcase =no)
[3114] string-match:pktsearch-req-text:\x3f\xfe\x82\x10\x20\x29\x91\xd0\x20\x08\xaa\x25\x7f\xff\x80\xa5(fcase =no)
[3115] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00e\x00p\x00l\x00_\x00e\x00n\x00c\x00r\x00y\x00p\x00t\x00 (fcase =yes)
[3116] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00e\x00p\x00l\x00_\x00e\x00n\x00c\x00r\x00y\x00p\x00t\x00 (fcase =yes)
[3117] unsigned-gt:tns-req-connect-data-text-len:0xffffffff:2000:no
[3118] string-match:tns-req-connect-data-text:\(SERVICE(fcase =yes)
[3119] unsigned-gt:telnet-client-login-env-counter:0xffffffff:60:no
[3120] unsigned-gt:telnet-username-client-login-length:0xffffffff:128:no
[3121] numerical-eq:netbios-ss-error-code:0xffffffff:MS05-027_SMB_OVERFLOW:no
[3122] string-match:http-post-req-uri-path:\.htr(fcase =yes)
[3123] numerical-eq:ident-client-shutdown:0xffffffff:1:no
[3124] numerical-eq:ident-rsp-type:0xffffffff:1:no
[3125] unsigned-lt:ident-valid-ident-req:0xffffffff:2:no
[3126] unsigned-gt:ident-rsp-type:0xffffffff:2:no
[3127] numerical-eq:ident-rsp-pkt-counter:0xffffffff:1:no
[3128] string-match:http-req-uri-path:/index2\.php$(fcase =yes)
[3129] string-match:http-req-uri-query-param-name:PHPSESSID(fcase =yes)
[3130] string-match:pktsearch-rsp-text:^Basic Hell - \[ Server OK \](fcase =no)
[3131] string-match:pktsearch-rsp-text:^\x0A\xCD\xEA\xB3\xC9(fcase =no)
[3132] string-match:pktsearch-req-text:^\x0A\xCD\xEA\xB3\xC9(fcase =no)
[3133] string-match:http-req-uri-path:whois_raw\.cgi$(fcase =no)
[3134] string-match:http-req-uri-query-param-name:fqdn(fcase =yes)
[3135] string-match:http-req-uri-query-param-value:^%0A(fcase =no)
[3136] string-match:http-req-uri-query-param-value:^%0a(fcase =no)
[3137] string-match:http-req-uri-path:webapp/admin/showjavartdetails\.jsp(fcase =no)
[3138] string-match:http-req-uri-path:webapp/admin/showpooldetails\.jsp(fcase =no)
[3139] string-match:telnet-client-data-text:\xFF\xFC\x18\xFF\xFD\x03\xFF\xFC\x23\xFF\xFC\x1F\xFF\xFC\x24\xFF\xFC\x27\xFF\xFD\x01\x04\x04\x04\x04\x04\x04(fcase =no)
[3140] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:2255:no
[3141] string-match:pktsearch-req-text:^\xac\xea\xac\xe2(fcase =no)
[3142] string-match:pktsearch-req-text:^\xc7\xc300:00:00(fcase =no)
[3143] string-match:pktsearch-req-text:^\xbd\x43\x3a\x5c(fcase =no)
[3144] string-match:pktsearch-rsp-text:^\x3CNetSphere\x7C(fcase =no)
[3145] string-match:pktsearch-req-text:^\x3CNick\x7C(fcase =no)
[3146] string-match:pktsearch-rsp-text:^220 NetSphere Capture FTP\x0d\x0a(fcase =no)
[3147] string-match:http-req-query-param-name:fname=|(fcase =yes)
[3148] string-match:http-req-query-param-value:/(sbin|bin|usr|etc)/(fcase =yes)
[3149] string-match:http-req-uri-path:infosrch\.cgi$(fcase =no)
[3150] numerical-eq:snmp-dst-ip-err-code:0xffffffff:1:no
[3151] unsigned-gt:snmp-trap-dst-ip-field-length:0xffffffff:4:no
[3152] unsigned-gt:telnet-login-fail-counter:0xffffffff:0:no
[3153] numerical-eq:dns-request-ancount:0xffffffff:1:no
[3154] unsigned-gt:dns-request-answer-rdlength:0xffffffff:512:no
[3155] string-match:http-req-uri-path:login_page\.php(fcase =yes)
[3156] string-match:http-req-uri-path:core_html_API\.php(fcase =yes)
[3157] string-match:http-req-uri-query-param-name:g_meta_include_file(fcase =yes)
[3158] string-match:http-req-uri-query-param-name:g_css_include_file(fcase =yes)
[3159] unsigned-in-range:wins-first-req-msg-len:0xffffffff:0x119:0xFFF::no
[3160] string-match:smtp-rcpt-cmd-param:IMCEASMTP-(fcase =yes)
[3161] unsigned-gt:ssl-v2-client-hello-chlg-len:0xffffffff:32:no
[3162] string-match:pktsearch-req-text:^Computer(fcase =no)
[3163] string-match:pktsearch-rsp-text:^Computer name:(fcase =no)
[3164] string-match:pktsearch-req-text:^User(fcase =no)
[3165] string-match:pktsearch-rsp-text:^Current User:(fcase =no)
[3166] string-match:pktsearch-req-text:^WinInfo(fcase =no)
[3167] string-match:pktsearch-rsp-text:^Major Version:(fcase =no)
[3168] string-match:pktsearch-req-text:^\x30\x00\xFF\x08\x00(fcase =no)
[3169] string-match:pktsearch-rsp-text:\x30\x00\xFF\x08\x00(fcase =no)
[3170] string-match-ap:rsp-content-text:\x2A\x01..\x00.\x00\x00\x00\x01\x2A(fcase =no)(offset=0, depth=0)
[3171] string-match-ap:req-content-text:\x2A\x01....\x00\x00\x00\x01\x2A(fcase =no)(offset=0, depth=0)
[3172] string-match:http-req-host-header:aimexpress.aol.com(fcase =no)
[3173] string-match:http-req-uri-path:/AOWPipeServlet.svc(fcase =no)
[3174] string-match:http-req-content-type-header:AIM/HTTP(fcase =no)
[3175] string-match:http-req-message-body:^\x2A\x01....\x00\x00\x00\x01(fcase =no)
[3176] string-match:dns-rdata:\x0A\x68\x65\x6C\x70\x0A\x71\x75\x69\x74\x0A(fcase =no)
[3177] string-match:dns-qname:\x0A\x68\x65\x6C\x70\x0A\x71\x75\x69\x74\x0A(fcase =no)
[3178] string-match:dns-rr-name:\x0A\x68\x65\x6C\x70\x0A\x71\x75\x69\x74\x0A(fcase =no)
[3179] string-match:snmp-msg:\x0A\x68\x65\x6C\x70\x0A\x71\x75\x69\x74\x0A(fcase =no)
[3180] string-match:http-req-uri-path:/handler/(fcase =no)
[3181] string-match:http-req-uri-path:|?(fcase =no)
[3182] string-match:http-req-uri-path:| (fcase =no)
[3183] string-match:http-req-uri-path:/(etc|sbin|bin|usr)/(fcase =no)
[3184] string-match:http-req-uri-path:/admin_/help/\.\.(/|\\)\.\.(/|\\)\.\.(/|\\)(fcase =no)
[3185] string-match:snmp-request-community-string-field:^%.%.%.%.%.%.(fcase =no)
[3186] string-match:snmp-get-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3187] string-match:snmp-get-next-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3188] string-match:snmp-set-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3189] string-match:snmp-trap-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3190] string-match:snmp-v2-bulk-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3191] string-match:snmp-v2-trap-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3192] string-match:snmp-v2-inform-varbind-value-field:^%.%.%.%.%.%.(fcase =no)
[3193] string-match:snmp-get-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3194] string-match:snmp-get-next-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3195] string-match:snmp-set-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3196] string-match:snmp-trap-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3197] string-match:snmp-v2-bulk-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3198] string-match:snmp-v2-trap-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3199] string-match:snmp-v2-inform-varbind-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3200] string-match:snmp-trap-enterprise-object-id-field:^%.%.%.%.%.%.(fcase =no)
[3201] unsigned-gt:nntp-xpat-client-request-param-length:0xffffffff:512:no
[3202] string-match:http-req-uri-path:phpix/(fcase =yes)
[3203] string-match:http-req-uri-query-params:=`(fcase =yes)
[3204] unsigned-gt:imap-status-cmd-param-length:0xffffffff:195:no
[3205] string-match:http-req-uri-path:servlet(fcase =yes)
[3206] string-match:http-req-uri-path:jsp(fcase =yes)
[3207] string-match:smtp-content-type-message-header:message/external-body;(fcase =yes)
[3208] string-match:smtp-content-type-message-header:\*3221225...\*(fcase =no)
[3209] unsigned-gt:finger-redirect-counter:0xffffffff:0:no
[3210] string-match:finger-client-data-text:localhost(fcase =no)
[3211] string-match:finger-client-data-text:127\.0\.0\.1(fcase =no)
[3212] string-match:finger-client-data-text:127\.1(fcase =no)
[3213] string-match:telnet-client-environ-sb-param:_RLD(fcase =no)
[3214] string-match:telnet-client-environ-sb-param:[cduxio]%(fcase =no)
[3215] string-match:telnet-client-environ-sb-param:$(n|hn)%(fcase =no)
[3216] unsigned-gt:telnet-client-environ-sb-param-length:0xffffffff:80:no
[3217] string-match:telnet-client-environ-sb-param:c%11$hn%(fcase =no)
[3218] string-match:telnet-client-environ-sb-param:c%12$hn(fcase =no)
[3219] unsigned-gt:pktsearch-arkeia-req-len:0xffffffff:24:no
[3220] string-match:pktsearch-arkeia-req-text:^\x00\x4d\x00\x03\x00\x01(fcase =no)
[3221] unsigned-gt:pktsearch-arkeia-req-len:0xffffffff:255:no
[3222] string-match:pktsearch-arkeia-req-text:^\x00\x54\x00\x03\x00\x01(fcase =no)
[3223] unsigned-gt:ssl-length:0xffffffff:0xfffffffc:no
[3224] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9999:no
[3225] string-match:pktsearch-req-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf.\xa5\xa5\x86(fcase =no)
[3226] string-match:backorifice-req-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf.\xa5\xa5\x86(fcase =no)
[3227] string-match:pktsearch-req-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf(fcase =no)
[3228] string-match:pktsearch-rsp-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf(fcase =no)
[3229] string-match:backorifice-req-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf(fcase =no)
[3230] string-match:backorifice-rsp-text:^\xce\x63\xd1\xd2\x16\xe7\x13\xcf(fcase =no)
[3231] numerical-eq:pktsearch-bo-counter:0xffffffff:2:no
[3232] numerical-eq:backorifice-bo-counter:0xffffffff:2:no
[3233] numerical-eq:pktsearch-bo120-cnt:0xffffffff:2:no
[3234] numerical-eq:backorifice-bo120-counter:0xffffffff:1:no
[3235] numerical-eq:backorifice-bo120-counter:0xffffffff:2:no
[3236] string-match:ftp-invalid-cmd-text:^id[\n; \t](fcase =no)
[3237] string-match:ftp-invalid-cmd-text:[; \t/]id[\n; \t](fcase =no)
[3238] string-match:ftp-before-rsp-code-rsp-text:uid=0\(root\).gid=(fcase =no)
[3239] string-match:ftp-before-rsp-code-rsp-text:uid=.\(bin\).gid=(fcase =no)
[3240] string-match:ftp-before-rsp-code-rsp-text:uid=.\(sys\).gid=(fcase =no)
[3241] string-match:ftp-invalid-cmd-text:^whoami[\n; \t](fcase =no)
[3242] string-match:ftp-invalid-cmd-text:[; \t/]whoami[\n; \t](fcase =no)
[3243] string-match:ftp-before-rsp-code-rsp-text:root(fcase =no)
[3244] string-match:ftp-before-rsp-code-rsp-text:bin(fcase =no)
[3245] string-match:ftp-before-rsp-code-rsp-text:sys(fcase =no)
[3246] string-match:ftp-invalid-cmd-text:^uname(fcase =no)
[3247] string-match:ftp-invalid-cmd-text:^ls[\n ](fcase =no)
[3248] string-match:ftp-invalid-cmd-text:^cd (fcase =no)
[3249] string-match:ftp-invalid-cmd-text:^pwd(fcase =no)
[3250] string-match:ftp-invalid-cmd-text:^mv (fcase =no)
[3251] string-match:ftp-invalid-cmd-text:^cp (fcase =no)
[3252] string-match:ftp-invalid-cmd-text:^rm(fcase =no)
[3253] string-match:ftp-invalid-cmd-text:^cat (fcase =no)
[3254] string-match:ftp-invalid-cmd-text:^echo (fcase =no)
[3255] string-match:ftp-invalid-cmd-text:^gcc (fcase =no)
[3256] string-match:http-req-uri-path:(\\|/)ExprCalc\.cfm(fcase =yes)
[3257] string-match:http-req-query-param-name:OpenFilePath(fcase =yes)
[3258] string-match:http-req-uri-path:expeval(\\|/)(fcase =yes)
[3259] string-match:http-req-uri-path:(\\|/)openfile\.cfm(fcase =yes)
[3260] string-match:http-req-uri-path:(\\|/)sendmail\.cfm$(fcase =yes)
[3261] string-match:http-req-uri-path:snippets(\\|/)(fcase =yes)
[3262] string-match:http-req-uri-path:(\\|/)evaluate\.cfm(fcase =yes)
[3263] string-match:http-req-uri-path:cfdocs(\\|/)(fcase =yes)
[3264] string-match:http-req-uri-path:(\\|/)mainframeset\.cfm(fcase =yes)
[3265] unsigned-gt:pop3-xtnd-cmd-param-length:0xffffffff:512:no
[3266] string-match:smtp-PIF-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3267] string-match:smtp-PIF-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3268] string-match:smtp-EXE-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3269] string-match:smtp-EXE-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3270] string-match:smtp-SCR-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3271] string-match:smtp-SCR-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3272] string-match:smtp-BAT-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3273] string-match:smtp-BAT-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3274] string-match:smtp-COM-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3275] string-match:smtp-COM-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3276] string-match:smtp-ZIP-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3277] string-match:smtp-ZIP-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3278] string-match:smtp-ZIP-message-body:Kl9fJk1NTkkvV2+6bV9TYX3f(fcase =no)
[3279] string-match:smtp-ZIP-message-body:fC2UTKNVy2Ikod0nGwwfVR4V(fcase =no)
[3280] string-match:smtp-ZIP-message-body:X18mTU1OSS9Xb7ptX1Nhfd98(fcase =no)
[3281] string-match:smtp-ZIP-message-body:LZRMo1XLYiSh3ScbDB9VHhUc(fcase =no)
[3282] string-match:pop3-PIF-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3283] string-match:pop3-PIF-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3284] string-match:pop3-EXE-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3285] string-match:pop3-EXE-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3286] string-match:pop3-SCR-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3287] string-match:pop3-SCR-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3288] string-match:pop3-BAT-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3289] string-match:pop3-BAT-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3290] string-match:pop3-COM-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3291] string-match:pop3-COM-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3292] string-match:pop3-ZIP-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3293] string-match:pop3-ZIP-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3294] string-match:pop3-ZIP-message-body:Kl9fJk1NTkkvV2+6bV9TYX3f(fcase =no)
[3295] string-match:pop3-ZIP-message-body:fC2UTKNVy2Ikod0nGwwfVR4V(fcase =no)
[3296] string-match:pop3-ZIP-message-body:X18mTU1OSS9Xb7ptX1Nhfd98(fcase =no)
[3297] string-match:pop3-ZIP-message-body:LZRMo1XLYiSh3ScbDB9VHhUc(fcase =no)
[3298] string-match:imap-PIF-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3299] string-match:imap-PIF-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3300] string-match:imap-EXE-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3301] string-match:imap-EXE-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3302] string-match:imap-SCR-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3303] string-match:imap-SCR-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3304] string-match:imap-BAT-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3305] string-match:imap-BAT-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3306] string-match:imap-COM-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3307] string-match:imap-COM-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3308] string-match:imap-ZIP-message-body:ICpfXyZNTU5JL1dvum1fU2F9(fcase =no)
[3309] string-match:imap-ZIP-message-body:33wtlEyjVctiJKHdJxsMH1Ue(fcase =no)
[3310] string-match:imap-ZIP-message-body:Kl9fJk1NTkkvV2+6bV9TYX3f(fcase =no)
[3311] string-match:imap-ZIP-message-body:fC2UTKNVy2Ikod0nGwwfVR4V(fcase =no)
[3312] string-match:imap-ZIP-message-body:X18mTU1OSS9Xb7ptX1Nhfd98(fcase =no)
[3313] string-match:imap-ZIP-message-body:LZRMo1XLYiSh3ScbDB9VHhUc(fcase =no)
[3314] string-match:smtp-EXE-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3315] string-match:smtp-EXE-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3316] string-match:smtp-PIF-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3317] string-match:smtp-PIF-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3318] string-match:smtp-SCR-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3319] string-match:smtp-SCR-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3320] string-match:smtp-BAT-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3321] string-match:smtp-BAT-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3322] string-match:smtp-COM-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3323] string-match:smtp-COM-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3324] string-match:smtp-ZIP-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3325] string-match:smtp-ZIP-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3326] string-match:smtp-ZIP-message-body:YcneYoNloy0DnbaEDRtC9387(fcase =no)
[3327] string-match:smtp-ZIP-message-body:ue+9Y4mFQT0HZXsPCeF0H/V1(fcase =no)
[3328] string-match:smtp-ZIP-message-body:yd5ig2WjLQOdtoQNG0L3fzu5(fcase =no)
[3329] string-match:smtp-ZIP-message-body:771jiYVBPQdlew8J4XQf9XVX(fcase =no)
[3330] string-match:pop3-EXE-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3331] string-match:pop3-EXE-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3332] string-match:pop3-PIF-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3333] string-match:pop3-PIF-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3334] string-match:pop3-SCR-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3335] string-match:pop3-SCR-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3336] string-match:pop3-BAT-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3337] string-match:pop3-BAT-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3338] string-match:pop3-COM-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3339] string-match:pop3-COM-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3340] string-match:pop3-ZIP-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3341] string-match:pop3-ZIP-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3342] string-match:pop3-ZIP-message-body:YcneYoNloy0DnbaEDRtC9387(fcase =no)
[3343] string-match:pop3-ZIP-message-body:yd5ig2WjLQOdtoQNG0L3fzu5(fcase =no)
[3344] string-match:pop3-ZIP-message-body:771jiYVBPQdlew8J4XQf9XVX(fcase =no)
[3345] string-match:imap-EXE-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3346] string-match:imap-EXE-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3347] string-match:imap-PIF-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3348] string-match:imap-PIF-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3349] string-match:imap-SCR-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3350] string-match:imap-SCR-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3351] string-match:imap-BAT-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3352] string-match:imap-BAT-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3353] string-match:imap-COM-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3354] string-match:imap-COM-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3355] string-match:imap-ZIP-message-body:cGHJ3mKDZaMtA522hA0bQvd/(fcase =no)
[3356] string-match:imap-ZIP-message-body:O7nvvWOJhUE9B2V7DwnhdB/1(fcase =no)
[3357] string-match:imap-ZIP-message-body:YcneYoNloy0DnbaEDRtC9387(fcase =no)
[3358] string-match:imap-ZIP-message-body:ue+9Y4mFQT0HZXsPCeF0H/V1(fcase =no)
[3359] string-match:imap-ZIP-message-body:yd5ig2WjLQOdtoQNG0L3fzu5(fcase =no)
[3360] string-match:imap-ZIP-message-body:771jiYVBPQdlew8J4XQf9XVX(fcase =no)
[3361] string-match:http-req-uri-path:rpc-nlog\.pl(fcase =yes)
[3362] string-match:http-req-uri-path:nlog-smb\.pl(fcase =yes)
[3363] string-match:http-req-uri-query-param-name:;(cat|rm|cp)(fcase =no)
[3364] string-match:smtp-message-body:\\\xff\\\xff\\\xff\\\xff\\\xff(fcase =no)
[3365] string-match:smtp-message-header:\\\xff\\\xff\\\xff\\\xff\\\xff(fcase =no)
[3366] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:41626:no
[3367] string-match:pktsearch-rsp-text: SERVER 1\.0(fcase =no)
[3368] string-match:http-req-uri-path:iisadmpwd(fcase =yes)
[3369] string-match:http-req-uri-path:(\\|/)aexp(fcase =yes)
[3370] unsigned-gt:pop3-pass-cmd-param-length:0xffffffff:200:no
[3371] string-match:http-req-uri-path:Admin_files/order\.log(fcase =yes)
[3372] string-match:netbios-ss-smb-tree_connect_andx-buffer:\\(CON|AUX|NUL|PRN|CLOCK\$|CONFIG\$|MOUSE|MSCD|SETVERXX)\x00(fcase =no)
[3373] string-match:netbios-ss-smb-tree_connect_andx-buffer:\\(LPT|COM)[1-9]\x00(fcase =no)
[3374] unsigned-gt:http-req-uri-path-length:0xffffffff:2000:no
[3375] string-match:http-req-uri-path:(/|\\)foxweb\.dll(/|\\)(fcase =yes)
[3376] string-match:irc-req-message:ntscan \x30#f0(fcase =yes)
[3377] string-match:irc-req-message:dcom\.self(fcase =yes)
[3378] string-match:irc-req-message:scan\.(start|stop)(fcase =yes)
[3379] string-match:irc-req-message:(advscan|asc|xscan|xploit|adv\.start) (fcase =yes)
[3380] string-match:irc-rsp-message:ntscan \x30#f0(fcase =yes)
[3381] string-match:irc-rsp-message:dcom\.self(fcase =yes)
[3382] string-match:irc-rsp-message:scan\.(start|stop)(fcase =yes)
[3383] string-match:irc-rsp-message:\.(advscan|asc|xscan|xploit|adv\.start) (fcase =yes)
[3384] string-match:pktsearch-req-text:^Czy\x9c\xe6(fcase =no)
[3385] string-match:pktsearch-rsp-text:^Pol\xb9czono\.\.\.(fcase =no)
[3386] string-match:ftp-pwd-cmd-param:%u%u%u%u%u%u%u%n(fcase =no)
[3387] string-match:http-post-req-uri-path:(\\|/)formmail\.pl$(fcase =yes)
[3388] string-match:http-post-req-message-body:recipient=(fcase =no)
[3389] string-match:http-post-req-message-body:;(/bin/|/usr/|/sbin/|mail|sendmail|cat)(fcase =no)
[3390] string-match:http-req-uri-path:(\\|/)formmail\.pl$(fcase =yes)
[3391] string-match:http-req-uri-query-param-name:recipient(fcase =no)
[3392] string-match:http-req-uri-query-param-value:;(/bin/|/usr/|/sbin/|mail|sendmail|cat)(fcase =no)
[3393] string-match:pop3-user-cmd-param:\x3c\x18\x2f\x62\x37\x18\x69\x6e\x3c\x19\x2f\x73\x37\x39\x68\x2e\xaf\xb8\xff\xf8\xaf\xb9\xff\xfc\xa3\xa0\xff\xff\x27\xa4\xff\xf8\x27\xa5\xff\xf0\x01\x60\x30\x24\xaf\xa4\xff\xf0\xaf\xa0\xff\xf4\x24\x02\x04\x23\x03\xff\xff\xcc(fcase =no)
[3394] string-match:pop3-rsp-text:UCB Pop server(fcase =no)
[3395] string-match:pop3-invalid-cmd-text:\xff\xff/bin/sh(fcase =no)
[3396] string-match:smtp-PIF-message-body:JtyEQ2khTGSHMjwQOHGBuy9F(fcase =no)
[3397] string-match:smtp-PIF-message-body:nuhESCUnQTM1NAJiGRcSoeRD(fcase =no)
[3398] string-match:pop3-PIF-message-body:JtyEQ2khTGSHMjwQOHGBuy9F(fcase =no)
[3399] string-match:pop3-PIF-message-body:nuhESCUnQTM1NAJiGRcSoeRD(fcase =no)
[3400] string-match:imap-PIF-message-body:JtyEQ2khTGSHMjwQOHGBuy9F(fcase =no)
[3401] string-match:imap-PIF-message-body:nuhESCUnQTM1NAJiGRcSoeRD(fcase =no)
[3402] string-match:http-req-uri-path:/guest\.cgi(fcase =yes)
[3403] string-match:http-req-message-body-query-param-name:mailprog(fcase =yes)
[3404] string-match:http-req-message-body-query-param-name:date_command(fcase =yes)
[3405] string-match:pktsearch-req-text:^menu(fcase =no)
[3406] string-match:pktsearch-req-text:^glos(fcase =no)
[3407] string-match:pktsearch-rsp-text:^NaZWA UZYTKOWNIKA(fcase =no)
[3408] numerical-eq:h225-error-code:0xffffffff:DestinationSequenceAnomaly:no
[3409] string-match:ftp-stat-cmd-param:\n200 (fcase =no)
[3410] string-match:ftp-stat-cmd-param:\n227 (fcase =no)
[3411] string-match:http-req-uri-path:(/|\\)(perl|python|ruby)$(fcase =no)
[3412] string-match:http-req-uri-path:(\\|/)sh$(fcase =no)
[3413] string-match:http-req-uri-path:(\\|/)ash$(fcase =no)
[3414] string-match:http-req-uri-path:(\\|/)bash$(fcase =no)
[3415] string-match:http-req-uri-path:(\\|/)csh$(fcase =no)
[3416] string-match:http-req-uri-path:(\\|/)ksh$(fcase =no)
[3417] string-match:http-req-uri-path:(\\|/)tcsh$(fcase =no)
[3418] string-match:http-req-uri-path:(\\|/)zsh$(fcase =no)
[3419] string-match:http-req-uri-path:(\\|/)rsh$(fcase =no)
[3420] string-match:http-req-uri-path:(\\|/)rksh$(fcase =no)
[3421] string-match:tns-req-data-data-text:UTL_FILE\.(FOPEN|FRENAME|FREMOVE)(fcase =no)
[3422] string-match:tns-req-data-data-text:(/|\\)\.(/|\\)\.\.(/|\\)(fcase =no)
[3423] string-match:smtp-EXE-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3424] string-match:smtp-EXE-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3425] string-match:smtp-SCR-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3426] string-match:smtp-SCR-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3427] string-match:smtp-COM-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3428] string-match:smtp-COM-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3429] string-match:pop3-EXE-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3430] string-match:pop3-EXE-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3431] string-match:pop3-SCR-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3432] string-match:pop3-SCR-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3433] string-match:pop3-COM-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3434] string-match:pop3-COM-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3435] string-match:imap-EXE-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3436] string-match:imap-EXE-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3437] string-match:imap-SCR-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3438] string-match:imap-SCR-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3439] string-match:imap-COM-message-body:7cOiRK3LBcIAqCikpogQeMhX(fcase =no)
[3440] string-match:imap-COM-message-body:7+OypJ8kRHFAkBAUX+3S1C9t(fcase =no)
[3441] string-match:mysql-req-query-payload:insert into(fcase =yes)
[3442] string-match:mysql-req-query-payload:\x37\x66\x34\x35\x34\x63\x34\x36(fcase =no)
[3443] string-match:mysql-req-query-payload:create function(fcase =yes)
[3444] string-match:mysql-req-query-payload:libc\.so\.6(fcase =yes)
[3445] string-match:mysql-req-query-payload:\xb0\x0b\xcd\x80(fcase =no)
[3446] numerical-eq:pktsearch-udp-dst-port:0xffffffff:40666:no
[3447] string-match:pktsearch-req-text:^ - PONG! - v1\.0 Ready!(fcase =no)
[3448] string-match:pktsearch-req-text:^0x100(fcase =no)
[3449] string-match:pktsearch-req-text:^0xF800(fcase =no)
[3450] numerical-eq:pktsearch-udp-dst-port:0xffffffff:41666:no
[3451] unsigned-gt:imap-unsubscribe-cmd-param-length:0xffffffff:1024:no
[3452] string-match:netbios-ss-smb-namepipe-CI_SKADS-buffer:\x90\x90\x90\x90\x90(fcase =no)
[3453] string-match:netbios-ss-smb-namepipe-CI_SKADS-buffer:\xe8\x80#80\xff\xff\xff(fcase =no)
[3454] string-match:http-req-uri-path:viewexample\.cfm$(fcase =yes)
[3455] string-match:http-req-uri-query-param-name:Tagname(fcase =yes)
[3456] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:30029:no
[3457] string-match:pktsearch-req-text:^INFO(fcase =no)
[3458] string-match:pktsearch-rsp-text:^AOL Admin Server(fcase =no)
[3459] string-match:pktsearch-rsp-text:^ANSWER OK (fcase =no)
[3460] string-match:pktsearch-trin00-d2m-req-text:PONG(fcase =no)
[3461] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00s\x00q\x00l\x00i\x00n\x00v\x00e\x00n\x00t\x00o\x00r\x00y\x00 (fcase =yes)
[3462] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00s\x00q\x00l\x00i\x00n\x00v\x00e\x00n\x00t\x00o\x00r\x00y\x00 (fcase =yes)
[3463] string-match:smtp-PIF-message-body:x7tscbmaToDQATpSxaLRwOmf(fcase =no)
[3464] string-match:smtp-PIF-message-body:VxJh+79fv5J0Sd2pgs4iyWCr(fcase =no)
[3465] string-match:telnet-client-login:\x0a\xf7\x02\x97(fcase =no)
[3466] string-match:telnet-client-login:\x0b\x18\x02\x98(fcase =no)
[3467] string-match:telnet-client-login:\x0b\x39\x02\x99(fcase =no)
[3468] string-match:telnet-client-login:\x0b\x5a\x02\x9a(fcase =no)
[3469] string-match:telnet-client-login:\x20\x20\x08\x01(fcase =no)
[3470] string-match:telnet-client-login:\xe4\x20\xe0\x08(fcase =no)
[3471] string-match:telnet-client-login:\x24\x02\x04\x53(fcase =no)
[3472] string-match:telnet-client-login:\x24\x02\x03\xf3(fcase =no)
[3473] string-match:telnet-client-login:\x24\x02\x04\x25(fcase =no)
[3474] string-match:telnet-client-login:\x24\x02\x03\xee(fcase =no)
[3475] string-match:telnet-client-login:\x24\x02\x03\xeb(fcase =no)
[3476] string-match:telnet-client-login:\x03\xff\xff\xcc(fcase =no)
[3477] string-match:telnet-client-login:\x02..\x0c(fcase =no)
[3478] string-match:telnet-client-login:\x01\x01\x01\x0c(fcase =no)
[3479] string-match:telnet-client-login:\x13\x74\xf0\x47(fcase =no)
[3480] string-match:telnet-client-login:\x12\x74\xf0\x47(fcase =no)
[3481] string-match:telnet-client-login:\x11\x74\xf0\x47(fcase =no)
[3482] string-match:telnet-client-login:/bin/sh(fcase =no)
[3483] string-match:telnet-client-login:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[3484] string-match:telnet-client-login:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[3485] string-match:telnet-client-login:h....X5....H..PP..PPa(fcase =no)
[3486] string-match:telnet-client-login:-....-....-....PQX-....-....-....PQX(fcase =no)
[3487] string-match:telnet-client-login:-....-....PQX-....-....PQX(fcase =no)
[3488] string-match:telnet-client-login:\x80\x30.\x40\xe2\xfa(fcase =no)
[3489] string-match:telnet-client-login:\xac\x34.\xaa\xe2\xfa(fcase =no)
[3490] string-match:telnet-client-login:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[3491] string-match:telnet-client-login:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[3492] string-match:telnet-client-login:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[3493] string-match:telnet-client-login:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[3494] string-match:telnet-client-login:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[3495] string-match:telnet-client-login:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[3496] string-match:telnet-client-login:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[3497] string-match:http-req-uri-path:(/|\\)httpodbc\.dll(fcase =yes)
[3498] unsigned-gt:smtp-expn-cmd-param-length:0xffffffff:1000:no
[3499] string-match:http-req-uri-path:poster/$(fcase =yes)
[3500] string-match:http-req-uri-query-params:go=setup_submit(fcase =yes)
[3501] string-match:http-req-uri-query-params:un=(fcase =yes)
[3502] string-match:pktsearch-rsp-text:^\xFF\xFE\x01\xFF\xF0\x20\x2D\x2D\x2D(fcase =no)
[3503] string-match:pktsearch-rsp-text:\x2D\x0D\x0A\x20SoftEther Virtual HUB Administration Console(fcase =no)
[3504] string-match:icmp-echo-payload:SoftEther Keep-Alive Packet(fcase =no)
[3505] string-match:pktsearch-req-text:SoftEther Protocol(fcase =no)
[3506] string-match:pktsearch-req-text:^\x80\x2F\x01\x03\x01\x00\x06\x00\x00\x00\x20\x00\x00\x04\x01\x00\x80(fcase =no)
[3507] string-match:pktsearch-rsp-text:^\x16\x03\x01\x00\x4a\x02(fcase =no)
[3508] numerical-eq:pktsearch-udp-dst-port:0xffffffff:666:no
[3509] numerical-eq:pktsearch-udp-dst-port:0xffffffff:1042:no
[3510] string-match:pktsearch-req-text:Bla Ver [12345]\x2eo.(fcase =no)
[3511] unsigned-gt:rpc-call-data-len:0xffffffff:500:no
[3512] string-match:http-req-uri-path:\.asp\.$(fcase =yes)
[3513] string-match:http-req-uri-path:(\\|/)aglimpse(fcase =yes)
[3514] string-match:http-req-uri:\|IFS=.;CMD=(fcase =yes)
[3515] string-match:http-req-uri:;eval\$CMD;(fcase =yes)
[3516] string-match:http-req-uri-path:/isqlplus(fcase =no)
[3517] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:255:no
[3518] string-match:http-req-uri-query-param-name:username(fcase =no)
[3519] string-match:http-req-uri-query-param-name:privilege(fcase =no)
[3520] string-match:http-req-uri-query-param-name:sid(fcase =no)
[3521] string-match:http-req-uri-query-param-name:password(fcase =no)
[3522] string-match:http-req-uri-query-param-name:action(fcase =no)
[3523] string-match:http-post-req-uri-path:/isqlplus(fcase =no)
[3524] unsigned-gt:http-post-req-uri-query-param-value-length:0xffffffff:2500:no
[3525] string-match:http-post-req-uri-query-param-name:username(fcase =no)
[3526] unsigned-gt:http-post-req-message-body-length:0xffffffff:2500:no
[3527] string-match:http-post-req-message-body:action=(fcase =no)
[3528] string-match:http-post-req-message-body:password=(fcase =no)
[3529] string-match:http-post-req-message-body:username=(fcase =no)
[3530] string-match:http-post-req-message-body:privilege=(fcase =no)
[3531] string-match:http-post-req-message-body:sid=(fcase =no)
[3532] string-match:pop3-user-cmd-param:\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa(fcase =no)
[3533] string-match:pop3-user-cmd-param:\xff\xff/bin/sh\xff(fcase =no)
[3534] string-match:pop3-user-cmd-param:\xeb\x48\x9a\xff\xff\xff\xff\x07\xff\xc3\x5e\x31\xc0\x89\x46\xb4(fcase =no)
[3535] string-match:pop3-user-cmd-param:\xe8\xc6\xff\xff\xff/bin/sh(fcase =no)
[3536] string-match:smtp-PIF-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3537] string-match:smtp-PIF-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3538] string-match:smtp-ZIP-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3539] string-match:smtp-ZIP-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3540] string-match:smtp-ZIP-message-body:M5lmRdyi9c8RtwznmdOT/9MN(fcase =no)
[3541] string-match:smtp-ZIP-message-body:gEukCDoFAERvZXJrthDbFq0Z(fcase =no)
[3542] string-match:smtp-ZIP-message-body:mWZF3KL1zxG3DOeZ05P/0w2A(fcase =no)
[3543] string-match:smtp-ZIP-message-body:S6QIOgUARG9lcmu2ENsWrRmJ(fcase =no)
[3544] string-match:pop3-PIF-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3545] string-match:pop3-PIF-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3546] string-match:pop3-ZIP-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3547] string-match:pop3-ZIP-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3548] string-match:pop3-ZIP-message-body:M5lmRdyi9c8RtwznmdOT/9MN(fcase =no)
[3549] string-match:pop3-ZIP-message-body:gEukCDoFAERvZXJrthDbFq0Z(fcase =no)
[3550] string-match:pop3-ZIP-message-body:mWZF3KL1zxG3DOeZ05P/0w2A(fcase =no)
[3551] string-match:pop3-ZIP-message-body:S6QIOgUARG9lcmu2ENsWrRmJ(fcase =no)
[3552] string-match:imap-PIF-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3553] string-match:imap-PIF-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3554] string-match:imap-ZIP-message-body:rTOZZkXcovXPEbcM55nTk//T(fcase =no)
[3555] string-match:imap-ZIP-message-body:DYBLpAg6BQBEb2Vya7YQ2xat(fcase =no)
[3556] string-match:imap-ZIP-message-body:M5lmRdyi9c8RtwznmdOT/9MN(fcase =no)
[3557] string-match:imap-ZIP-message-body:gEukCDoFAERvZXJrthDbFq0Z(fcase =no)
[3558] string-match:imap-ZIP-message-body:mWZF3KL1zxG3DOeZ05P/0w2A(fcase =no)
[3559] string-match:imap-ZIP-message-body:S6QIOgUARG9lcmu2ENsWrRmJ(fcase =no)
[3560] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x02\x00\xFF\xF0(fcase =no)
[3561] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x03\x00\xFF\xF0(fcase =no)
[3562] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x04\x00\xFF\xF0(fcase =no)
[3563] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x05\x00\xFF\xF0(fcase =no)
[3564] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x06\x00\xFF\xF0(fcase =no)
[3565] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x07\x00\xFF\xF0(fcase =no)
[3566] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x0a\x00\xFF\xF0(fcase =no)
[3567] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x0b\x00\xFF\xF0(fcase =no)
[3568] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x0c\x00\xFF\xF0(fcase =no)
[3569] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x0d\x00\xFF\xF0(fcase =no)
[3570] string-match:telnet-server-data-text:\xFF\xFA\x25\x01\x0e\x00\xFF\xF0(fcase =no)
[3571] string-match:telnet-client-authentication-sb-param:^\x00\x0F\x00(fcase =no)
[3572] string-match:telnet-client-authentication-sb-param:\x4E\x54\x4C\x4D\x53\x53\x50\x00\x01\x00\x00\x00(fcase =no)
[3573] string-match:telnet-client-authentication-sb-param:^\x00\x0F(fcase =no)
[3574] string-match:telnet-client-authentication-sb-param:\x4E\x54\x4C\x4D\x53\x53\x50\x00\x03\x00\x00\x00\x12\x00\x12(fcase =no)
[3575] numerical-eq:pktsearch-rsp-1st-4b:0xFFFF0000:0x30320000:no
[3576] string-match:netbios-ss-smb-OPEN-filename:d\x00e\x00s\x00k\x00t\x00o\x00p\x00\.\x00i\x00n\x00i\x00(fcase =yes)
[3577] unsigned-gt:netbios-ss-smb-rsp-read_andx-bytecount:0xffffffff:3000:no
[3578] string-match:netbios-ss-smb-rsp-read_andx-buffer:\x5b\x00\.\x00S\x00h\x00e\x00l\x00l\x00C\x00l\x00a\x00s\x00s\x00I\x00n\x00f\x00o\x00\x5d\x00(fcase =yes)
[3579] string-match:netbios-ss-smb-rsp-read_andx-buffer:\x00KERNEL32\x00(fcase =yes)
[3580] string-match:netbios-ss-smb-rsp-read_andx-buffer:\xcc\x59\xfb\x77(fcase =yes)
[3581] string-match:pktsearch-req-text:%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..%..(fcase =no)
[3582] numerical-eq:rpc-call-prognum:0xffffffff:100300:no
[3583] numerical-eq:rpc-call-procedure:0xffffffff:22:no
[3584] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00e\x00g\x00(fcase =yes)
[3585] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00e\x00g\x00(fcase =yes)
[3586] unsigned-gt:snmp-version-msg-qllength:0xffffffff:4:no
[3587] unsigned-gt:snmp-version-length-of-length:0xffffffff:2:no
[3588] string-match:ssh-req-text:SSH-2.0-GOBBLES(fcase =no)
[3589] string-match:ssh-rsp-text:*GOBBLE*(fcase =no)
[3590] string-match:ssh-req-text:id[\n; \t](fcase =no)
[3591] string-match:ssh-rsp-text:uid=0\(root\).gid=(fcase =no)
[3592] string-match:ssh-rsp-text:uid=.\(bin\).gid=(fcase =no)
[3593] string-match:ssh-rsp-text:uid=.\(sys\).gid=(fcase =no)
[3594] string-match:ssh-req-text:hostname(fcase =no)
[3595] string-match:ssh-req-text:ifconfig(fcase =no)
[3596] string-match:http-req-uri-query-param-name:NS-rel-doc-name(fcase =yes)
[3597] string-match:http-req-query-params:ul=(fcase =yes)
[3598] string-match:http-req-query-param-name:tmplt(fcase =yes)
[3599] unsigned-gt:http-req-query-param-value-length:0xffffffff:1024:no
[3600] string-match:http-req-uri-path:search\.cgi(fcase =yes)
[3601] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:650:no
[3602] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:6272:no
[3603] string-match:pktsearch-rsp-text:^220 ICS FTP Server ready\.(fcase =no)
[3604] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:14286:no
[3605] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:14285:no
[3606] string-match:icmp-echo-reply-payload:\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41(fcase =no)
[3607] unsigned-gt:http-req-uri-path-length:0xffffffff:1000:no
[3608] string-match:http-req-uri-path:/admin_/help/(fcase =no)
[3609] string-match:http-req-uri-path:(\\|/)code\.php3(fcase =no)
[3610] string-match:smtp-SCR-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3611] string-match:smtp-SCR-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3612] string-match:smtp-PIF-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3613] string-match:smtp-PIF-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3614] string-match:smtp-CMD-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3615] string-match:smtp-CMD-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3616] string-match:smtp-EXE-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3617] string-match:smtp-EXE-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3618] string-match:smtp-BAT-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3619] string-match:smtp-BAT-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3620] string-match:pop3-SCR-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3621] string-match:pop3-SCR-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3622] string-match:pop3-PIF-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3623] string-match:pop3-PIF-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3624] string-match:pop3-CMD-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3625] string-match:pop3-CMD-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3626] string-match:pop3-EXE-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3627] string-match:pop3-EXE-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3628] string-match:pop3-BAT-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3629] string-match:pop3-BAT-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3630] string-match:imap-SCR-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3631] string-match:imap-SCR-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3632] string-match:imap-PIF-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3633] string-match:imap-PIF-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3634] string-match:imap-CMD-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3635] string-match:imap-CMD-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3636] string-match:imap-EXE-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3637] string-match:imap-EXE-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3638] string-match:imap-BAT-message-body:ApIAUCZKAEAD/bJpmiwQBPQl(fcase =no)
[3639] string-match:imap-BAT-message-body:6AEAS85pmm7ZH8gqwAO4sKim(fcase =no)
[3640] string-match:smtp-ZIP-message-body:Jx+eAFgAAABY(fcase =no)
[3641] string-match:pop3-ZIP-message-body:Jx+eAFgAAABY(fcase =no)
[3642] string-match:imap-ZIP-message-body:Jx+eAFgAAABY(fcase =no)
[3643] string-match:http-req-uri-path:cart32\.exe/cart32clientlist(fcase =yes)
[3644] string-match-ap:req-content-text:(\xE3|\xC5|\xD4).\x00\x00\x00(fcase =no)(offset=0, depth=0)
[3645] string-match-ap:rsp-content-text:\xE3.\x00\x00\x00\x59(fcase =no)
[3646] string-match:pktsearch-req-text:GET\r\n\r\n\r\n\r\n\r\n\r\n(fcase =no)
[3647] string-match:pktsearch-req-text:GET\n\n\n\n\n\n(fcase =no)
[3648] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9090:no
[3649] string-match:telnet-client-data-text:\xCD\x80(fcase =no)
[3650] string-match:telnet-client-data-text:(\xFF\xFB\xAA){4}(fcase =no)
[3651] unsigned-gt:http-webdav-propfind-req-content-length:0xffffffff:49152:no
[3652] unsigned-gt:http-webdav-search-req-content-length:0xffffffff:12200:no
[3653] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31785:no
[3654] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31388:no
[3655] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31790:no
[3656] numerical-eq:pktsearch-udp-dst-port:0xffffffff:31789:no
[3657] numerical-eq:pktsearch-udp-dst-port:0xffffffff:31791:no
[3658] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31792:no
[3659] string-match:pktsearch-req-text:^general(fcase =no)
[3660] string-match:ftp-site-cmd-param:NEWER(fcase =yes)
[3661] string-match:smtp-ZIP-message-body:MKB33zAFTDFMdHW8MiXp6Ntp(fcase =no)
[3662] string-match:smtp-ZIP-message-body:g401bAWVAVW1o/HdObZM160X(fcase =no)
[3663] string-match:smtp-ZIP-message-body:oHffMAVMMUx0dbwyJeno22mD(fcase =no)
[3664] string-match:smtp-ZIP-message-body:jTVsBZUBVbWj8d05tkzXrRcv(fcase =no)
[3665] string-match:smtp-ZIP-message-body:d98wBUwxTHR1vDIl6ejbaYON(fcase =no)
[3666] string-match:smtp-ZIP-message-body:NWwFlQFVtaPx3Tm2TNetFy+x(fcase =no)
[3667] string-match:imap-ZIP-message-body:MKB33zAFTDFMdHW8MiXp6Ntp(fcase =no)
[3668] string-match:imap-ZIP-message-body:g401bAWVAVW1o/HdObZM160X(fcase =no)
[3669] string-match:imap-ZIP-message-body:oHffMAVMMUx0dbwyJeno22mD(fcase =no)
[3670] string-match:imap-ZIP-message-body:jTVsBZUBVbWj8d05tkzXrRcv(fcase =no)
[3671] string-match:imap-ZIP-message-body:d98wBUwxTHR1vDIl6ejbaYON(fcase =no)
[3672] string-match:imap-ZIP-message-body:NWwFlQFVtaPx3Tm2TNetFy+x(fcase =no)
[3673] string-match:pop3-ZIP-message-body:MKB33zAFTDFMdHW8MiXp6Ntp(fcase =no)
[3674] string-match:pop3-ZIP-message-body:g401bAWVAVW1o/HdObZM160X(fcase =no)
[3675] string-match:pop3-ZIP-message-body:oHffMAVMMUx0dbwyJeno22mD(fcase =no)
[3676] string-match:pop3-ZIP-message-body:jTVsBZUBVbWj8d05tkzXrRcv(fcase =no)
[3677] string-match:pop3-ZIP-message-body:d98wBUwxTHR1vDIl6ejbaYON(fcase =no)
[3678] string-match:pop3-ZIP-message-body:NWwFlQFVtaPx3Tm2TNetFy+x(fcase =no)
[3679] string-match:pktsearch-rsp-text:^Michal 5\.00(fcase =no)
[3680] string-match:pktsearch-rsp-text:^\x28\x00\x00\x00(fcase =no)
[3681] string-match:pktsearch-rsp-text:^\x29\x00\x00\x00(fcase =no)
[3682] string-match:pktsearch-req-text:^\x27\x00\x00\x00..\x4b\x61\x5a\x61\x41\x00(fcase =no)
[3683] string-match:pktsearch-req-text:^\x27\x00\x00\x00..Grokster\x00(fcase =no)
[3684] string-match:pktsearch-req-text:^\x27\x00\x00\x00..MusicCity\x00(fcase =no)
[3685] string-match:pktsearch-req-text:^\x27\x00\x00\x00..fileshare\x00(fcase =no)
[3686] string-match:ftp-rsp-text:^FTP Server ready \[(fcase =no)
[3687] string-match:ftp-cwd-cmd-param:\.          (fcase =no)
[3688] string-match:ftp-cwd-cmd-param:/\.\./(fcase =no)
[3689] string-match:ftp-list-cmd-param:/\.\./(fcase =no)
[3690] string-match:ftp-nlst-cmd-param:/\.\./(fcase =no)
[3691] string-match:ftp-retr-cmd-param:\\BrokerProfiles\.Dat(fcase =no)
[3692] unsigned-gt:ftp-user-cmd-param-length:0xffffffff:2850:no
[3693] unsigned-gt:http-req-uri-path-length:0xffffffff:198:no
[3694] string-match:http-req-uri-path:\.shtml$(fcase =no)
[3695] unsigned-gt:rexec-username-client-login-length:0xffffffff:128:no
[3696] unsigned-gt:rexec-client-handshake-serveruser-text-length:0xffffffff:128:no
[3697] string-match:http-req-uri-path:(\\|/)showcode\.asp$(fcase =yes)
[3698] string-match:http-req-uri-path:(\\|/)codebrws\.asp$(fcase =yes)
[3699] string-match:http-req-uri-path:(\\|/)winmsdp\.exe$(fcase =yes)
[3700] string-match:snmp-get-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x2b\x0a\x04\x02(fcase =no)
[3701] string-match:snmp-get-next-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x2b\x0a\x04\x02(fcase =no)
[3702] string-match:snmp-set-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x2b\x0a\x04\x02(fcase =no)
[3703] string-match:snmp-v2-bulk-varbind-object-id-field:^\x2b\x06\x01\x04\x01\x2b\x0a\x04\x02(fcase =no)
[3704] string-match:netbios-ss-dcerpc-req-LOCATOR-request-payload:/\x00\.\x00\.\x00\.\x00(fcase =no)
[3705] string-match:netbios-ss-dcerpc-req-LOCATOR-request-payload:/\x00\.\x00:\x00(fcase =no)
[3706] numerical-eq:netbios-ss-dcerpc-req-LOCATOR-request-op-num:0xffffffff:0:no
[3707] unsigned-gt:netbios-ss-dcerpc-req-LOCATOR-request-frag-length:0xffffffff:0xeb:no
[3708] string-match:netbios-ss-smb-tree_connect_andx-buffer:ADMIN\$(fcase =yes)
[3709] string-match:netbios-ss-smb-tree_connect_andx-buffer:\\\x00A\x00D\x00M\x00I\x00N\x00\$(fcase =yes)
[3710] numerical-eq:netbios-ss-tree_connect_andx-smb-param-password-length:0xffffffff:1:no
[3711] string-match:http-req-uri-path:/boozt/(fcase =no)
[3712] unsigned-gt:http-req-message-body-query-param-value-length:0xffffffff:1500:no
[3713] string-match:http-req-uri-path:/index\.cgi(fcase =no)
[3714] string-match:pktsearch-rsp-text:^HTTP V 1\.01 Enter request !(fcase =no)
[3715] string-match:pktsearch-rsp-text:^Password Accepted !(fcase =no)
[3716] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:48:no
[3717] string-match:ftp-site-cmd-param:%x %x %x %x +%x \|%x(fcase =no)
[3718] string-match:ftp-site-cmd-param:%020d\|%\.f%\.f\|(fcase =no)
[3719] string-match:pktsearch-shaft-h2a-req-text:alive tijgu(fcase =no)
[3720] string-match:smtp-PIF-message-body:gDu+4N2GfLiPElxZdA1KVlmy(fcase =no)
[3721] string-match:smtp-PIF-message-body:hc5vWVuGDEZnYzfjWVPdXYv4(fcase =no)
[3722] string-match:pop3-PIF-message-body:gDu+4N2GfLiPElxZdA1KVlmy(fcase =no)
[3723] string-match:pop3-PIF-message-body:hc5vWVuGDEZnYzfjWVPdXYv4(fcase =no)
[3724] string-match:imap-PIF-message-body:gDu+4N2GfLiPElxZdA1KVlmy(fcase =no)
[3725] string-match:imap-PIF-message-body:hc5vWVuGDEZnYzfjWVPdXYv4(fcase =no)
[3726] unsigned-gt:dhcp-cf-option-len:0xffffffff:128:no
[3727] numerical-eq:radius-accouting-request-length:0xffffffff:1024:no
[3728] numerical-eq:radius-accouting-request-length:0xffffffff:2048:no
[3729] numerical-eq:radius-accouting-request-length:0xffffffff:4096:no
[3730] numerical-eq:radius-accouting-request-length:0xffffffff:8192:no
[3731] numerical-eq:radius-accouting-request-attr-counter:0xffffffff:5:no
[3732] string-match:pktsearch-req-text:\x24\x02\x03\xf3(fcase =no)
[3733] string-match:pktsearch-req-text:\x24\x02\x04\x23(fcase =no)
[3734] string-match:pktsearch-req-text:\x03..\xcc(fcase =no)
[3735] string-match:pktsearch-req-text:\x02..\x0c(fcase =no)
[3736] string-match:pktsearch-req-text:\x01..\x0c(fcase =no)
[3737] string-match:smtp-subject-message-header:you have a(fcase =yes)
[3738] string-match:smtp-subject-message-header:card from(fcase =yes)
[3739] string-match:smtp-message-body:\nhttp://www\.(Laugh-Mail|friend-card|friend-cards|cool-download|friend-greeting|friend-greet|friendgreetings|friend-greetings)\.(com|net)/(fcase =yes)
[3740] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10100:no
[3741] numerical-eq:pktsearch-rsp-1st-4b:0xFFFFFF00:0x30303000:no
[3742] numerical-eq:dcerpc-req-DCOM-request-frag-length:0xffffffff:2904:no
[3743] string-match:dcerpc-dcom-machine-name:\xc5\xd4\xd4\xd4\x3c\x5e\xd6\xd4\xd4\x5d\x57\x95(fcase =no)
[3744] numerical-eq:netbios-ss-dcerpc-req-DCOM-request-frag-length:0xffffffff:2904:no
[3745] string-match:netbios-ss-dcerpc-dcom-machine-name:\xc5\xd4\xd4\xd4\x3c\x5e\xd6\xd4\xd4\x5d\x57\x95(fcase =no)
[3746] string-match:ftp-site-cmd-param:%\.f%\.f%\.f%\.f%\.f%\.f%\.(fcase =no)
[3747] string-match:ftp-site-cmd-param:\x31\xc0\x31\xdb\x31\xc9\xb0\x46\xcd\x80(fcase =no)
[3748] unsigned-gt:rsh-login-fail-counter:0xffffffff:0:no
[3749] unsigned-gt:pop3-uidl-cmd-param-length:0xffffffff:200:no
[3750] string-match:smtp-EXE-message-body:rXFHiJ1qy1EyALi4uJjIjgW7(fcase =no)
[3751] string-match:smtp-EXE-message-body:JTRt4bgcS9pE4kqKRi/bSw1Z(fcase =no)
[3752] string-match:pop3-EXE-message-body:rXFHiJ1qy1EyALi4uJjIjgW7(fcase =no)
[3753] string-match:pop3-EXE-message-body:JTRt4bgcS9pE4kqKRi/bSw1Z(fcase =no)
[3754] string-match:imap-EXE-message-body:rXFHiJ1qy1EyALi4uJjIjgW7(fcase =no)
[3755] string-match:imap-EXE-message-body:JTRt4bgcS9pE4kqKRi/bSw1Z(fcase =no)
[3756] unsigned-gt:imap-append-cmd-param-length:0xffffffff:1024:no
[3757] unsigned-gt:netbios-ss-smb-rsp-trans2-shortfilename-length:0xffffffff:24:no
[3758] numerical-eq:netbios-ss-error-code:0xffffffff:FINDFIRST2_FILENAME_LENGTH_ERROR:no
[3759] unsigned-gt:smtp-rcpt-cmd-param-length:0xffffffff:1024:no
[3760] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:334:no
[3761] string-match:pktsearch-req-text:^ExecuteUnloadAll(fcase =no)
[3762] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5333:no
[3763] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:411:no
[3764] string-match:pktsearch-trin00-a2m-req-text:mdie killme(fcase =no)
[3765] string-match:ftp-pass-cmd-param:-iss@iss(fcase =no)
[3766] string-match:http-get-req-uri-path:cgi-bin(fcase =no)
[3767] string-match:http-get-req-uri-path:(\\|/)AnyForm\.cgi(fcase =no)
[3768] string-match:http-get-req-user-agent-header:Java1\.2\.1(fcase =no)
[3769] string-match:pop3-invalid-cmd-text:\xeb\x26\x5e\x8d\x1e\x89\x5e\x1b\x31\xed\x89\x6e\x17\x89\x6e\x1f(fcase =no)
[3770] string-match:pop3-invalid-cmd-text:\xff\xff/////////////////bin/sh(fcase =no)
[3771] string-match:telnet-client-data-text:id[\n; \t](fcase =no)
[3772] string-match:telnet-client-data-text:[; \t/]id[\n; \t](fcase =no)
[3773] string-match:telnet-server-data-text:uid=0\(root\).gid=(fcase =no)
[3774] string-match:telnet-server-data-text:uid=.\(bin\).gid=(fcase =no)
[3775] string-match:telnet-server-data-text:uid=.\(sys\).gid=(fcase =no)
[3776] string-match:telnet-client-data-text:whoami[\n; \t](fcase =no)
[3777] string-match:telnet-client-data-text:[; \t/]whoami[\n; \t](fcase =no)
[3778] string-match:telnet-server-data-text:root\x0a(fcase =no)
[3779] string-match:telnet-server-data-text:bin\x0a(fcase =no)
[3780] string-match:telnet-server-data-text:sys\x0a(fcase =no)
[3781] string-match:tftp-filename:admin\.dll(fcase =yes)
[3782] string-match:smtp-PIF-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3783] string-match:smtp-PIF-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3784] string-match:smtp-EXE-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3785] string-match:smtp-EXE-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3786] string-match:pop3-PIF-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3787] string-match:pop3-PIF-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3788] string-match:pop3-EXE-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3789] string-match:pop3-EXE-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3790] string-match:imap-PIF-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3791] string-match:imap-PIF-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3792] string-match:imap-EXE-message-body:AtaVBkrISbMMdUa8YPoCfAmS(fcase =no)
[3793] string-match:imap-EXE-message-body:CMjXQTIjdWouIwiu6GZxFOss(fcase =no)
[3794] string-match:smtp-SCR-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3795] string-match:smtp-SCR-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3796] string-match:smtp-EXE-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3797] string-match:smtp-EXE-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3798] string-match:smtp-COM-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3799] string-match:smtp-COM-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3800] string-match:imap-SCR-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3801] string-match:imap-SCR-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3802] string-match:imap-EXE-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3803] string-match:imap-EXE-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3804] string-match:imap-COM-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3805] string-match:imap-COM-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3806] string-match:pop3-SCR-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3807] string-match:pop3-SCR-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3808] string-match:pop3-EXE-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3809] string-match:pop3-EXE-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3810] string-match:pop3-COM-message-body:AF0iXlUKBWDHzPA6RDol/A47(fcase =no)
[3811] string-match:pop3-COM-message-body:3GF1vV9i9R8J5KHMd6hZK3PB(fcase =no)
[3812] numerical-eq:netbios-ss-error-code:0xffffffff:NT_TRANSACT2_PARAM_LENGTH_VIOLATION:no
[3813] string-match:smtp-rcpt-cmd-param:\.\.[/\\]\.\.(fcase =no)
[3814] numerical-eq:netbios-ns-response-query-packet-length:0xffffffff:0x10:no
[3815] string-match:http-req-uri-path:\.asp$(fcase =yes)
[3816] numerical-eq:rpc-call-cred-flavor:0xffffffff:1:no
[3817] string-match:rpc-call-data:ADM_METHOD(fcase =no)
[3818] string-match:rpc-call-data:admpipe(fcase =no)
[3819] string-match:rpc-call-data:localhost(fcase =no)
[3820] string-match:rpc-call-data:127\.0\.0\.1(fcase =no)
[3821] string-match:rpc-call-data:\/\.\.\/(fcase =no)
[3822] string-match:rpc-call-data:ADM_CLIENT_HOST(fcase =no)
[3823] string-match:rpc-reply-data:USER ACCESS DENIED(fcase =no)
[3824] string-match:ftp-stor-cmd-param:\.rhosts(fcase =no)
[3825] string-match:sip-req-invite-uri-text:\x3C\x3C\x3C\x3C(fcase =no)
[3826] string-match:sip-req-subscribe-uri-text:\x3C\x3C\x3C\x3C(fcase =no)
[3827] string-match:sip-req-uri-text:\x3C\x3C\x3C\x3C(fcase =no)
[3828] unsigned-gt:sip-req-uri-len:0xffffffff:128:no
[3829] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:21212:no
[3830] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:21554:no
[3831] string-match:pktsearch-rsp-text:^Schwindler Servidor\x2e(fcase =no)
[3832] unsigned-gt:netbios-ss-rsp-smb-share-name-length:0xffffffff:300:no
[3833] string-match:tds-sybase-response-payload:Login failed(fcase =yes)
[3834] unsigned-gt:smtp-saml-cmd-param-length:0xffffffff:1024:no
[3835] unsigned-gt:smtp-soml-cmd-param-length:0xffffffff:1024:no
[3836] string-match:http-req-uri-path:links\.all\.php(fcase =yes)
[3837] string-match:http-req-query-param-value:(http|ftp)://(fcase =yes)
[3838] unsigned-gt:nfs-v2-call-attr-uid:0xffffffff:0xffff:no
[3839] numerical-eq:nfs-v2-call-attr-uid:0x0000ffff:0:no
[3840] unsigned-gt:nfs-v3-call-attr-uid:0xffffffff:0xffff:no
[3841] numerical-eq:nfs-v3-call-attr-uid:0x0000ffff:0:no
[3842] string-match:pktsearch-req-text:User-Agent: XoloX(fcase =yes)
[3843] string-match:http-get-req-user-agent-header:XoloX(fcase =yes)
[3844] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1963:no
[3845] string-match:pktsearch-req-text:\xfd\xe9\xed\xbd(fcase =no)
[3846] string-match:pktsearch-req-text:\xef\xe9\xed\xbd(fcase =no)
[3847] string-match:pktsearch-rsp-text:\xe9\xed(fcase =no)
[3848] string-match:pktsearch-rsp-text:\xed\xfb(fcase =no)
[3849] string-match:pktsearch-rsp-text:\xf9\xff\xed(fcase =no)
[3850] string-match:pktsearch-rsp-text:\xeb\xed(fcase =no)
[3851] string-match:tds-mssql-client-query-payload:o\x00p\x00e\x00n\x00r\x00o\x00w\x00s\x00e\x00t\x00\(\x00(fcase =yes)
[3852] string-match:netbios-ss-tds-client-query-payload:o\x00p\x00e\x00n\x00r\x00o\x00w\x00s\x00e\x00t\x00\(\x00(fcase =yes)
[3853] numerical-eq:icmp-echo-reply-id:0xffffffff:669:no
[3854] string-match:icmp-echo-reply-payload:\x73\x69\x63\x6B\x65\x6e(fcase =no)
[3855] unsigned-gt:http-req-chunk-read-body-length:0xffffffff:0x7fffffff:no
[3856] unsigned-gt:http-req-host-header-length:0xffffffff:620:no
[3857] string-match:http-req-uri-path:snork\.bat(fcase =yes)
[3858] string-match:smtp-SCR-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3859] string-match:smtp-SCR-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3860] string-match:smtp-PIF-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3861] string-match:smtp-PIF-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3862] string-match:smtp-EXE-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3863] string-match:smtp-EXE-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3864] string-match:smtp-COM-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3865] string-match:smtp-COM-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3866] string-match:pop3-SCR-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3867] string-match:pop3-SCR-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3868] string-match:pop3-PIF-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3869] string-match:pop3-PIF-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3870] string-match:pop3-EXE-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3871] string-match:pop3-EXE-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3872] string-match:pop3-COM-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3873] string-match:pop3-COM-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3874] string-match:imap-SCR-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3875] string-match:imap-SCR-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3876] string-match:imap-PIF-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3877] string-match:imap-PIF-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3878] string-match:imap-EXE-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3879] string-match:imap-EXE-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3880] string-match:imap-COM-message-body:UFNoz2yDjG0SGFdkEQpoY3+h(fcase =no)
[3881] string-match:imap-COM-message-body:3T1MJxtGavvrmYvYIGz/N/43(fcase =no)
[3882] string-match:smtp-ZIP-message-body:brAiAFYAAABW(fcase =no)
[3883] string-match:pop3-ZIP-message-body:brAiAFYAAABW(fcase =no)
[3884] string-match:imap-ZIP-message-body:brAiAFYAAABW(fcase =no)
[3885] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5031:no
[3886] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5032:no
[3887] string-match:pktsearch-req-text:^8testtest(fcase =no)
[3888] string-match:pktsearch-req-text:^d58614(fcase =no)
[3889] string-match:pktsearch-req-text:^rtbar(fcase =no)
[3890] string-match:pktsearch-req-text:^htbar(fcase =no)
[3891] numerical-eq:netbios-ss-dcerpc-req-LSARPC-request-op-num:0xffffffff:0x0e:no
[3892] string-match:netbios-ss-smb-transaction-buffer:\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(fcase =no)
[3893] string-match:smtp-rcpt-cmd-param:%20.%20.%20.%20.%20.%20.(fcase =no)
[3894] string-match:dns-response-qname:login.oscar.aol.com(fcase =no)
[3895] string-match:dns-response-qname:aimexpress.aol.com(fcase =no)
[3896] string-match:dns-response-qname:login.icq.com(fcase =no)
[3897] string-match:dns-response-qname:my.screenname.aol.com(fcase =no)
[3898] string-match:dns-response-qname:xtraz.icq.com(fcase =no)
[3899] string-match:dns-response-qname:www.icqproxy.com(fcase =no)
[3900] string-match:dns-response-qname:aimhttp.oscar.aol.com(fcase =no)
[3901] string-match:dns-response-qname:http.proxy.icq.com(fcase =no)
[3902] string-match:pktsearch-req-text: MSNFTP\x0d\x0a(fcase =no)
[3903] string-match:pktsearch-rsp-text: MSNFTP\x0d\x0a(fcase =no)
[3904] string-match-ap:req-content-text:\x04\x00\x00\x00foo\x00\x30\x00(fcase =no)(offset=0, depth=0)
[3905] string-match-ap:rsp-content-text:\x04\x00\x00\x00foo\x00\x30\x00(fcase =no)(offset=0, depth=0)
[3906] string-match-ap:req-content-text:-GUID: {5D3E02AB-6190-11(d|D)3-BBBB-00C04F795683}\r\n(fcase =no)
[3907] string-match-ap:rsp-content-text:-GUID: {5D3E02AB-6190-11(d|D)3-BBBB-00C04F795683}\r\n(fcase =no)
[3908] unsigned-gt:rtsp-announce-content-len:0xffffffff:0x80000000:no
[3909] string-match:http-req-uri-path:/\./web-inf(fcase =yes)
[3910] string-match:http-req-uri-path:\\\.\\web-inf(fcase =yes)
[3911] string-match:http-req-uri-path://web-inf(fcase =yes)
[3912] string-match:http-req-uri-path:\\\\web-inf(fcase =yes)
[3913] string-match:http-req-uri-path:web-inf\.(/|\\)(fcase =yes)
[3914] numerical-eq:telnet-iac-cmd-counter:0xffffffff:120:no
[3915] string-match:telnet-client-data-text:\xFF\xF3\xFF\xF3\xFF\xF3\xFF\xF3\xFF\xF3(fcase =no)
[3916] unsigned-gt:ftp-unlock-cmd-param-length:0xffffffff:128:no
[3917] string-match:netbios-ss-smb-CREATE-filename:\.(exe|com|bat)\x00(fcase =yes)
[3918] string-match:netbios-ss-smb-CREATE-filename:\.\x00(e\x00x\x00e|c\x00o\x00m|b\x00a\x00t)\x00\x00(fcase =yes)
[3919] string-match:netbios-ss-smb-CREATE-filename:\\Programs\\Startup(fcase =yes)
[3920] string-match:netbios-ss-smb-CREATE-filename:\\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00s\x00\\\x00S\x00t\x00a\x00r\x00t\x00u\x00p\x00(fcase =yes)
[3921] string-match:netbios-ss-smb-CREATE-filename:\.\x00(e\x00x\x00e|c\x00o\x00m|b\x00a\x00t)\x00(fcase =yes)
[3922] numerical-eq:radius-tunnel-attr-length:0xffffffff:2:no
[3923] numerical-eq:smtp-command-name:0xffffffff:13:no
[3924] numerical-eq:smtp-command-counter:0xffffffff:150:no
[3925] string-match:http-post-req-uri-path:(\\|/)admin\.php$(fcase =yes)
[3926] string-match:http-post-req-query-param-value:^admin_enter$(fcase =yes)
[3927] string-match:http-post-req-query-param-name:^passw$(fcase =yes)
[3928] string-match:http-post-req-query-param-value:^12345$(fcase =no)
[3929] string-match:http-req-uri-path:store.cgi$(fcase =yes)
[3930] string-match:http-req-uri-query-param-name:StartID(fcase =yes)
[3931] string-match:http-req-uri-query-param-value:\x00\.html(fcase =yes)
[3932] string-match:pktsearch-req-text:^text:(fcase =no)
[3933] string-match:pktsearch-req-text:^config(fcase =no)
[3934] string-match:pktsearch-req-text:^listen(fcase =no)
[3935] string-match:pktsearch-req-text:^opennotpad(fcase =no)
[3936] string-match:pktsearch-rsp-text:^ADEIMN(fcase =no)
[3937] string-match:pktsearch-rsp-text:^AADADEAD(fcase =no)
[3938] string-match:smtp-content-type-message-header:audio/(fcase =yes)
[3939] string-match:smtp-name-message-header:\.(exe|pif|scr)(\x22|\r|\n| )(fcase =yes)
[3940] string-match:smtp-name-message-header:\.(vbs|bat)(\x22|\r|\n| )(fcase =yes)
[3941] string-match:upnp-req-location-header-text::19(fcase =no)
[3942] string-match:pktsearch-req-text:^CURDIR(fcase =no)
[3943] string-match:pktsearch-req-text:^DRIVES(fcase =no)
[3944] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:2115:no
[3945] string-match:pktsearch-rsp-text:^CURDIR(fcase =no)
[3946] string-match:pktsearch-rsp-text:^DRIVES(fcase =no)
[3947] string-match:pktsearch-req-text:User-Agent: Gnucleus(fcase =yes)
[3948] string-match:http-get-req-user-agent-header:Gnucleus(fcase =yes)
[3949] string-match:pktsearch-req-text:\nUser-Agent: (fcase =yes)
[3950] string-match:pktsearch-req-text: \(GnucDNA (fcase =yes)
[3951] string-match:http-get-req-user-agent-header: \(GnucDNA (fcase =yes)
[3952] numerical-eq:kerberos-error-code:0xffffffff:non-kerberosd:no
[3953] string-match:http-req-uri-path:(\xc0\x25|\xc0\x2e|\xc0\xa5|\xc0\xae)(fcase =no)
[3954] string-match:http-req-uri-path:(\xc0\x2f|\xc0\xaf|\xc0\x5c|\xc0\xcc)(fcase =no)
[3955] string-match:http-req-uri-path:(\xc1\x1c|\xc1\x9c)(fcase =no)
[3956] string-match:http-req-uri-path:(\\|/)cmd\.exe(fcase =yes)
[3957] string-match:netbios-ss-dcerpc-req-WINREG-request-payload:I\x00m\x00a\x00g\x00e\x00P\x00a\x00t\x00h\x00(fcase =no)
[3958] string-match:http-req-uri-path:/ext\.ini(fcase =yes)
[3959] string-match:http-req-uri-path:edit_image\.php(fcase =yes)
[3960] string-match:http-req-uri-query-param-name:userfile_name(fcase =yes)
[3961] string-match:http-req-uri-query-param-value:( ;|;%20)(fcase =no)
[3962] numerical-eq:icmp-packet-len:0xffffffff:52:no
[3963] numerical-eq:icmp-first-4b-payload:0xffffffff:0:no
[3964] numerical-eq:icmp-second-4b-payload:0xffffffff:0:no
[3965] string-match:icmp-payload:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40#C0\x40#C0(fcase =no)
[3966] string-match:rpc-call-data:\xe8\xc6\xff\xff\xff\x83\xc4\x0c\xe8\xc6\xff\xff\xff(fcase =no)
[3967] string-match:pktsearch-req-text:\xe8\xc6\xff\xff\xff\x83\xc4\x0c\xe8\xc6\xff\xff\xff(fcase =no)
[3968] string-match:pktsearch-mstream-h2a-req-text:stream/(fcase =no)
[3969] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:1777:no
[3970] string-match:pktsearch-req-text:\x97\x2dOPENDRIVE(fcase =no)
[3971] unsigned-gt:imap-rename-cmd-param-length:0xffffffff:1024:no
[3972] string-match:pktsearch-req-text:^get info(fcase =no)
[3973] string-match:pktsearch-req-text:^get drives(fcase =no)
[3974] string-match:pktsearch-req-text:^get user(fcase =no)
[3975] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:11223:no
[3976] string-match:rpc-call-data:\xeb\x49\x5e\x29\xc0\x29\xdb\x40\x89\x46\x04\x40\x89\x06\xb0\x06\x89\x46\x08\xb0\x66\x43\x89\xf1\xcd\x80(fcase =no)
[3977] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xb8\x00\x00\x00\x01\x00\x00\x00\x04(fcase =no)
[3978] string-match:pktsearch-req-text:\xeb\x49\x5e\x29\xc0\x29\xdb\x40\x89\x46\x04\x40\x89\x06\xb0\x06\x89\x46\x08\xb0\x66\x43\x89\xf1\xcd\x80(fcase =no)
[3979] numerical-eq:netbios-ss-error-code:0xffffffff:NETDDE_HEAP_OVERFLOW:no
[3980] numerical-eq:netbios-ss-dcerpc-netdde-method:0xffffffff:0:no
[3981] numerical-eq:dcerpc-error-code:0xffffffff:NETDDE_HEAP_OVERFLOW:no
[3982] numerical-eq:dcerpc-netdde-method:0xffffffff:0:no
[3983] unsigned-gt:netbios-ss-dcerpc-netdde-element-72:0xffffffff:255:no
[3984] unsigned-gt:netbios-ss-dcerpc-netdde-element-73:0xffffffff:255:no
[3985] unsigned-gt:dcerpc-netdde-element-72:0xffffffff:255:no
[3986] unsigned-gt:dcerpc-netdde-element-73:0xffffffff:255:no
[3987] numerical-eq:netbios-ss-error-code:0xffffffff:NETDDE_NBT_OVERFLOW:no
[3988] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00e\x00l\x00e\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[3989] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00e\x00l\x00e\x00t\x00e\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[3990] string-match:http-req-uri-path:query(fcase =yes)
[3991] string-match:http-req-uri-query-param-name:mss(fcase =yes)
[3992] numerical-eq:rsh-password-provided:0xffffffff:0:no
[3993] numerical-eq:rsh-crlf-cnt:0xffffffff:3:no
[3994] unsigned-gt:pop3-dele-cmd-param-length:0xffffffff:512:no
[3995] string-match:smtp-SCR-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[3996] string-match:smtp-SCR-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[3997] string-match:smtp-COM-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[3998] string-match:smtp-COM-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[3999] string-match:smtp-EXE-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4000] string-match:smtp-EXE-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4001] string-match:smtp-CPL-message-body:wPDTLq5HplUZaNAkYFrfoDuY(fcase =no)
[4002] string-match:smtp-CPL-message-body:a3gdjfPSIMGq4WP6yaUp8x9w(fcase =no)
[4003] string-match:pop3-SCR-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4004] string-match:pop3-SCR-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4005] string-match:pop3-COM-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4006] string-match:pop3-COM-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4007] string-match:pop3-EXE-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4008] string-match:pop3-EXE-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4009] string-match:pop3-CPL-message-body:wPDTLq5HplUZaNAkYFrfoDuY(fcase =no)
[4010] string-match:pop3-CPL-message-body:a3gdjfPSIMGq4WP6yaUp8x9w(fcase =no)
[4011] string-match:imap-SCR-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4012] string-match:imap-SCR-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4013] string-match:imap-COM-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4014] string-match:imap-COM-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4015] string-match:imap-EXE-message-body:D0zKK29xHKUVwdf4w5dzaG8R(fcase =no)
[4016] string-match:imap-EXE-message-body:gNU+AOspWZRIBNDYImzcFHfx(fcase =no)
[4017] string-match:imap-CPL-message-body:wPDTLq5HplUZaNAkYFrfoDuY(fcase =no)
[4018] string-match:imap-CPL-message-body:a3gdjfPSIMGq4WP6yaUp8x9w(fcase =no)
[4019] unsigned-gt:imap-stor-cmd-param-length:0xffffffff:1024:no
[4020] string-match:http-req-uri-path:(order|orders)_log\.dat(fcase =yes)
[4021] string-match:http-req-uri-path:(order|orders)_log_v12\.dat(fcase =yes)
[4022] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10085:no
[4023] string-match:pktsearch-rsp-text:^SyphSrv\x00v1\.(fcase =no)
[4024] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10086:no
[4025] string-match:pktsearch-req-text:^SyphCli(fcase =no)
[4026] string-match:ftp-pass-cmd-param:-cklaus(fcase =no)
[4027] string-match:http-req-uri-path:(\\|/)webplus(fcase =no)
[4028] string-match:http-req-uri-query-param-name:script(fcase =yes)
[4029] string-match:pop3-xtnd-cmd-param:\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa(fcase =no)
[4030] string-match:pop3-xtnd-cmd-param:\xff\xff/bin/sh\.\.\.\.\.\.\.\.\.(fcase =no)
[4031] string-match:smtp-name-message-header:\.(h|c|htm|html|doc|txt|ini|jpeg|jpg|gif|reg|ini)\.(fcase =yes)
[4032] string-match:smtp-name-message-header:(ade|bas|bat|chm|cmd|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk)"(fcase =yes)
[4033] string-match:smtp-name-message-header:\.(mdb|mde|msc|msi|msp|mst)"(fcase =yes)
[4034] string-match:smtp-name-message-header:\.(ocx|pcd|pif|pot|ppt|reg|scr|sct|shb|shs|sys)"(fcase =yes)
[4035] string-match:smtp-name-message-header:\.(url|vb|vbs|vbe|wsc|wsf|wsh)"(fcase =yes)
[4036] string-match:smtp-name-message-header:\.xl."(fcase =yes)
[4037] string-match:smtp-name-message-header:\.do."(fcase =yes)
[4038] numerical-eq:snmp-req-id-length-of-length:0xffffffff:0:no
[4039] numerical-eq:snmp-err-state-length-of-length:0xffffffff:0:no
[4040] numerical-eq:snmp-err-index-length-of-length:0xffffffff:0:no
[4041] numerical-eq:snmp-enterprise-object-id-length-of-length:0xffffffff:0:no
[4042] numerical-eq:snmp-dst-ip-length-of-length:0xffffffff:0:no
[4043] numerical-eq:snmp-trap-generic-length-of-length:0xffffffff:0:no
[4044] numerical-eq:snmp-trap-specified-length-of-length:0xffffffff:0:no
[4045] numerical-eq:snmp-time-stamp-length-of-length:0xffffffff:0:no
[4046] unsigned-gt:pop3-apop-cmd-param-length:0xffffffff:512:no
[4047] unsigned-gt:telnet-client-data-text-length:0xffffffff:1000000:no
[4048] string-match:smtp-EXE-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4049] string-match:smtp-EXE-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4050] string-match:smtp-SCR-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4051] string-match:smtp-SCR-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4052] string-match:smtp-PIF-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4053] string-match:smtp-PIF-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4054] string-match:smtp-CMD-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4055] string-match:smtp-CMD-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4056] string-match:smtp-BAT-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4057] string-match:smtp-BAT-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4058] string-match:smtp-ZIP-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4059] string-match:smtp-ZIP-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4060] string-match:smtp-ZIP-message-body:dYHAUazy4foNTIZkhw5djhDH(fcase =no)
[4061] string-match:smtp-ZIP-message-body:e+EYS9WIjWjs69YEpzQSG3CT(fcase =no)
[4062] string-match:smtp-ZIP-message-body:gcBRrPLh+g1MhmSHDl2OEMd7(fcase =no)
[4063] string-match:smtp-ZIP-message-body:4RhL1YiNaOzr1gSnNBIbcJN4(fcase =no)
[4064] string-match:pop3-EXE-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4065] string-match:pop3-EXE-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4066] string-match:pop3-SCR-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4067] string-match:pop3-SCR-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4068] string-match:pop3-PIF-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4069] string-match:pop3-PIF-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4070] string-match:pop3-CMD-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4071] string-match:pop3-CMD-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4072] string-match:pop3-BAT-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4073] string-match:pop3-BAT-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4074] string-match:pop3-ZIP-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4075] string-match:pop3-ZIP-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4076] string-match:pop3-ZIP-message-body:dYHAUazy4foNTIZkhw5djhDH(fcase =no)
[4077] string-match:pop3-ZIP-message-body:e+EYS9WIjWjs69YEpzQSG3CT(fcase =no)
[4078] string-match:pop3-ZIP-message-body:gcBRrPLh+g1MhmSHDl2OEMd7(fcase =no)
[4079] string-match:pop3-ZIP-message-body:4RhL1YiNaOzr1gSnNBIbcJN4(fcase =no)
[4080] string-match:imap-EXE-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4081] string-match:imap-EXE-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4082] string-match:imap-SCR-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4083] string-match:imap-SCR-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4084] string-match:imap-PIF-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4085] string-match:imap-PIF-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4086] string-match:imap-CMD-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4087] string-match:imap-CMD-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4088] string-match:imap-BAT-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4089] string-match:imap-BAT-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4090] string-match:imap-ZIP-message-body:LXWBwFGs8uH6DUyGZIcOXY4Q(fcase =no)
[4091] string-match:imap-ZIP-message-body:x3vhGEvViI1o7OvWBKc0Ehtw(fcase =no)
[4092] string-match:imap-ZIP-message-body:dYHAUazy4foNTIZkhw5djhDH(fcase =no)
[4093] string-match:imap-ZIP-message-body:e+EYS9WIjWjs69YEpzQSG3CT(fcase =no)
[4094] string-match:imap-ZIP-message-body:gcBRrPLh+g1MhmSHDl2OEMd7(fcase =no)
[4095] string-match:imap-ZIP-message-body:4RhL1YiNaOzr1gSnNBIbcJN4(fcase =no)
[4096] string-match:imap-select-cmd-param:core(fcase =no)
[4097] string-match:lpr-receive-control-file-content:\nLroot\nM-oA/var/(fcase =no)
[4098] string-match:lpr-receive-control-file-content:\nLroot\nM-oC/var/(fcase =no)
[4099] string-match:smtp-mail-cmd-param:from: <>(\r|\n)(fcase =yes)
[4100] string-match:http-req-uri-path:iisadmin(\\|/)bdir\.htr(fcase =yes)
[4101] numerical-eq:dcerpc-udp-req-MESSAGE-request-udp-op-num:0xffffffff:0:no
[4102] unsigned-gt:dcerpc-udp-MESSAGE-request-udp-length:0xffffffff:2200:no
[4103] numerical-eq:dcerpc-MESSAGE-request-op-num:0xffffffff:0:no
[4104] unsigned-gt:dcerpc-req-MESSAGE-request-frag-length:0xffffffff:2200:no
[4105] numerical-eq:netbios-ss-dcerpc-req-MESSAGE-request-op-num:0xffffffff:0:no
[4106] unsigned-gt:netbios-ss-dcerpc-req-MESSAGE-frag-length:0xffffffff:2200:no
[4107] string-match:pktsearch-req-text:^\x2fbeep(fcase =no)
[4108] string-match:pktsearch-req-text:^\x2fyche(fcase =no)
[4109] string-match:pktsearch-req-text:^\x2fflood(fcase =no)
[4110] string-match:pktsearch-req-text:^\x2fbomb(fcase =no)
[4111] string-match:pktsearch-req-text:^\x2fformat(fcase =no)
[4112] string-match:pktsearch-req-text:^\x2ficq(fcase =no)
[4113] string-match:pktsearch-req-text:^\x2freboot(fcase =no)
[4114] string-match:pktsearch-req-text:^\x2fopen(fcase =no)
[4115] string-match:pktsearch-req-text:^\x2fclose(fcase =no)
[4116] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:65000:no
[4117] string-match:pktsearch-rsp-text:^pass_pleaz(fcase =no)
[4118] string-match:pktsearch-req-text:^pass_pleaz(fcase =no)
[4119] string-match:irc-req-text:^version(fcase =no)
[4120] string-match:irc-rsp-text:^passed(fcase =no)
[4121] string-match:irc-rsp-text:^pass_pleaz(fcase =no)
[4122] string-match:irc-req-text:^pass_pleaz(fcase =no)
[4123] string-match:pktsearch-rsp-text:^passed(fcase =no)
[4124] string-match:pktsearch-req-text:^start hide(fcase =no)
[4125] string-match:pktsearch-req-text:^start show(fcase =no)
[4126] string-match:tds-sybase-client-query-payload:xp_freedll\((fcase =yes)
[4127] unsigned-gt:smtp-etrn-cmd-param-length:0xffffffff:260:no
[4128] string-match:smtp-etrn-cmd-param:\x31\xc0\x40\x40\x89\x45\xf4\x48\x89\x45\xf8\x48\x89(fcase =no)
[4129] string-match:http-req-uri-path:quick_reply.php(fcase =yes)
[4130] string-match:http-req-query-param-name:phpbb_root_path(fcase =yes)
[4131] string-match:pktsearch-afs-req-text:\x00\x00\x00\x86(fcase =no)
[4132] string-match:pktsearch-afs-req-text:\x31\xdb\xcd\x80(fcase =no)
[4133] string-match:pktsearch-afs-req-text:/bin/sh(fcase =no)
[4134] string-match:rpc-call-data:\x00\x01\x87\x03\x00\x00\x00\x01\x00\x00\x00\x01(fcase =no)
[4135] string-match:rpc-call-data:\x00\x01\x87\x03\x00\x00\x00\x02\x00\x00\x00\x01(fcase =no)
[4136] string-match:rpc-call-data:0x3b(fcase =no)
[4137] string-match:irc-req-text:!Hacks for my list of Hacks(fcase =no)
[4138] string-match:irc-req-text:RealWayToHack for a Help with hacking(fcase =no)
[4139] string-match:irc-rsp-text:RealWayToHack for a Help with hacking(fcase =no)
[4140] string-match:pktsearch-req-text:^from=iGLOO(fcase =no)
[4141] string-match:tds-mssql-client-query-payload:o\x00p\x00e\x00n\x00d\x00a\x00t\x00a\x00s\x00o\x00u\x00r\x00c\x00e\x00(fcase =yes)
[4142] string-match:netbios-ss-tds-client-query-payload:o\x00p\x00e\x00n\x00d\x00a\x00t\x00a\x00s\x00o\x00u\x00r\x00c\x00e\x00(fcase =yes)
[4143] numerical-eq:icmp-echo-reply-id:0xffffffff:456:no
[4144] string-match:icmp-echo-reply-payload:\x31\x32\x33\x34\x35\x00(fcase =no)
[4145] string-match:http-req-uri-path:%1u%1u(fcase =no)
[4146] string-match:http-req-uri-path:(get32\.exe|get16\.exe|post32\.exe|post16\.exe|tst\.bat|tst2\.bat|lsin\.exe|lsindex2\.bat|imapcern\.exe|imapncsa\.exe|aliredir\.exe)\|(fcase =yes)
[4147] string-match:smtp-message-body:\n\nTV..AA.AAA(fcase =no)
[4148] string-match:smtp-message-body:\n\r\nTV..AA.AA(fcase =no)
[4149] string-match:smtp-ZIP-message-body:TVqQAAMAAAAE(fcase =no)
[4150] string-match:smtp-ZIP-message-body:AAAA//8AALgA(fcase =no)
[4151] string-match:smtp-ZIP-message-body:WpAAAwAAAAQA(fcase =no)
[4152] string-match:smtp-ZIP-message-body:AAD//wAAuAAA(fcase =no)
[4153] string-match:smtp-ZIP-message-body:kAADAAAABAAA(fcase =no)
[4154] string-match:smtp-ZIP-message-body:AP//AAC4AAAA(fcase =no)
[4155] string-match:pop3-message-body:\n\nTVqQAAMAAAAEAAAA//8AAL(fcase =no)
[4156] string-match:pop3-message-body:\n\r\nTVqQAAMAAAAEAAAA//8AA(fcase =no)
[4157] string-match:pop3-ZIP-message-body:TVqQAAMAAAAE(fcase =no)
[4158] string-match:pop3-ZIP-message-body:AAAA//8AALgA(fcase =no)
[4159] string-match:pop3-ZIP-message-body:WpAAAwAAAAQA(fcase =no)
[4160] string-match:pop3-ZIP-message-body:AAD//wAAuAAA(fcase =no)
[4161] string-match:pop3-ZIP-message-body:kAADAAAABAAA(fcase =no)
[4162] string-match:pop3-ZIP-message-body:AP//AAC4AAAA(fcase =no)
[4163] string-match:imap-message-body:\n\nTVqQAAMAAAAEAAAA//8AAL(fcase =no)
[4164] string-match:imap-message-body:\n\r\nTVqQAAMAAAAEAAAA//8AA(fcase =no)
[4165] string-match:imap-ZIP-message-body:TVqQAAMAAAAE(fcase =no)
[4166] string-match:imap-ZIP-message-body:AAAA//8AALgA(fcase =no)
[4167] string-match:imap-ZIP-message-body:WpAAAwAAAAQA(fcase =no)
[4168] string-match:imap-ZIP-message-body:AAD//wAAuAAA(fcase =no)
[4169] string-match:imap-ZIP-message-body:kAADAAAABAAA(fcase =no)
[4170] string-match:imap-ZIP-message-body:AP//AAC4AAAA(fcase =no)
[4171] string-match:pktsearch-req-text:CDTRAY(fcase =no)
[4172] string-match:pktsearch-req-text:FLASH-COLORS(fcase =no)
[4173] string-match:pktsearch-req-text:clLime(fcase =no)
[4174] string-match:pktsearch-req-text:clGreen(fcase =no)
[4175] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:32418:no
[4176] string-match:pktsearch-req-text:^CDTRAY(fcase =no)
[4177] string-match:pktsearch-req-text:^FLASH-COLORS(fcase =no)
[4178] string-match:pktsearch-req-text:^clLime(fcase =no)
[4179] string-match:pktsearch-req-text:^clGreen(fcase =no)
[4180] string-match:smtp-message-body:b6iUb1iTaJdgSJdgiDBhCDRg(fcase =no)
[4181] string-match:smtp-message-body:g0YIG4lGDIhGF4hGGohGRVBW(fcase =no)
[4182] string-match:smtp-message-body:W4vc2guLWMuZWNobyAnaDo6M(fcase =no)
[4183] string-match:smtp-message-body:XIK/71yCv+9cgr/vXIK/71yC(fcase =no)
[4184] string-match:pktsearch-req-text:INVITE MSNMSGR:(fcase =no)
[4185] string-match:pktsearch-req-text:{A4268EEC-FEC5-49E5-95C3-F126696BDBF6}(fcase =no)
[4186] string-match:pktsearch-req-text:TG9jYXRpb249Ii4uXC4u(fcase =no)
[4187] string-match:pktsearch-req-text:IExvY2F0aW9uPSIuLlwu(fcase =no)
[4188] string-match:pktsearch-req-text:b2NhdGlvbj0iLi5cLi(fcase =no)
[4189] string-match:pktsearch-rsp-text:MSNSLP/1\.0 200 OK(fcase =no)
[4190] string-match:pktsearch-rsp-text:^phAse(fcase =no)
[4191] string-match:http-req-uri-path:cachemgr\.cgi(fcase =yes)
[4192] string-match:http-req-uri-query-param-name:port(fcase =yes)
[4193] string-match:http-req-uri-query-param-name:user_name(fcase =yes)
[4194] string-match:pktsearch-req-text:Invitation-Cookie:(fcase =no)
[4195] string-match:http-req-uri-path:\.html(/|\\)(fcase =yes)
[4196] string-match:http-req-uri-path:(/|\\)\.\.(fcase =yes)
[4197] string-match:irc-req-privmsg-cmd-param::\(trinity\)(fcase =yes)
[4198] string-match:irc-req-message::\(entitee\)(fcase =yes)
[4199] string-match:irc-req-join-cmd-param:#b3eblebr0x(fcase =yes)
[4200] string-match:irc-req-text::\(trinity\) someone needs a miracle\.\.\.(fcase =no)
[4201] string-match:irc-req-text::\(trinity\) i will now hit on random ports\.\.\.(fcase =no)
[4202] string-match:irc-rsp-text::\(trinity\) ping(fcase =no)
[4203] string-match:irc-rsp-text::\(trinity\) tudp(fcase =no)
[4204] string-match:irc-rsp-text::\(trinity\) tfrag(fcase =no)
[4205] string-match:irc-rsp-text::\(trinity\) tsyn(fcase =no)
[4206] string-match:irc-rsp-text::\(trinity\) trst(fcase =no)
[4207] string-match:irc-rsp-text::\(trinity\) trnd(fcase =no)
[4208] string-match:irc-rsp-text::\(trinity\) tack(fcase =no)
[4209] string-match:irc-rsp-text::\(trinity\) testab(fcase =no)
[4210] string-match:irc-rsp-text::\(trinity\) tnull(fcase =no)
[4211] string-match:irc-req-text::\(trinity\) ping(fcase =no)
[4212] string-match:irc-req-text::\(trinity\) tudp(fcase =no)
[4213] string-match:irc-req-text::\(trinity\) tfrag(fcase =no)
[4214] string-match:irc-req-text::\(trinity\) tsyn(fcase =no)
[4215] string-match:irc-req-text::\(trinity\) trst(fcase =no)
[4216] string-match:irc-req-text::\(trinity\) trnd(fcase =no)
[4217] string-match:irc-req-text::\(trinity\) tack(fcase =no)
[4218] string-match:irc-req-text::\(trinity\) testab(fcase =no)
[4219] string-match:irc-req-text::\(trinity\) tnull(fcase =no)
[4220] string-match:pktsearch-rsp-text:^XLog 2\.2(fcase =no)
[4221] string-match:pktsearch-rsp-text:written by Garret(fcase =no)
[4222] string-match:http-get-req-uri-path:scrsvr\.exe(fcase =yes)
[4223] string-match:http-get-req-host-header:www\.opasoft\.com(fcase =yes)
[4224] string-match:http-req-uri-path:work/scheduler\.php(fcase =yes)
[4225] string-match:http-req-host-header:www\.opasoft\.com(fcase =yes)
[4226] numerical-eq:netbios-ss-dcerpc-req-SAMR-request-op-num:0xffffffff:0x07:no
[4227] numerical-eq:netbios-ss-dcerpc-req-SAMR-request-op-num:0xffffffff:0x0d:no
[4228] numerical-eq:netbios-ss-dcerpc-req-SAMR-request-op-num:0xffffffff:0x28:no
[4229] string-match:netbios-ss-smb-rsp-transaction-buffer:A\x00d\x00m\x00i\x00n\x00i\x00s\x00t\x00r\x00a\x00t\x00o\x00r\x00(fcase =no)
[4230] string-match:smtp-first-invalid-cmd-text:(\x00){12}(fcase =no)
[4231] string-match:http-post-req-uri-path:(calender|calender_admin)\.pl(fcase =yes)
[4232] string-match:http-post-req-message-body:=|(fcase =no)
[4233] numerical-eq:h225-error-code:0xffffffff:DestinationAddressE164LengthAnomaly:no
[4234] numerical-eq:rpc-call-procedure:0xffffffff:13:no
[4235] numerical-eq:rpc-call-prognum:0xffffffff:391016:no
[4236] string-match:pktsearch-req-text:User-Agent: LimeWire(fcase =yes)
[4237] string-match:http-get-req-user-agent-header:LimeWire(fcase =yes)
[4238] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:31:no
[4239] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:456:no
[4240] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:3129:no
[4241] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:40421:no
[4242] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:40422:no
[4243] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:40423:no
[4244] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:40425:no
[4245] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:40426:no
[4246] string-match:pktsearch-req-text:^GetAgentInfo(fcase =no)
[4247] string-match:pktsearch-req-text:^ListWindows(fcase =no)
[4248] string-match:pktsearch-req-text:^List (fcase =no)
[4249] string-match:pktsearch-req-text:^MouseMove (fcase =no)
[4250] string-match:pktsearch-req-text:^Closewindow (fcase =no)
[4251] string-match:http-post-req-content-type-header:/x-www-form-(fcase =no)
[4252] string-match:http-post-req-transfer-encoding-header:chunked(fcase =no)
[4253] string-match:http-post-req-uri-query-params:\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1d\x8d\xa0\xf0(fcase =no)
[4254] unsigned-gt:socks-v5-user-len:0xffffffff:127:no
[4255] unsigned-gt:socks-v5-pass-len:0xffffffff:127:no
[4256] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7307:no
[4257] string-match:pktsearch-rsp-text:^... bytes\x0d\x0a\x00\x00(fcase =no)
[4258] string-match:netbios-ss-smb-open_andx-buffer:\.pwl\x00(fcase =yes)
[4259] string-match:netbios-ss-smb-open_andx-buffer:\x00\.\x00p\x00w\x00l\x00(fcase =yes)
[4260] string-match:netbios-ss-smb-nt_create_andx-buffer:\.pwl\x00(fcase =yes)
[4261] string-match:netbios-ss-smb-nt_create_andx-buffer:\x00\.\x00p\x00w\x00l\x00(fcase =yes)
[4262] string-match:smtp-vrfy-cmd-param:\([\r\n](fcase =no)
[4263] string-match:smtp-expn-cmd-param:\([\r\n](fcase =no)
[4264] string-match:smtp-mail-cmd-param:from: \((fcase =yes)
[4265] string-match:smtp-rcpt-cmd-param:to: \((fcase =yes)
[4266] string-match:rpc-call-data:\x94\x1b\xc0\x0f\xec\x02\x3f\xf0\xac\x22\x80\x16(fcase =no)
[4267] string-match:pktsearch-req-text:\x94\x1b\xc0\x0f\xec\x02\x3f\xf0\xac\x22\x80\x16(fcase =no)
[4268] string-match:pktsearch-rsp-text:^PWD(fcase =no)
[4269] string-match:pktsearch-req-text:^PWD(fcase =no)
[4270] string-match:pktsearch-rsp-text:^connected\. (fcase =no)
[4271] string-match:pktsearch-rsp-text:version: (fcase =no)
[4272] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00c\x00o\x00n\x00t\x00r\x00o\x00l\x00q\x00u\x00e\x00u\x00e\x00s\x00e\x00r\x00v\x00i\x00c\x00e(fcase =yes)
[4273] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00c\x00o\x00n\x00t\x00r\x00o\x00l\x00q\x00u\x00e\x00u\x00e\x00s\x00e\x00r\x00v\x00i\x00c\x00e(fcase =yes)
[4274] string-match:http-req-uri-path:^(\\){6}(fcase =no)
[4275] string-match:http-req-uri-path:^(/){6}(fcase =no)
[4276] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5534:no
[4277] string-match:pktsearch-req-text:^{E}[cCdDeE]:\\(fcase =no)
[4278] unsigned-gt:http-webdav-propfind-req-content-length:0xffffffff:100000:no
[4279] unsigned-gt:http-webdav-search-req-content-length:0xffffffff:100000:no
[4280] string-match:pktsearch-req-text:\x82\x10\x20.\x91\xd0\x38\x08(fcase =no)
[4281] string-match:pktsearch-req-text:\x82\x10\x20.\x91\xd0\x38\x10(fcase =no)
[4282] string-match:pktsearch-req-text:\x04\xbf\xff.\x81\xdd\xff\xfc(fcase =no)
[4283] string-match:pktsearch-req-text:\x00\x01\x87\x03\x00\x00\x00\x01\x00\x00\x00\x01(fcase =no)
[4284] string-match:pktsearch-req-text:^VER (fcase =no)
[4285] string-match:pktsearch-rsp-text:^Snid X2 Server - (fcase =no)
[4286] string-match:pktsearch-rsp-text:^Snid X3 Server - (fcase =no)
[4287] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00e\x00a\x00d\x00p\x00k\x00f\x00r\x00o\x00m\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[4288] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00e\x00a\x00d\x00p\x00k\x00f\x00r\x00o\x00m\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[4289] string-match:http-req-uri-path:(\\|/)netauth.cgi$(fcase =yes)
[4290] string-match:rlogin-username-client-login:^root[\r\n](fcase =no)
[4291] string-match:rlogin-client-handshake-serveruser-text:^root$(fcase =no)
[4292] string-match:pktsearch-req-text:^messagebox(fcase =no)
[4293] string-match:pktsearch-req-text:^inputboxman(fcase =no)
[4294] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5011:no
[4295] string-match:http-req-uri-path:\.php3.\\\.\.(fcase =yes)
[4296] string-match:smtp-message-body:UgBvAG8AdAAgA(fcase =no)
[4297] string-match:smtp-message-body:EUAbgB0AAByAH(fcase =no)
[4298] string-match:smtp-message-body:AG8AbwB0ACAAR(fcase =no)
[4299] string-match:smtp-message-body:QBuAHQAAHIA(fcase =no)
[4300] string-match:smtp-message-body:bwBvAHQAIABFAG4AdA(fcase =no)
[4301] string-match:smtp-message-body:2PRQMLWYzxG7ggCqAL3O(fcase =no)
[4302] string-match:smtp-message-body:9FAwtZjPEbuCAKoAvc4L(fcase =no)
[4303] string-match:smtp-message-body:UDC1mM8Ru4IAqgC9(fcase =no)
[4304] unsigned-gt:smtp-help-cmd-param-length:0xffffffff:514:no
[4305] unsigned-gt:http-get-req-uri-query-param-value-length:0xffffffff:10023:no
[4306] string-match:http-get-req-uri-path:(/|\\)pi$(fcase =yes)
[4307] numerical-eq:h225-error-code:0xffffffff:SourceAddressChoiceAnomaly:no
[4308] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:9878:no
[4309] string-match:pktsearch-req-text:^ID(fcase =no)
[4310] string-match:tds-mssql-server-response-payload:L\x00o\x00g\x00i\x00n\x00 \x00f\x00a\x00i\x00l\x00e\x00d\x00 \x00f\x00o\x00r\x00 \x00u\x00s\x00e\x00r\x00 \x00\x27\x00s\x00a\x00\x27(fcase =yes)
[4311] string-match:tds-mssql-server-response-payload:Login failed for user \x27sa\x27(fcase =yes)
[4312] numerical-eq:tds-mssql-response-code:0xffffffff:0xaa:no
[4313] string-match:tds-mssql-server-response-payload:L\x00o\x00g\x00i\x00n\x00 \x00f\x00a\x00i\x00l\x00e\x00d\x00 (fcase =yes)
[4314] string-match:tds-mssql-server-response-payload:Login failed (fcase =yes)
[4315] string-match:ftp-cwd-cmd-param:\.%20\.(fcase =no)
[4316] string-match:http-req-uri-path:process_bug\.cgi$(fcase =no)
[4317] string-match:http-req-uri-query-param-name:who(fcase =no)
[4318] string-match:http-req-uri-query-param-name:bug_status(fcase =no)
[4319] string-match:http-req-uri-query-param-value:;(echo|cat) (fcase =no)
[4320] unsigned-gt:snmp-err-state-msg-qllength:0xffffffff:4:no
[4321] unsigned-gt:snmp-err-state-length-of-length:0xffffffff:2:no
[4322] string-match:tftp-rrq-filename:msblast\.exe(fcase =yes)
[4323] string-match:tftp-rrq-filename:root32\.exe(fcase =yes)
[4324] string-match:tftp-rrq-filename:teekids\.exe(fcase =yes)
[4325] string-match:tftp-rrq-filename:index\.exe(fcase =yes)
[4326] string-match:tftp-rrq-filename:penis32\.exe(fcase =yes)
[4327] numerical-eq:http-req-webdav-xmlattr-count:0xffffffff:5000:no
[4328] string-match:pktsearch-req-text:^info(fcase =no)
[4329] string-match:pktsearch-rsp-text:^Product Name(fcase =no)
[4330] string-match:smtp-message-body:\x3cobject(fcase =yes)
[4331] string-match:smtp-message-body:location\.reload\(\)(fcase =yes)
[4332] unsigned-gt:dcerpc-dcom-file-name-length:0xffffffff:527:no
[4333] numerical-eq:dcerpc-error-code:0xffffffff:18:no
[4334] unsigned-gt:netbios-ss-dcerpc-dcom-file-name-length:0xffffffff:527:no
[4335] numerical-eq:netbios-ss-error-code:0xffffffff:20:no
[4336] string-match:rpc-call-data:\x80\xff\xff\xac\x84\xff\xec\x24\x84\xff\xf8\x24\x85\xff\xf0\xac\x84\xff\xf0(fcase =no)
[4337] string-match:pktsearch-req-text:\x80\xff\xff\xac\x84\xff\xec\x24\x84\xff\xf8\x24\x85\xff\xf0\xac\x84\xff\xf0(fcase =no)
[4338] string-match:pktsearch-rsp-text:^Welcome\x21\x0d\x0a\x23\x20(fcase =no)
[4339] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:34324:no
[4340] string-match:pktsearch-req-text:^View(fcase =no)
[4341] string-match:pktsearch-rsp-text:^Welcome!\r\n# (fcase =no)
[4342] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00p\x00r\x00o\x00x\x00i\x00e\x00d\x00m\x00e\x00t\x00a\x00d\x00a\x00t\x00a(fcase =yes)
[4343] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00p\x00r\x00o\x00x\x00i\x00e\x00d\x00m\x00e\x00t\x00a\x00d\x00a\x00t\x00a(fcase =yes)
[4344] numerical-eq:snmp-err-code:0xffffffff:req-to-trap:no
[4345] unsigned-gt:telnet-server-environ-sb-param-length:0xffffffff:128:no
[4346] string-match:http-req-uri-path:\.chl+(fcase =yes)
[4347] numerical-eq:pptp-invalid-msg:0xffffffff:1:no
[4348] unsigned-lt:pptp-req-msg-len:0xffffffff:64:no
[4349] unsigned-gt:pptp-req-msg-len:0xffffffff:10:no
[4350] string-match:lpr-lprng-extend-cmd-params: root start (fcase =no)
[4351] string-match:lpr-lprng-extend-cmd-params: root topq (fcase =no)
[4352] string-match:finger-client-data-text:cmd_rootsh(fcase =no)
[4353] string-match:finger-client-data-text:cmd_adduser(fcase =no)
[4354] string-match:finger-client-data-text:cmd_deluser(fcase =no)
[4355] string-match:finger-client-data-text:cmd_stealth(fcase =no)
[4356] string-match:finger-client-data-text:cmd_cleanup(fcase =no)
[4357] string-match:http-req-uri-path:(\.asp|\.htr)\\$(fcase =yes)
[4358] string-match:pktsearch-rsp-text:^ForCed EnTrY (fcase =no)
[4359] string-match:pktsearch-rsp-text:^nfo on the specified drive(fcase =no)
[4360] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:142:no
[4361] string-match:pktsearch-rsp-text:^00Ver\. 1\.8(fcase =no)
[4362] string-match:http-req-uri-path:awstats\.pl(fcase =yes)
[4363] string-match:http-req-uri-query-params:configdir=|(fcase =yes)
[4364] string-match:http-req-uri-query-params:logfile=|(fcase =yes)
[4365] string-match:http-req-uri-query-params:pluginmode=:system(fcase =yes)
[4366] string-match:http-req-uri-path:\.jsp\x00\.(fcase =yes)
[4367] string-match:http-req-uri-path:/\x00\.jsp(fcase =yes)
[4368] string-match:pktsearch-req-text:^FC\x20(fcase =no)
[4369] string-match:pktsearch-rsp-text:^WHATISIT(fcase =no)
[4370] string-match:pktsearch-rsp-text:^FC'S TROJAN(fcase =no)
[4371] string-match:tds-mssql-client-query-payload:s\x00p\x00_\x00s\x00t\x00a\x00r\x00t\x00_\x00j\x00o\x00(fcase =yes)
[4372] string-match:netbios-ss-tds-client-query-payload:s\x00p\x00_\x00s\x00t\x00a\x00r\x00t\x00_\x00j\x00o\x00(fcase =yes)
[4373] string-match:http-req-uri-query-param-value:default\.asp(fcase =yes)
[4374] string-match:http-post-req-message-body:\.\.(/|\\)(fcase =no)
[4375] string-match:http-post-req-message-body:default\.asp(fcase =yes)
[4376] string-match:http-post-req-uri-path:\.htw$(fcase =yes)
[4377] string-match:http-post-req-message-body:CiWebHitsFile(fcase =yes)
[4378] unsigned-gt:snmp-null-msg-qllength:0xffffffff:0:no
[4379] string-match:pop3-auth-cmd-param:\xeb\x22\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x31\xc0\xaa\x89\xf9\x89\xf0\xab(fcase =no)
[4380] string-match:pop3-auth-cmd-param:\xff\xff/bin/sh(fcase =no)
[4381] string-match:pop3-auth-cmd-param:\xeb\x1b\x5e\x89\xf3\x89\xf7\x83\xc7\x07\x29\xc0\xaa\x89(fcase =no)
[4382] numerical-eq:http-error-code:0xffffffff:ASP.NET_SLASH_BYPASS:no
[4383] string-match:http-req-uri-path:%5c(fcase =yes)
[4384] string-match:http-req-uri-path:\.aspx(fcase =yes)
[4385] numerical-eq:dns-response-ancount:0xffffffff:3:no
[4386] numerical-eq:dns-response-answer-type:0xffffffff:12:no
[4387] numerical-eq:dns-response-answer-type:0xffffffff:10:no
[4388] string-match:dns-response-answer-rdata:(N){12}(fcase =no)
[4389] numerical-eq:dns-response-ancount:0xffffffff:2:no
[4390] string-match:dns-response-answer-rdata:A{12}(fcase =no)
[4391] unsigned-gt:dns-rdlength:0xffffffff:180:no
[4392] unsigned-gt:ssl-PCT-client-hello-challange-len:0xffffffff:19:no
[4393] string-match:pktsearch-rsp-text:Mini Oblivion v0\.1 Ready\.(fcase =no)
[4394] string-match:pktsearch-rsp-text:^Oblivion 0\.1 ready\.(fcase =no)
[4395] string-match:pktsearch-req-text:[\n; \t/]id[\n; \t](fcase =no)
[4396] string-match:pktsearch-req-text:id[\n; \t](fcase =no)
[4397] string-match:pktsearch-rsp-text:uid=0\(root\).gid=(fcase =no)
[4398] string-match:pktsearch-rsp-text:uid=.\(bin\).gid=(fcase =no)
[4399] string-match:pktsearch-rsp-text:uid=.\(sys\).gid=(fcase =no)
[4400] string-match:pktsearch-req-text:[\n; \t/]whoami[\n; \t](fcase =no)
[4401] string-match:pktsearch-req-text:whoami[\n; \t](fcase =no)
[4402] string-match:pktsearch-rsp-text:(root|bin|sys)\x0a(fcase =no)
[4403] numerical-eq:pktsearch-unix-sh-counter:0xffffffff:2:no
[4404] unsigned-gt:netbios-ss-smb-bytecount:0xffffffff:4000:no
[4405] unsigned-gt:netbios-ss-tds-req-type:0xffffffff:0x12:no
[4406] unsigned-gt:netbios-ss-error-code:0xffffffff:16:no
[4407] string-match:http-req-uri-path:(\\|/)jj$(fcase =no)
[4408] string-match:http-req-uri-query-param-name:^get=(fcase =no)
[4409] string-match:http-req-uri-query-param-name:^cd=(fcase =no)
[4410] string-match:http-req-uri-path:^/fm(fcase =no)
[4411] string-match:http-req-uri-path:^/process$(fcase =no)
[4412] string-match:http-req-uri-path:^/x-logout$(fcase =no)
[4413] numerical-eq:dns-request-type:0xffffffff:0xc007:no
[4414] string-match:dns-request-qname:\xc0\x0c\xc0\x07\xc0\x10\xc0(fcase =no)
[4415] unsigned-gt:smtp-x_link2state-cmd-param-length:0xffffffff:1000:no
[4416] unsigned-gt:finger-space-counter:0xffffffff:4:no
[4417] string-match:finger-client-data-text:a b c d e f(fcase =no)
[4418] string-match:finger-server-data-text:Login(fcase =no)
[4419] string-match:finger-server-data-text:root     Super-User(fcase =no)
[4420] string-match:http-req-uri-path:/bizdb1-search\.cgi(fcase =no)
[4421] string-match:http-req-query-params:dbname=;(fcase =no)
[4422] string-match:http-req-query-params:dbname=`(fcase =no)
[4423] string-match:ssrs-req-text:\x5f\x66\xb9\x65\x74\x51\x68\x73\x6f\x63(fcase =no)
[4424] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7001:no
[4425] string-match:pktsearch-rsp-text:^hello\x3EWELCOMEwho do u want to phuk today\x3E(fcase =no)
[4426] unsigned-gt:dhcp-req-cf-hdwraddr-len:0xffffffff:0xfa:no
[4427] unsigned-gt:dhcp-req-cf-hostname-option-len:0xffffffff:160:no
[4428] unsigned-gt:dhcp-req-cf-client-identifier-option-len:0xffffffff:80:no
[4429] string-match:http-req-uri-path:\.(exe|com)\?/c+(fcase =yes)
[4430] string-match:http-req-uri-path:\.(exe|com)$(fcase =yes)
[4431] string-match:http-req-uri-query-param-name:rename(fcase =yes)
[4432] string-match:http-req-uri-query-param-name:dir+(fcase =yes)
[4433] string-match:http-req-uri-query-param-name:ftp+(fcase =yes)
[4434] string-match:http-req-uri-query-param-name:copy+(fcase =yes)
[4435] string-match:http-req-uri-query-param-name:del+(fcase =yes)
[4436] string-match:http-req-uri-path:/cfide/(fcase =yes)
[4437] string-match:http-req-uri-path:/administrator/(fcase =yes)
[4438] string-match:http-req-uri-path:/startstop\.html$(fcase =yes)
[4439] string-match:smtp-expn-cmd-param:*@(fcase =no)
[4440] string-match:http-req-uri-path:/\.cobalt/(fcase =no)
[4441] string-match:http-req-uri-path:overflow\.cgi(fcase =no)
[4442] string-match:http-post-req-uri-path:/\.cobalt/(fcase =no)
[4443] string-match:http-post-req-uri-path:overflow\.cgi(fcase =no)
[4444] string-match:http-post-req-message-body:email=`(fcase =no)
[4445] numerical-eq:h225-error-code:0xffffffff:PROTOSuite:no
[4446] string-match:rpc-call-data:\x80\x1c\x40\x11\x80\x1c\x40\x11(fcase =no)
[4447] string-match:rpc-call-data:\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff\x90\x03\xe0\x50\x92\x22\x20\x10\x94\x1b\xc0\x0f(fcase =no)
[4448] numerical-eq:rpc-call-prognum:0xffffffff:100009:no
[4449] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xa9\x00\x00\x00\x01\x00\x00\x00\x01(fcase =no)
[4450] string-match:pktsearch-req-text:\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff\x90\x03\xe0\x50\x92\x22\x20\x10\x94\x1b\xc0\x0f(fcase =no)
[4451] unsigned-gt:ldap-searchreq-filter-length:0xffffffff:40000:no
[4452] string-match:pktsearch-rsp-text:^\x0d\x0a\[RPL\]002\x0d\x0a(fcase =no)
[4453] string-match:pktsearch-req-text:Password (fcase =no)
[4454] string-match:pktsearch-rsp-text:\[RPL\]003(fcase =no)
[4455] string-match:pktsearch-rsp-text:server time/date(fcase =no)
[4456] string-match:pktsearch-rsp-text:version (fcase =no)
[4457] string-match:http-post-req-uri-path:(\\|/)websendmail(fcase =no)
[4458] string-match:http-post-req-message-body:receiver(fcase =no)
[4459] string-match:http-post-req-message-body:sender(fcase =no)
[4460] string-match:http-post-req-message-body:content(fcase =no)
[4461] unsigned-gt:socks-v4a-domainname-text-len:0xffffffff:140:no
[4462] unsigned-gt:socks-v4a-domainname-text-len:0xffffffff:127:no
[4463] string-match:pktsearch-rsp-text:^ServerSocket Connect\.\.\.(fcase =no)
[4464] numerical-eq:dns-request-hdr-id:0xffffffff:0xbeef:no
[4465] numerical-eq:dns-request-hdr-ra:0xffffffff:1:no
[4466] numerical-eq:dns-request-answer-ttl:0xffffffff:1:no
[4467] numerical-eq:dns-request-answer-rdlength:0xffffffff:0xff:no
[4468] numerical-eq:dns-request-hdr-id:0xffffffff:0xdead:no
[4469] numerical-eq:dns-request-qdcount:0xffffffff:7:no
[4470] string-match:dns-request-qname:\xe8\x72\xff\xff\xff/bin/sh(fcase =no)
[4471] string-match:http-post-req-message-body:\x3cmethodCall\x3e(fcase =yes)
[4472] string-match:http-post-req-message-body:\x3cparams\x3e(fcase =yes)
[4473] string-match:http-post-req-message-body:\x3cname\x3e','(fcase =yes)
[4474] string-match:http-post-req-message-body:\x3cname\x3ea')(fcase =yes)
[4475] string-match:http-post-req-message-body:/[*/]\x3c/name\x3e(fcase =yes)
[4476] string-match:http-post-req-message-body:\x3cstring\x3e'(fcase =yes)
[4477] string-match:http-post-req-message-body:\x3cstring\x3efoobar'(fcase =yes)
[4478] string-match:http-post-req-message-body:\x3cstring\x3eadmin'(fcase =yes)
[4479] string-match:http-post-req-message-body:\x3cstring\x3eadministrator'(fcase =yes)
[4480] string-match:http-post-req-message-body:\x3cstring\x3eroot'(fcase =yes)
[4481] string-match:http-post-req-message-body:/[*/]\x3c/string\x3e(fcase =yes)
[4482] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:4096:no
[4483] string-match:pktsearch-rsp-text:^Kid Terror 1(fcase =no)
[4484] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00e\x00c\x00o\x00d\x00e\x00q\x00u\x00e\x00u\x00e\x00c\x00m\x00d\x00 (fcase =yes)
[4485] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00e\x00c\x00o\x00d\x00e\x00q\x00u\x00e\x00u\x00e\x00c\x00m\x00d\x00 (fcase =yes)
[4486] string-match:http-req-uri-path:^\.\.\\\.\.(fcase =no)
[4487] string-match:http-req-uri-path:^\.\./\.\.(fcase =no)
[4488] string-match:smtp-EXE-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4489] string-match:smtp-EXE-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4490] string-match:smtp-SCR-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4491] string-match:smtp-SCR-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4492] string-match:smtp-COM-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4493] string-match:smtp-COM-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4494] string-match:smtp-BAT-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4495] string-match:smtp-BAT-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4496] string-match:smtp-PIF-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4497] string-match:smtp-PIF-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4498] string-match:smtp-CMD-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4499] string-match:smtp-CMD-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4500] string-match:smtp-ZIP-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4501] string-match:smtp-ZIP-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4502] string-match:smtp-ZIP-message-body:4SMkK0Rguz6dX2I/WaY+CSk6(fcase =no)
[4503] string-match:smtp-ZIP-message-body:P+4BaU4py5uI27BgY5ZSCMMv(fcase =no)
[4504] string-match:smtp-ZIP-message-body:IyQrRGC7Pp1fYj9Zpj4JKTo/(fcase =no)
[4505] string-match:smtp-ZIP-message-body:7gFpTinLm4jbsGBjllIIwy+Q(fcase =no)
[4506] string-match:pop3-EXE-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4507] string-match:pop3-EXE-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4508] string-match:pop3-SCR-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4509] string-match:pop3-SCR-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4510] string-match:pop3-COM-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4511] string-match:pop3-COM-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4512] string-match:pop3-BAT-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4513] string-match:pop3-BAT-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4514] string-match:pop3-PIF-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4515] string-match:pop3-PIF-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4516] string-match:pop3-CMD-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4517] string-match:pop3-CMD-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4518] string-match:pop3-ZIP-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4519] string-match:pop3-ZIP-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4520] string-match:pop3-ZIP-message-body:4SMkK0Rguz6dX2I/WaY+CSk6(fcase =no)
[4521] string-match:pop3-ZIP-message-body:P+4BaU4py5uI27BgY5ZSCMMv(fcase =no)
[4522] string-match:pop3-ZIP-message-body:IyQrRGC7Pp1fYj9Zpj4JKTo/(fcase =no)
[4523] string-match:pop3-ZIP-message-body:7gFpTinLm4jbsGBjllIIwy+Q(fcase =no)
[4524] string-match:imap-EXE-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4525] string-match:imap-EXE-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4526] string-match:imap-SCR-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4527] string-match:imap-SCR-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4528] string-match:imap-COM-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4529] string-match:imap-COM-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4530] string-match:imap-BAT-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4531] string-match:imap-BAT-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4532] string-match:imap-PIF-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4533] string-match:imap-PIF-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4534] string-match:imap-CMD-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4535] string-match:imap-CMD-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4536] string-match:imap-ZIP-message-body:j+EjJCtEYLs+nV9iP1mmPgkp(fcase =no)
[4537] string-match:imap-ZIP-message-body:Oj/uAWlOKcubiNuwYGOWUgjD(fcase =no)
[4538] string-match:imap-ZIP-message-body:4SMkK0Rguz6dX2I/WaY+CSk6(fcase =no)
[4539] string-match:imap-ZIP-message-body:P+4BaU4py5uI27BgY5ZSCMMv(fcase =no)
[4540] string-match:imap-ZIP-message-body:IyQrRGC7Pp1fYj9Zpj4JKTo/(fcase =no)
[4541] string-match:imap-ZIP-message-body:7gFpTinLm4jbsGBjllIIwy+Q(fcase =no)
[4542] string-match:telnet-client-data-text:su[ \n\r;](fcase =no)
[4543] string-match:telnet-server-data-text:Password:(fcase =no)
[4544] string-match:telnet-server-data-text:# (fcase =no)
[4545] string-match:telnet-client-data-text:su[ \t\n\r;](fcase =no)
[4546] string-match:telnet-server-data-text:su: incorrect password\x0d\x0a(fcase =no)
[4547] string-match:telnet-server-data-text:su: Sorry\x0d\x0a(fcase =no)
[4548] string-match:telnet-server-data-text:Sorry\x0d\x0a(fcase =no)
[4549] string-match:telnet-client-data-text:sudo[ \t](fcase =no)
[4550] string-match:pktsearch-req-text:^download(fcase =no)
[4551] string-match:pktsearch-req-text:^msg%(fcase =no)
[4552] string-match:pktsearch-req-text:^tit%(fcase =no)
[4553] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:29984:no
[4554] string-match:http-req-uri-path:\.html\.var$(fcase =yes)
[4555] numerical-eq:netbios-ns-response-hdr-rcode:0xffffffff:0x7:no
[4556] numerical-eq:netbios-ns-response-registration-ancount:0xffffffff:1:no
[4557] numerical-eq:netbios-ns-response-ttl:0xffffffff:0:no
[4558] string-match:http-get-req-uri-path:(/|\\)*\.(jsp|jhtml)(/|\\)(fcase =yes)
[4559] string-match:rpc-call-data:\x66\x89\xe1\xcd\x80\x89\xc6\xe8\xb6\xff\xff\xff\x83\xc4\x12\x50\xb9\x02\xff\x08\xae\x30\xed\x51\x89\xe2\x83\xec\x06\xb0\x10\x50(fcase =no)
[4560] string-match:rpc-call-data:\xb3\x02\x52\x56\xb0\x66\x89\xe1\xcd\x80\xb0\x10\x50\x56\xb0\x66\xb3\x04\x89\xe1\xcd\x80\xe8\x87\xff\xff\xff\x50\x50\x56\xb0\x66(fcase =no)
[4561] string-match:pktsearch-req-text:\x00\x00\x00\x00\x00\x00\x00\x02\x00\x04\x93\xf3\x00\x00\x00\x01\x00\x00\x00\x07(fcase =no)
[4562] string-match:pktsearch-req-text:\x66\x89\xe1\xcd\x80\x89\xc6\xe8\xb6\xff\xff\xff\x83\xc4\x12\x50\xb9\x02\xff\x08\xae\x30\xed\x51\x89\xe2\x83\xec\x06\xb0\x10\x50(fcase =no)
[4563] string-match:pktsearch-req-text:\xb3\x02\x52\x56\xb0\x66\x89\xe1\xcd\x80\xb0\x10\x50\x56\xb0\x66\xb3\x04\x89\xe1\xcd\x80\xe8\x87\xff\xff\xff\x50\x50\x56\xb0\x66(fcase =no)
[4564] string-match:rpc-call-data:\xeb\x31\x5e\x89\x76\xac\x8d\x5e\x08\x89\x5e\xb0\x8d\x5e\x0b\x89\x5e\xb4\x31\xc0\x88\x46\x07\x88(fcase =no)
[4565] string-match:pktsearch-req-text:\xeb\x31\x5e\x89\x76\xac\x8d\x5e\x08\x89\x5e\xb0\x8d\x5e\x0b\x89\x5e\xb4\x31\xc0\x88\x46\x07\x88(fcase =no)
[4566] string-match:rpc-call-data:\x2f\x62\x69\x6e\x2f\x6d\x61\x69\x6c\x20\x61\x62\x75\x73\x65\x72\x40\x6f\x68\x68\x61\x72\x61\x2e\x70\x6f\x73\x74\x65\x63(fcase =no)
[4567] string-match:pktsearch-req-text:\x2f\x62\x69\x6e\x2f\x6d\x61\x69\x6c\x20\x61\x62\x75\x73\x65\x72\x40\x6f\x68\x68\x61\x72\x61\x2e\x70\x6f\x73\x74\x65\x63(fcase =no)
[4568] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00r\x00e\x00s\x00e\x00t\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[4569] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00r\x00e\x00s\x00e\x00t\x00q\x00u\x00e\x00u\x00e\x00 (fcase =yes)
[4570] string-match:http-req-uri-path:mailview\.cgi(fcase =yes)
[4571] unsigned-gt:pktsearch-cabrightstor-req-pktlen:0xffffffff:966:no
[4572] string-match:pktsearch-cabrightstor-req-text:\xb0\x8e\x80\x23(fcase =no)
[4573] string-match:pktsearch-cabrightstor-req-text:\x14\x57\x80\x23(fcase =no)
[4574] unsigned-gt:rlogin-password-client-login-length:0xffffffff:128:no
[4575] numerical-eq:dns-exchange-error:0xffffffff:1:no
[4576] string-match:dhcp-rsp-sf-hostname-option:(/bin|/sbin|/opt)(fcase =no)
[4577] string-match:dhcp-rsp-sf-domnname-option:(/bin|/sbin|/opt)(fcase =no)
[4578] string-match:dhcp-rsp-sf-nis-domain-option:(/bin|/sbin|/opt)(fcase =no)
[4579] string-match:dhcp-rsp-sf-root-path-option:(/bin|/sbin|/opt)(fcase =no)
[4580] string-match:dhcp-rsp-sf-server-hostname:(/bin|/sbin|/opt)(fcase =no)
[4581] numerical-eq:pktsearch-req-1st-4b:0xFFF0FFF0:0x30303130:no
[4582] string-match:pktsearch-rsp-text:001Windows folder:(fcase =no)
[4583] string-match:pktsearch-rsp-text:00[01]User(fcase =no)
[4584] string-match:pktsearch-rsp-text:00[01]Windows folder(fcase =no)
[4585] numerical-eq:pktsearch-req-1st-4b:0xFFF0F000:0x30303000:no
[4586] string-match:http-req-uri-path:cgi-bin-sdb/(fcase =yes)
[4587] string-match:smtp-reply-message-header:a~\.`/bin/(fcase =no)
[4588] string-match:http-get-req-uri-path:(/|\\)load_prefs\.php(fcase =yes)
[4589] string-match:http-get-req-uri-query-param-name:^theme\[(fcase =yes)
[4590] string-match:pktsearch-req-text:^DCIClient(fcase =no)
[4591] string-match:pktsearch-rsp-text:^DCIServer(fcase =no)
[4592] numerical-eq:h225-error-code:0xffffffff:DestinationChoiceAnomaly:no
[4593] numerical-eq:pktsearch-udp-dst-port:0xffffffff:29891:no
[4594] string-match:pktsearch-rsp-text:^The Unexplained\.\.\. v1\.0(fcase =no)
[4595] string-match:pktsearch-rsp-text:^The Unexplained\.\.\. v(fcase =no)
[4596] string-match:pktsearch-rsp-text:^The Unexplained\.\.\. 1\.0(fcase =no)
[4597] string-match:ftp-retr-cmd-param:\.pwl(fcase =yes)
[4598] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00p\x00r\x00i\x00n\x00t\x00s\x00t\x00a\x00t\x00e\x00m\x00e\x00n\x00t\x00s(fcase =yes)
[4599] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00p\x00r\x00i\x00n\x00t\x00s\x00t\x00a\x00t\x00e\x00m\x00e\x00n\x00t\x00s(fcase =yes)
[4600] unsigned-gt:tns-req-library-name-param-text-len:0xffffffff:200:no
[4601] string-match:http-req-uri-path:(\\|/)phf$(fcase =no)
[4602] string-match:http-req-uri-path:(\\|/)phf (fcase =no)
[4603] string-match:http-req-uri-path:(\\|/)phf\r(fcase =no)
[4604] string-match:pktsearch-rsp-text:^001Dossier Windows(fcase =no)
[4605] string-match:pktsearch-req-text:^003(fcase =no)
[4606] string-match:pktsearch-rsp-text:^000Start(fcase =no)
[4607] string-match:http-req-uri-path:/ab2/(fcase =yes)
[4608] string-match:http-req-uri-path:\\ab2\\(fcase =yes)
[4609] string-match:http-req-uri-path:@AdminViewError(fcase =yes)
[4610] string-match:http-req-uri-path:@AdminAddadmin(fcase =yes)
[4611] string-match:http-req-uri-path:@AdminResetError(fcase =yes)
[4612] string-match:http-req-uri-path:@AdminViewAccess(fcase =yes)
[4613] string-match:http-req-uri-path:@Ab2Admin(fcase =yes)
[4614] string-match:http-req-uri-path:/cfdocs/(fcase =yes)
[4615] string-match:http-req-uri-path:/exampleapp(fcase =yes)
[4616] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10607:no
[4617] string-match:pktsearch-req-text:^Hello(fcase =no)
[4618] string-match:pktsearch-rsp-text:^COMA Server (fcase =no)
[4619] string-match:rpc-call-data:\xf7\x48\xaf\xe6\xfb\x28\x23\xe6\xf7\x4c\xaf\xe6\xfb\x2c\xaf\xe0(fcase =no)
[4620] string-match:rpc-call-data:\x22\x11\xff\xb0\x22\x12\xff\xac\x22\x0d\xfe\x98(fcase =no)
[4621] string-match:pktsearch-req-text:\xf7\x48\xaf\xe6\xfb\x28\x23\xe6\xf7\x4c\xaf\xe6\xfb\x2c\xaf\xe0(fcase =no)
[4622] string-match:http-req-uri-path:^(/)?servlet/oracle\.xml\.xsql\.XSQLServlet/xsql/lib/xsqlconfig\.xml(fcase =yes)
[4623] string-match:http-req-uri-path:^(/)?servlet/oracle\.xml\.xsql\.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig\.xml(fcase =yes)
[4624] string-match:telnet-server-data-text:User Access Verification(fcase =no)
[4625] string-match:telnet-client-data-text:enable$(fcase =no)
[4626] string-match:telnet-server-data-text:cbos#(fcase =no)
[4627] numerical-eq:netbios-ss-error-code:0xffffffff:NTTRANS_SETUPCOUNT_OVERFLOW:no
[4628] string-match:lpr-receive-cmd-params:\x2f\x2fKARMAPOLICE(fcase =no)
[4629] string-match:lpr-receive-control-file-content:cfA666owned(fcase =no)
[4630] string-match:lpr-receive-data-file-content:mail\.cf(fcase =no)
[4631] string-match:http-req-uri-path:wa\.exe$(fcase =no)
[4632] numerical-eq:pktsearch-udp-dst-port:0xffffffff:692:no
[4633] unsigned-gt:http-req-uri-length:0xffffffff:1000:no
[4634] string-match:http-req-uri-path:imagemap\.exe$(fcase =yes)
[4635] string-match:http-req-uri-path:demo/sql/jdbc/JDBCQuery\.jsp(fcase =no)
[4636] string-match:http-req-uri-path:demo/sql/jdbc/UseHtmlQueryBean\.jsp(fcase =no)
[4637] string-match:http-req-uri-path:demo/sql/sqlj/SQLJSelectInto\.sqljsp(fcase =no)
[4638] string-match:http-req-uri-path:demo/sql/tag/sample2\.jsp(fcase =no)
[4639] string-match:http-req-uri-path:xsql/java/xsql/demo/adhocsql/query\.xsql(fcase =no)
[4640] string-match:http-req-uri-path:xsql/java/xsql/demo/adhocsql/sqltoxml\.html(fcase =no)
[4641] string-match:http-req-uri-path:xsql/java/xsql/demo/insertxml/newsstorydemo\.html(fcase =no)
[4642] string-match:http-req-uri-path:xsql/java/xsql/demo/uri/uridemo\.html(fcase =no)
[4643] string-match:http-post-req-uri-path:\.php3(fcase =yes)
[4644] string-match:http-post-req-content-type-header:multipart/form-data(fcase =no)
[4645] string-match:http-post-req-header:($|%)n%(fcase =no)
[4646] string-match:http-post-req-header:($|%)hn(fcase =no)
[4647] string-match:http-req-uri-path:kmdstart\.htm(fcase =no)
[4648] string-match:http-req-uri-query-params:client=kmd(fcase =no)
[4649] string-match:http-get-req-uri-path:/scripts/cms(fcase =no)
[4650] string-match:http-req-uri-path:\.asp(fcase =no)
[4651] numerical-eq:snmp-msg-head-err-code:0xffffffff:3:no
[4652] numerical-eq:snmp-version-err-code:0xffffffff:3:no
[4653] numerical-eq:snmp-community-string-err-code:0xffffffff:3:no
[4654] numerical-eq:snmp-pdu-head-err-code:0xffffffff:3:no
[4655] numerical-eq:snmp-varbindlist-err-code:0xffffffff:3:no
[4656] numerical-eq:snmp-varbind-err-code:0xffffffff:3:no
[4657] numerical-eq:snmp-varbind-object-id-err-code:0xffffffff:3:no
[4658] numerical-eq:snmp-varbind-value-err-code:0xffffffff:3:no
[4659] string-match:pktsearch-mstream-c2h-req-text:(servers|stream|quit|help)(fcase =no)
[4660] string-match:http-req-uri-path:crystalreportwebformviewer2(fcase =yes)
[4661] string-match:http-req-uri-path:crystalimagehandler\.aspx(fcase =yes)
[4662] string-match:http-req-uri-query-param-name:dynamicimage(fcase =yes)
[4663] string-match:http-req-uri-query-param-value:\.\.(\\|/)(fcase =yes)
[4664] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:10101:no
[4665] string-match:pktsearch-rsp-text:^#01#(fcase =no)
[4666] string-match-ap:req-content-text:/announce?(fcase =no)
[4667] string-match-ap:req-content-text:info_hash=(fcase =no)
[4668] string-match-ap:req-content-text:peer_id=(fcase =no)
[4669] string-match:http-req-uri-path:\.torrent(fcase =no)
[4670] string-match:pktsearch-req-text:^activate(fcase =no)
[4671] string-match:pktsearch-rsp-text: logged in\x2E\x2E\x2E(fcase =no)
[4672] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00e\x00n\x00u\x00m\x00r\x00e\x00s\x00u\x00l\x00t\x00s\x00e\x00t(fcase =yes)
[4673] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00e\x00n\x00u\x00m\x00r\x00e\x00s\x00u\x00l\x00t\x00s\x00e\x00t(fcase =yes)
[4674] unsigned-gt:snmp-msg-head-length-of-length:0xffffffff:2:no
[4675] unsigned-gt:snmp-community-string-length-of-length:0xffffffff:2:no
[4676] unsigned-gt:snmp-pdu-head-length-of-length:0xffffffff:2:no
[4677] unsigned-gt:snmp-varbindlist-length-of-length:0xffffffff:2:no
[4678] unsigned-gt:snmp-varbind-length-of-length:0xffffffff:2:no
[4679] unsigned-gt:snmp-varbind-object-id-length-of-length:0xffffffff:2:no
[4680] unsigned-gt:snmp-varbind-value-length-of-length:0xffffffff:2:no
[4681] string-match:telnet-server-data-text:not on system console(fcase =yes)
[4682] string-match:http-post-req-uri-path:/search(fcase =no)
[4683] string-match:http-post-req-message-body:template=/(etc|var|home|usr)/(fcase =no)
[4684] string-match:smtp-message-body:\nContent-Length: 99999999\n(fcase =no)
[4685] string-match:smtp-message-body:Content-Length: \n(fcase =no)
[4686] unsigned-gt:smtp-message-body-length:0xffffffff:2063:no
[4687] numerical-eq:dcerpc-error-code:0xffffffff:INVALID_UUID:no
[4688] unsigned-gt:dcerpc-req-Unknown-request-frag-length:0xffffffff:5000:no
[4689] numerical-eq:dcerpc-response-packet-type:0xffffffff:3:no
[4690] unsigned-gt:dcerpc-req-frag-length:0xffffffff:5000:no
[4691] string-match:dcerpc-req-uuid-text:\x60\x9e\xe7\xb9\x52\x3d\xce\x11\xaa\xa1\x00\x00\x69\x01\x29\x3f(fcase =no)
[4692] string-match:http-before-request-method:^YMSG(fcase =no)
[4693] string-match:ftp-invalid-cmd-text:^YMSG(fcase =no)
[4694] string-match:smtp-first-invalid-cmd-text:^YMSG(fcase =no)
[4695] string-match:pktsearch-req-text:^YMSG(fcase =no)
[4696] string-match:telnet-client-data-text:^YMSG(fcase =no)
[4697] numerical-eq:pktsearch-ymsg-counter:0xffffffff:2:no
[4698] string-match:http-req-host-header:http\.pager\.yahoo\.com(fcase =no)
[4699] string-match:http-req-host-header:msg\.edit\.yahoo.com(fcase =no)
[4700] string-match:http-req-host-header:msg\.yahoo\.com(fcase =no)
[4701] string-match-ap:req-content-text:YMSG(\x00#F0\x00|\x00.)(fcase =no)(offset=0, depth=0)
[4702] string-match-ap:rsp-content-text:YMSG(\x00#F0\x00|\x00.)(fcase =no)(offset=0, depth=0)
[4703] string-match:http-req-message-body:^YMSG(\x00#F0\x00|\x00.)(fcase =no)
[4704] string-match:http-post-req-uri-path:(\\|/)guestbook\.pl$(fcase =yes)
[4705] string-match:http-post-req-message-body:<!--#exec cmd=(fcase =yes)
[4706] unsigned-gt:http-req-uri-path-length:0xffffffff:2050:no
[4707] string-match:http-req-uri-path:^(/)?jsp/(fcase =no)
[4708] string-match:snmp-request-community-string-field:[0-9][dxuioc]%(fcase =no)
[4709] string-match:snmp-request-community-string-field:%(n|hn)%(fcase =no)
[4710] string-match:snmp-request-community-string-field:%[1-9]$(n|hn)%(fcase =no)
[4711] string-match:snmp-request-community-string-field:%1[1-9]$(n|hn)%(fcase =no)
[4712] string-match:snmp-get-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4713] string-match:snmp-get-varbind-value-field:%(n|hn)%(fcase =no)
[4714] string-match:snmp-get-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4715] string-match:snmp-get-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4716] string-match:snmp-get-next-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4717] string-match:snmp-get-next-varbind-value-field:%(n|hn)%(fcase =no)
[4718] string-match:snmp-get-next-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4719] string-match:snmp-get-next-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4720] string-match:snmp-set-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4721] string-match:snmp-set-varbind-value-field:%(n|hn)%(fcase =no)
[4722] string-match:snmp-set-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4723] string-match:snmp-set-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4724] string-match:snmp-trap-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4725] string-match:snmp-trap-varbind-value-field:%(n|hn)%(fcase =no)
[4726] string-match:snmp-trap-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4727] string-match:snmp-trap-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4728] string-match:snmp-v2-bulk-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4729] string-match:snmp-v2-bulk-varbind-value-field:%(n|hn)%(fcase =no)
[4730] string-match:snmp-v2-bulk-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4731] string-match:snmp-v2-bulk-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4732] string-match:snmp-v2-trap-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4733] string-match:snmp-v2-trap-varbind-value-field:%(n|hn)%(fcase =no)
[4734] string-match:snmp-v2-trap-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4735] string-match:snmp-v2-trap-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4736] string-match:snmp-v2-inform-varbind-value-field:[0-9][dxuioc]%(fcase =no)
[4737] string-match:snmp-v2-inform-varbind-value-field:%(n|hn)%(fcase =no)
[4738] string-match:snmp-v2-inform-varbind-value-field:%[1-9]$(n|hn)%(fcase =no)
[4739] string-match:snmp-v2-inform-varbind-value-field:%1[1-9]$(n|hn)%(fcase =no)
[4740] string-match:snmp-get-next-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4741] string-match:snmp-get-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4742] string-match:snmp-get-varbind-object-id-field:%(n|hn)%(fcase =no)
[4743] string-match:snmp-get-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4744] string-match:snmp-get-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4745] string-match:snmp-get-next-varbind-object-id-field:%(n|hn)%(fcase =no)
[4746] string-match:snmp-get-next-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4747] string-match:snmp-get-next-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4748] string-match:snmp-trap-enterprise-object-id-field:[0-9][dxuioc]%(fcase =no)
[4749] string-match:snmp-trap-enterprise-object-id-field:%(n|hn)%(fcase =no)
[4750] string-match:snmp-trap-enterprise-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4751] string-match:snmp-trap-enterprise-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4752] string-match:snmp-set-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4753] string-match:snmp-set-varbind-object-id-field:%(n|hn)%(fcase =no)
[4754] string-match:snmp-set-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4755] string-match:snmp-set-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4756] string-match:snmp-trap-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4757] string-match:snmp-trap-varbind-object-id-field:%(n|hn)%(fcase =no)
[4758] string-match:snmp-trap-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4759] string-match:snmp-trap-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4760] string-match:snmp-v2-bulk-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4761] string-match:snmp-v2-bulk-varbind-object-id-field:%(n|hn)%(fcase =no)
[4762] string-match:snmp-v2-bulk-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4763] string-match:snmp-v2-bulk-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4764] string-match:snmp-v2-trap-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4765] string-match:snmp-v2-trap-varbind-object-id-field:%(n|hn)%(fcase =no)
[4766] string-match:snmp-v2-trap-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4767] string-match:snmp-v2-trap-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4768] string-match:snmp-v2-inform-varbind-object-id-field:[0-9][dxuioc]%(fcase =no)
[4769] string-match:snmp-v2-inform-varbind-object-id-field:%(n|hn)%(fcase =no)
[4770] string-match:snmp-v2-inform-varbind-object-id-field:%[1-9]$(n|hn)%(fcase =no)
[4771] string-match:snmp-v2-inform-varbind-object-id-field:%1[1-9]$(n|hn)%(fcase =no)
[4772] string-match:netbios-ss-smb-transaction-buffer:\\PIPE\\LANMAN\x00(\x68|\xd7|\x00)\x00(fcase =no)
[4773] string-match:netbios-ss-smb-transaction-buffer:\\\x00P\x00I\x00P\x00E\x00\\\x00L\x00A\x00N\x00M\x00A\x00N\x00\x00\x00(\x68|\xd7\x00)\x00(fcase =no)
[4774] numerical-eq:netbios-ss-smb-param-transaction-maxcount:0xffffffff:0:no
[4775] string-match:http-req-uri-path:finger\.cgi$(fcase =no)
[4776] string-match:http-req-uri-query-params:\|(fcase =no)
[4777] string-match:http-req-uri-query-params:^PageServices(fcase =yes)
[4778] string-match:http-req-uri-path:sourcewindow\.cfm$(fcase =yes)
[4779] string-match:http-req-uri-query-param-name:Template(fcase =yes)
[4780] string-match:http-req-uri-path:/catalog\.xml(fcase =yes)
[4781] string-match:http-req-uri-query-param-name:contenttype(fcase =yes)
[4782] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:240:no
[4783] numerical-eq:ssl-error-code:0xffffffff:ms-bitstr-error:no
[4784] string-match:pktsearch-rsp-text:^InCommand v 1\..(fcase =no)
[4785] string-match:pktsearch-req-text:^INIT (fcase =no)
[4786] string-match:pktsearch-rsp-text:^InCommand 1\..(fcase =no)
[4787] string-match:pktsearch-rsp-text:InCommand 1\.. [Rr]eady(fcase =no)
[4788] string-match:pktsearch-rsp-text:^PWWD(fcase =no)
[4789] string-match:pktsearch-rsp-text:^PWD  {(fcase =no)
[4790] string-match:pktsearch-req-text:^0049(fcase =no)
[4791] string-match:pktsearch-rsp-text:^00420049(fcase =no)
[4792] string-match:pktsearch-req-text:@1GVRSION(fcase =no)
[4793] string-match:pktsearch-rsp-text:@1RSRVRVER(fcase =no)
[4794] string-match:ftp-cmd-param:\x0a\xf7\x02\x97(fcase =no)
[4795] string-match:ftp-cmd-param:\x0b\x18\x02\x98(fcase =no)
[4796] string-match:ftp-cmd-param:\x0b\x39\x02\x99(fcase =no)
[4797] string-match:ftp-cmd-param:\x0b\x5a\x02\x9a(fcase =no)
[4798] string-match:ftp-cmd-param:\x20\x20\x08\x01(fcase =no)
[4799] string-match:ftp-cmd-param:\xe4\x20\xe0\x08(fcase =no)
[4800] string-match:ftp-cmd-param:\x24\x02\x04\x53(fcase =no)
[4801] string-match:ftp-cmd-param:\x24\x02\x03\xf3(fcase =no)
[4802] string-match:ftp-cmd-param:\x24\x02\x04\x25(fcase =no)
[4803] string-match:ftp-cmd-param:\x24\x02\x03\xee(fcase =no)
[4804] string-match:ftp-cmd-param:\x24\x02\x03\xeb(fcase =no)
[4805] string-match:ftp-cmd-param:\x03\xff\xff\xcc(fcase =no)
[4806] string-match:ftp-cmd-param:\x02..\x0c(fcase =no)
[4807] string-match:ftp-cmd-param:\x01\x01\x01\x0c(fcase =no)
[4808] string-match:ftp-cmd-param:\x13\x74\xf0\x47(fcase =no)
[4809] string-match:ftp-cmd-param:\x12\x74\xf0\x47(fcase =no)
[4810] string-match:ftp-cmd-param:\x11\x74\xf0\x47(fcase =no)
[4811] string-match:ftp-cmd-param:/bin/sh(fcase =no)
[4812] string-match:ftp-cmd-param:\xff\xff\xff\xed\xff\x1f\xd2/bin(fcase =no)
[4813] string-match:ftp-cmd-param:\xff\x7e\xb2\x13\x94\xe7\x43\x20\x35\x60\x42(fcase =no)
[4814] string-match:ftp-cmd-param:h....X5....H..PP..PPa(fcase =no)
[4815] string-match:ftp-cmd-param:-....-....-....PQX-....-....-....PQX(fcase =no)
[4816] string-match:ftp-cmd-param:-....-....PQX-....-....PQX(fcase =no)
[4817] string-match:ftp-cmd-param:\x80\x30.\x40\xe2\xfa(fcase =no)
[4818] string-match:ftp-cmd-param:\xac\x34.\xaa\xe2\xfa(fcase =no)
[4819] string-match:ftp-cmd-param:\x2C\x61\x90\x50\x59\x66\xAD\x90(fcase =no)
[4820] string-match:ftp-cmd-param:\xac\x2c.\xaa\xe2\xf5(fcase =no)
[4821] string-match:ftp-cmd-param:\x9a\xff\xff\xff\xff\x07\xff(fcase =no)
[4822] string-match:ftp-cmd-param:\xaa\x10\x10\x10\x10\x17\x10(fcase =no)
[4823] string-match:ftp-cmd-param:\x9a\x01\x02\x03\x5c\x07\x04(fcase =no)
[4824] string-match:ftp-cmd-param:\x9a\x04\x04\x04\x04\x07\x04(fcase =no)
[4825] string-match:ftp-cmd-param:\x9a\x24\x24\x24\x24\x07\x24(fcase =no)
[4826] string-match:http-req-uri-path:(\\|/)wrap$(fcase =no)
[4827] string-match:http-req-uri-query-params:^/\.\.(/|\\)(fcase =no)
[4828] unsigned-gt:pop3-auth-cmd-param-length:0xffffffff:512:no
[4829] string-match:smtp-from-message-header:exchange-robot@paypal\.c(fcase =yes)
[4830] string-match:smtp-message-body:ions! PayPal(fcase =no)
[4831] string-match:smtp-message-body:\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x54\x6f\x20\x73(fcase =no)
[4832] string-match:smtp-message-body:\x64\x79\x3e\x0d\x0a\x0d\x0a\x48\x69\x21\x20\x49(fcase =no)
[4833] string-match:smtp-message-body:om Miami, FL(fcase =no)
[4834] string-match:smtp-message-body:\x70\x68\x6f\x74\x6f\x73\x21\x0d\x0a\x3c\x2f\x62(fcase =no)
[4835] string-match:smtp-message-body:\x69\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x4d\x79(fcase =no)
[4836] string-match:smtp-message-body:\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x53\x65\x65(fcase =no)
[4837] string-match:smtp-message-body:\x63\x61\x6d\x0d\x0a\x70\x68\x6f\x74\x6f\x73\x21(fcase =no)
[4838] string-match:pop3-from-message-header:exchange-robot@paypal\.c(fcase =yes)
[4839] string-match:pop3-message-body:ions! PayPal(fcase =no)
[4840] string-match:pop3-message-body:\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x54\x6f\x20\x73(fcase =no)
[4841] string-match:pop3-message-body:\x64\x79\x3e\x0d\x0a\x0d\x0a\x48\x69\x21\x20\x49(fcase =no)
[4842] string-match:pop3-message-body:om Miami, FL(fcase =no)
[4843] string-match:pop3-message-body:\x70\x68\x6f\x74\x6f\x73\x21\x0d\x0a\x3c\x2f\x62(fcase =no)
[4844] string-match:pop3-message-body:\x69\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x4d\x79(fcase =no)
[4845] string-match:pop3-message-body:\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x53\x65\x65(fcase =no)
[4846] string-match:pop3-message-body:\x63\x61\x6d\x0d\x0a\x70\x68\x6f\x74\x6f\x73\x21(fcase =no)
[4847] string-match:imap-from-message-header:exchange-robot@paypal\.c(fcase =yes)
[4848] string-match:imap-message-body:ions! PayPal(fcase =no)
[4849] string-match:imap-message-body:\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x54\x6f\x20\x73(fcase =no)
[4850] string-match:imap-message-body:\x64\x79\x3e\x0d\x0a\x0d\x0a\x48\x69\x21\x20\x49(fcase =no)
[4851] string-match:imap-message-body:om Miami, FL(fcase =no)
[4852] string-match:imap-message-body:\x70\x68\x6f\x74\x6f\x73\x21\x0d\x0a\x3c\x2f\x62(fcase =no)
[4853] string-match:imap-message-body:\x69\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x4d\x79(fcase =no)
[4854] string-match:imap-message-body:\x3e\x0d\x0a\x3c\x70\x3e\x3c\x69\x3e\x53\x65\x65(fcase =no)
[4855] string-match:imap-message-body:\x63\x61\x6d\x0d\x0a\x70\x68\x6f\x74\x6f\x73\x21(fcase =no)
[4856] string-match:smtp-rcpt-cmd-param:rpmmail(fcase =no)
[4857] string-match:pktsearch-req-text:\x00Player(fcase =no)
[4858] string-match:pktsearch-rsp-text:v1\.00 Beta 5(fcase =no)
[4859] string-match:http-post-req-uri-path:(\\|/)CGImail\.exe(fcase =yes)
[4860] string-match:smtp-EXE-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4861] string-match:smtp-EXE-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4862] string-match:smtp-COM-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4863] string-match:smtp-COM-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4864] string-match:smtp-SCR-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4865] string-match:smtp-SCR-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4866] string-match:smtp-PIF-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4867] string-match:smtp-PIF-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4868] string-match:smtp-CMD-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4869] string-match:smtp-CMD-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4870] string-match:smtp-BAT-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4871] string-match:smtp-BAT-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4872] string-match:imap-EXE-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4873] string-match:imap-EXE-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4874] string-match:imap-COM-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4875] string-match:imap-COM-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4876] string-match:imap-SCR-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4877] string-match:imap-SCR-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4878] string-match:imap-PIF-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4879] string-match:imap-PIF-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4880] string-match:imap-CMD-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4881] string-match:imap-CMD-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4882] string-match:imap-BAT-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4883] string-match:imap-BAT-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4884] string-match:pop3-EXE-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4885] string-match:pop3-EXE-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4886] string-match:pop3-COM-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4887] string-match:pop3-COM-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4888] string-match:pop3-SCR-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4889] string-match:pop3-SCR-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4890] string-match:pop3-PIF-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4891] string-match:pop3-PIF-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4892] string-match:pop3-CMD-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4893] string-match:pop3-CMD-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4894] string-match:pop3-BAT-message-body:5FMZ7EOdLqqNDNFMtt3VK1t3(fcase =no)
[4895] string-match:pop3-BAT-message-body:THjhUfS6x0pQJMvd5FGlPhDB(fcase =no)
[4896] unsigned-gt:telnet-client-sb-param-length:0xffffffff:256:no
[4897] numerical-eq:pktsearch-rsp-1st-4b:0xFF000000:0x50000000:no
[4898] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x00000000:no
[4899] numerical-eq:netbios-ss-smb-command:0xffffffff:0xd0:no
[4900] numerical-eq:netbios-ss-smb-pid:0xffffffff:0:no
[4901] numerical-eq:netbios-ss-error-code:0xffffffff:9:no
[4902] string-match:irc-rsp-message:floodnet \x30#f0(fcase =yes)
[4903] numerical-eq:pktsearch-dst-port:0xffffffff:4653:no
[4904] string-match:pktsearch-rsp-text:^1\.0:accept:1\.0(fcase =no)
[4905] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00i\x00r\x00t\x00r\x00e\x00e(fcase =yes)
[4906] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00i\x00r\x00t\x00r\x00e\x00e(fcase =yes)
[4907] string-match:ftp-user-cmd-param:root(fcase =no)
[4908] numerical-eq:ftp-cmd-name:0xffffffff:11:no
[4909] string-match:ftp-retr-cmd-param:core$(fcase =no)
[4910] string-match:http-req-uri-path:(\\|/)faxsurvey(fcase =no)
[4911] string-match:http-req-uri-path:(\\|/)faxsurvey$(fcase =no)
[4912] string-match:http-req-uri-query-params:(bin|sbin)(fcase =no)
[4913] unsigned-gt:pktsearch-epicgames-req-pktlen:0xffffffff:128:no
[4914] string-match:pktsearch-epicgames-req-text:^\x5csecure\x5c(fcase =no)
[4915] string-match:smtp-SCR-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4916] string-match:smtp-SCR-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4917] string-match:smtp-PIF-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4918] string-match:smtp-PIF-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4919] string-match:smtp-ZIP-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4920] string-match:smtp-ZIP-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4921] string-match:smtp-ZIP-message-body:2pJDvSKgpKJUQx9Ns9FpfkOH(fcase =no)
[4922] string-match:smtp-ZIP-message-body:OnM3xkNOaW/BeSJsi7sqBMtB(fcase =no)
[4923] string-match:smtp-ZIP-message-body:kkO9IqCkolRDH02z0Wl+Q4c6(fcase =no)
[4924] string-match:smtp-ZIP-message-body:czfGQ05pb8F5ImyLuyoEy0Fe(fcase =no)
[4925] string-match:pop3-SCR-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4926] string-match:pop3-SCR-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4927] string-match:pop3-PIF-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4928] string-match:pop3-PIF-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4929] string-match:pop3-ZIP-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4930] string-match:pop3-ZIP-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4931] string-match:pop3-ZIP-message-body:2pJDvSKgpKJUQx9Ns9FpfkOH(fcase =no)
[4932] string-match:pop3-ZIP-message-body:OnM3xkNOaW/BeSJsi7sqBMtB(fcase =no)
[4933] string-match:pop3-ZIP-message-body:kkO9IqCkolRDH02z0Wl+Q4c6(fcase =no)
[4934] string-match:pop3-ZIP-message-body:czfGQ05pb8F5ImyLuyoEy0Fe(fcase =no)
[4935] string-match:imap-SCR-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4936] string-match:imap-SCR-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4937] string-match:imap-PIF-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4938] string-match:imap-PIF-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4939] string-match:imap-ZIP-message-body:rdqSQ70ioKSiVEMfTbPRaX5D(fcase =no)
[4940] string-match:imap-ZIP-message-body:hzpzN8ZDTmlvwXkibIu7KgTL(fcase =no)
[4941] string-match:imap-ZIP-message-body:2pJDvSKgpKJUQx9Ns9FpfkOH(fcase =no)
[4942] string-match:imap-ZIP-message-body:OnM3xkNOaW/BeSJsi7sqBMtB(fcase =no)
[4943] string-match:imap-ZIP-message-body:kkO9IqCkolRDH02z0Wl+Q4c6(fcase =no)
[4944] string-match:imap-ZIP-message-body:czfGQ05pb8F5ImyLuyoEy0Fe(fcase =no)
[4945] unsigned-in-range:http-request-method:0xffffffff:8:27::no
[4946] unsigned-gt:http-req-uri-length:0xffffffff:6000:no
[4947] string-match:http-req-content-type-header:text/xml(fcase =no)
[4948] string-match:http-req-uri-path:servlet/SnoopServlet(fcase =yes)
[4949] string-match:http-req-uri-path:servlet/TroubleShooter(fcase =yes)
[4950] string-match:smtp-reply-message-header:`(/bin|/sbin|/usr|cat|mail|reboot)(fcase =no)
[4951] string-match:smtp-reply-message-header:`@(fcase =no)
[4952] string-match:smtp-mail-cmd-param:\x7c/usr/ucb/tail(fcase =no)
[4953] string-match:pktsearch-rsp-text:^Exploiter (fcase =no)
[4954] numerical-eq:h225-error-code:0xffffffff:SourceAddressSequenceAnomaly:no
[4955] string-match:ftp-cmd-param:{(fcase =no)
[4956] unsigned-gt:tns-req-bfilename-param-text-len:0xffffffff:128:no
[4957] string-match:http-req-uri-path:(\\|/)test-cgi(fcase =yes)
[4958] unsigned-gt:pop3-user-cmd-param-length:0xffffffff:200:no
[4959] string-match:smtp-CPL-message-body:p1BmyE/Lyo8g4slI8/XYeHm7(fcase =no)
[4960] string-match:smtp-CPL-message-body:uudDl7hC/QZWNt+/GiPyja3v(fcase =no)
[4961] string-match:smtp-EXE-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4962] string-match:smtp-EXE-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4963] string-match:smtp-SCR-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4964] string-match:smtp-SCR-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4965] string-match:smtp-COM-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4966] string-match:smtp-COM-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4967] string-match:pop3-CPL-message-body:p1BmyE/Lyo8g4slI8/XYeHm7(fcase =no)
[4968] string-match:pop3-CPL-message-body:uudDl7hC/QZWNt+/GiPyja3v(fcase =no)
[4969] string-match:pop3-EXE-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4970] string-match:pop3-EXE-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4971] string-match:pop3-SCR-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4972] string-match:pop3-SCR-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4973] string-match:pop3-COM-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4974] string-match:pop3-COM-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4975] string-match:imap-CPL-message-body:p1BmyE/Lyo8g4slI8/XYeHm7(fcase =no)
[4976] string-match:imap-CPL-message-body:uudDl7hC/QZWNt+/GiPyja3v(fcase =no)
[4977] string-match:imap-EXE-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4978] string-match:imap-EXE-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4979] string-match:imap-SCR-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4980] string-match:imap-SCR-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4981] string-match:imap-COM-message-body:J0ktPfv5zk4eQBHjilXEN/nO(fcase =no)
[4982] string-match:imap-COM-message-body:mPTrB590aFMem1xf4UvCmHWm(fcase =no)
[4983] unsigned-gt:imap-subscribe-cmd-param-length:0xffffffff:1024:no
[4984] string-match:http-req-uri-path:(/|\\)perl(/|\\)(fcase =yes)
[4985] string-match:http-req-uri-path:(/|\\)files\.pl(fcase =yes)
[4986] string-match:http-req-uri-query-param-name:^file$(fcase =yes)
[4987] string-match:pktsearch-rsp-text:^Connected To Amanda 2.0(fcase =no)
[4988] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:23032:no
[4989] string-match:tds-mssql-client-query-payload:x\x00p\x00_\x00d\x00s\x00n\x00i\x00n\x00f\x00o\x00 (fcase =yes)
[4990] string-match:netbios-ss-tds-client-query-payload:x\x00p\x00_\x00d\x00s\x00n\x00i\x00n\x00f\x00o\x00 (fcase =yes)
[4991] string-match:tns-req-content-text:\ndfsdffdfsfdggfdgdf(fcase =no)
[4992] numerical-eq:tns-first-req-pktlen:0xffffffff:1:no
[4993] string-match:http-req-uri-path:(dvwssr|mtd2lv)\.dll(fcase =yes)
[4994] string-match:http-req-uri-path:/hsrun(fcase =yes)
[4995] string-match:http-req-uri-path:\.htx(fcase =yes)
[4996] unsigned-gt:http-req-uri-path-length:0xffffffff:256:no
[4997] string-match:http-req-uri-path:\.pl$(fcase =yes)
[4998] string-match:http-req-uri-path:\.plx$(fcase =yes)
[4999] unsigned-gt:http-post-req-message-body-query-param-value-length:0xffffffff:1024:no
[5000] string-match:http-post-req-uri-path:(\\|/)webadmin\.dll$(fcase =yes)
[5001] string-match:http-post-req-query-param-name:^user$(fcase =yes)
[5002] unsigned-gt:http-req-uri-query-params-length:0xffffffff:30000:no
[5003] string-match:http-req-uri-path:(/|\\)postquery$(fcase =no)
[5004] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:6969:no
[5005] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x30303030:no
[5006] string-match:http-req-uri-path:+\.htr(fcase =yes)
[5007] unsigned-gt:http-webdav-search-req-uri-length:0xffffffff:6000:no
[5008] string-match:http-webdav-search-req-content-type-header:text/xml(fcase =no)
[5009] string-match:pop3-user-cmd-param:\xeb\x32\x5b\x53\x32\xe4\x83\xc3\x0b\x4b\x88\x23\xb8\x50\x77\xf7\xbf\xff\xd0\x43\x53\x50\x32\xe4\x83\xc3\x06\x88\x23\xb8\x28\x6e(fcase =no)
[5010] string-match:pop3-user-cmd-param:msvcrt\.dll\.system(fcase =no)
[5011] string-match:telnet-client-data-text:\xFF\xFB\x24\xFF\xFB\x24\xFF\xFB\x24(fcase =no)
[5012] string-match:smtp-SCR-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5013] string-match:smtp-SCR-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5014] string-match:smtp-PIF-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5015] string-match:smtp-PIF-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5016] string-match:smtp-CMD-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5017] string-match:smtp-CMD-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5018] string-match:smtp-EXE-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5019] string-match:smtp-EXE-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5020] string-match:smtp-BAT-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5021] string-match:smtp-BAT-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5022] string-match:smtp-ZIP-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5023] string-match:smtp-ZIP-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5024] string-match:smtp-ZIP-message-body:FPOg5F7tNX+BYNDZSzRNAjwD(fcase =no)
[5025] string-match:smtp-ZIP-message-body:z5b4vkIAd5eiFnBpPHnuhAXK(fcase =no)
[5026] string-match:smtp-ZIP-message-body:86DkXu01f4Fg0NlLNE0CPAPP(fcase =no)
[5027] string-match:smtp-ZIP-message-body:lvi+QgB3l6IWcGk8ee6EBcp3(fcase =no)
[5028] string-match:pop3-SCR-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5029] string-match:pop3-SCR-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5030] string-match:pop3-PIF-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5031] string-match:pop3-PIF-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5032] string-match:pop3-CMD-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5033] string-match:pop3-CMD-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5034] string-match:pop3-EXE-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5035] string-match:pop3-EXE-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5036] string-match:pop3-BAT-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5037] string-match:pop3-BAT-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5038] string-match:pop3-ZIP-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5039] string-match:pop3-ZIP-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5040] string-match:pop3-ZIP-message-body:FPOg5F7tNX+BYNDZSzRNAjwD(fcase =no)
[5041] string-match:pop3-ZIP-message-body:z5b4vkIAd5eiFnBpPHnuhAXK(fcase =no)
[5042] string-match:pop3-ZIP-message-body:86DkXu01f4Fg0NlLNE0CPAPP(fcase =no)
[5043] string-match:pop3-ZIP-message-body:lvi+QgB3l6IWcGk8ee6EBcp3(fcase =no)
[5044] string-match:imap-SCR-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5045] string-match:imap-SCR-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5046] string-match:imap-PIF-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5047] string-match:imap-PIF-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5048] string-match:imap-CMD-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5049] string-match:imap-CMD-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5050] string-match:imap-EXE-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5051] string-match:imap-EXE-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5052] string-match:imap-BAT-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5053] string-match:imap-BAT-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5054] string-match:imap-ZIP-message-body:HBTzoORe7TV/gWDQ2Us0TQI8(fcase =no)
[5055] string-match:imap-ZIP-message-body:A8+W+L5CAHeXohZwaTx57oQF(fcase =no)
[5056] string-match:imap-ZIP-message-body:FPOg5F7tNX+BYNDZSzRNAjwD(fcase =no)
[5057] string-match:imap-ZIP-message-body:z5b4vkIAd5eiFnBpPHnuhAXK(fcase =no)
[5058] string-match:imap-ZIP-message-body:86DkXu01f4Fg0NlLNE0CPAPP(fcase =no)
[5059] string-match:imap-ZIP-message-body:lvi+QgB3l6IWcGk8ee6EBcp3(fcase =no)
[5060] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5221:no
[5061] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:5933:no
[5062] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7290:no
[5063] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7291:no
[5064] string-match:pktsearch-req-text:\.show_(fcase =no)
[5065] string-match:pktsearch-req-text:\.hide_(fcase =no)
[5066] string-match:pktsearch-req-text:\.notepad(fcase =no)
[5067] string-match:http-req-uri-path:home\.php(fcase =yes)
[5068] string-match:http-req-uri-query-param-name:arsc_languag(fcase =yes)
[5069] string-match:pktsearch-rsp-text:\x00\x00\*\* Soulseek (fcase =no)
[5070] string-match:pktsearch-rsp-text:\x00\x00\*\* Welcome,(fcase =no)
[5071] string-match:pktsearch-rsp-text: SoulSeek Network!(fcase =no)
[5072] string-match:smtp-invalid-cmd-text:ehlocybercop\x0aquit\x0a(fcase =no)
[5073] string-match:pktsearch-ntalk-req-text:\x01\x03\x00\x00\x00\x00\x00\x01\x00\x02\x02(fcase =no)
[5074] string-match:pktsearch-ntalk-req-text:president(fcase =no)
[5075] string-match:tds-mssql-client-query-payload:s\x00p\x00_\x00a\x00d\x00d\x00u\x00s\x00e\x00r\x00(fcase =yes)
[5076] string-match:netbios-ss-tds-client-query-payload:s\x00p\x00_\x00a\x00d\x00d\x00u\x00s\x00e\x00r\x00(fcase =yes)
[5077] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:7161:no
[5078] numerical-eq:pktsearch-req-1st-4b:0xffffffff:0x0d2e2e2e:no
[5079] unsigned-gt:telnet-password-client-login-length:0xffffffff:256:no
[5080] string-match:ssh-req-text:\xcd\x80\xe8.\xff\xff\xff/bin/sh(fcase =no)
[5081] string-match:ssh-req-text:h0h0h0, 7350, zip/TESO!(fcase =no)
[5082] string-match:ssh-req-text:\x68\x00\x68\x2f\x62\x69\x6e\x8d\x4c\x24(fcase =no)
[5083] string-match:netbios-ss-smb-session_setup_andx-buffer:\x06\x06\x2b\x06\x01\x05\x05\x02(fcase =no)
[5084] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x00#80\x03\x01\x00#f8(fcase =no)
[5085] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x80\x03\x01\x00#f8(fcase =no)
[5086] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x81.\x03\x01\x00#f8(fcase =no)
[5087] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x82..\x03\x01\x00#f8(fcase =no)
[5088] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x83\x00..\x03\x01\x00#f8(fcase =no)
[5089] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x84\x00\x00..\x03\x01\x00#f8(fcase =no)
[5090] string-match:netbios-ss-smb-session_setup_andx-buffer:\x23\x82..\x03\x82.\x01\x00#f8(fcase =no)
[5091] string-match:netbios-ss-smb-session_setup_andx-buffer:\x84\xFF\xFF\xFF(\xFF|\xFE|\xFD)(fcase =no)
[5092] string-match:http-req-uri-path:htimage\.exe$(fcase =yes)
[5093] unsigned-gt:smtp-invalid-cmd-text-length:0xffffffff:1024:no
[5094] unsigned-gt:smtp-first-invalid-cmd-text-length:0xffffffff:1024:no
[5095] string-match:http-req-query-params:=;(fcase =no)
[5096] string-match:http-req-query-params:=|(fcase =no)
[5097] string-match:http-req-uri-path:file_upload\.pl(fcase =yes)
[5098] numerical-eq:ssl-renegotiation-flag:0xffffffff:server-negotiation:no
[5099] string-match:pktsearch-rsp-text:^Mavericks Matrix (fcase =no)
[5100] string-match-ap:req-content-text:GNUTELLA CONNECT/(fcase =no)(offset=0, depth=0)
[5101] string-match-ap:rsp-content-text:GNUTELLA CONNECT/(fcase =no)(offset=0, depth=0)
[5102] string-match:http-req-uri-path:^(/)?_pages/(fcase =no)
[5103] string-match:http-req-uri-path:\.java(fcase =no)
[5104] string-match:http-req-uri-path:\.php3$(fcase =no)
[5105] string-match:http-req-uri-query-param-name:PHP_AUTH_USER(fcase =no)
[5106] string-match:http-req-uri-query-param-value:boogieman(fcase =no)
[5107] string-match:tns-rsp-data-text:ORA-01017: invalid username/password; logon denied\x0a(fcase =no)
[5108] string-match:tns-rsp-data-text:ORA-01005: null password given; logon denied\x0a(fcase =no)
[5109] string-match:tns-rsp-data-text:ORA-01040: invalid character in password; logon denied\x0a(fcase =no)
[5110] string-match:tns-rsp-data-text:ORA-01045: user name lacks CREATE SESSION privilege; logon denied\x0a(fcase =no)
[5111] string-match:http-req-uri-path:/c32web\.exe(fcase =yes)
[5112] string-match:http-req-uri-path:/ChangeAdminPassword(fcase =yes)
[5113] string-match-ap:req-content-text:GET /uri-res/N2R\?(fcase =no)(offset=0, depth=0)
[5114] string-match-ap:rsp-content-text:GET /uri-res/N2R\?(fcase =no)(offset=0, depth=0)
[5115] string-match-ap:req-content-text:GET /get/\x30#F0\x30#F0\x30#F0\x30#F0|\x30#F0\x30#F0\x30#F0|\x30#F0\x30#F0|\x30#F0)\x2F(fcase =no)(offset=0, depth=0)
[5116] string-match-ap:rsp-content-text:GET /get/\x30#F0\x30#F0\x30#F0\x30#F0|\x30#F0\x30#F0\x30#F0|\x30#F0\x30#F0|\x30#F0)\x2F(fcase =no)(offset=0, depth=0)
[5117] unsigned-gt:irc-rsp-privmsg-msg-prefix-len:0xffffffff:300:no
[5118] unsigned-gt:ftp-allo-cmd-param-value:0xffffffff:0xfffffff0:no
[5119] unsigned-gt:ftp-allo-cmd-param-length:0xffffffff:15:no
[5120] string-match:smtp-message-body:rary disable(fcase =no)
[5121] string-match:smtp-message-body:rary unavaib(fcase =no)
[5122] string-match:smtp-message-body:ase, resign (fcase =no)
[5123] string-match:smtp-message-body:n viruses, i(fcase =no)
[5124] string-match:smtp-message-body:free anti-vi(fcase =no)
[5125] string-match:smtp-message-body:spam \(negati(fcase =no)
[5126] string-match:pop3-message-body:rary disable(fcase =no)
[5127] string-match:pop3-message-body:rary unavaib(fcase =no)
[5128] string-match:pop3-message-body:ase, resign (fcase =no)
[5129] string-match:pop3-message-body:n viruses, i(fcase =no)
[5130] string-match:pop3-message-body:free anti-vi(fcase =no)
[5131] string-match:pop3-message-body:spam \(negati(fcase =no)
[5132] string-match:imap-message-body:rary disable(fcase =no)
[5133] string-match:imap-message-body:rary unavaib(fcase =no)
[5134] string-match:imap-message-body:ase, resign (fcase =no)
[5135] string-match:imap-message-body:n viruses, i(fcase =no)
[5136] string-match:imap-message-body:free anti-vi(fcase =no)
[5137] string-match:imap-message-body:spam \(negati(fcase =no)
[5138] string-match:http-req-uri-path:(/|\\)cmd\.com$(fcase =yes)
[5139] string-match:http-req-uri-path:cmd\.com (fcase =yes)
[5140] string-match:http-req-uri-path:cmd\.exe$(fcase =yes)
[5141] string-match:http-req-uri-path:cmd\.exe (fcase =yes)
[5142] string-match:http-req-uri-path:w3who\.dll(fcase =yes)
[5143] unsigned-gt:http-req-uri-query-params-length:0xffffffff:519:no
[5144] string-match:http-req-uri-path:mmex\.php(fcase =no)
[5145] string-match:http-req-uri-query-param-name:Setings(fcase =no)
[5146] string-match:http-req-uri-query-param-value:http://(fcase =yes)
[5147] string-match:http-req-uri-query-param-value:ftp://(fcase =yes)
[5148] unsigned-gt:tns-req-sdo-code-size-param-text-len:0xffffffff:140:no
[5149] string-match:dcerpc-udp-req-header:1234567890(fcase =no)
[5150] string-match:http-req-uri-path:(/|\\)OvCgi(/|\\)(fcase =yes)
[5151] string-match:http-req-uri-path:(/|\\)connectedNodes\.ovpl(fcase =yes)
[5152] string-match:http-req-uri-path:(/|\\)cdpView\.ovpl(fcase =yes)
[5153] string-match:http-req-uri-path:(/|\\)freeIPaddrs\.ovpl(fcase =yes)
[5154] string-match:http-req-uri-path:(/|\\)ecscmg\.ovpl(fcase =yes)
[5155] string-match:http-req-uri-query-param-name:node(fcase =yes)
[5156] string-match:http-req-uri-query-param-name:netid(fcase =yes)
[5157] string-match:http-req-uri-query-param-value:[\x22\x24\x60\x7c\x3c\x3e](cat|echo|touch|cp|ipconfig|ifconfig|dir|who|\x20id)(fcase =yes)
[5158] string-match:http-req-uri-query-param-value:(%26|%3B)(cat|echo|touch|cp|ipconfig|ifconfig|dir|who|\x20id)(fcase =yes)
[5159] string-match:http-req-uri-path:(\\|/)root\.exe$(fcase =yes)
[5160] string-match:http-req-uri-path:(\\|/)root\.exe (fcase =yes)
[5161] string-match:http-req-uri-path:(\\|/)reports(\\|/)rwservlet(fcase =yes)
[5162] string-match:http-req-query-params:report=(\\|/)(fcase =yes)
[5163] string-match:http-req-query-params:report=\x40#C0:\\(fcase =yes)
[5164] string-match:http-req-query-params:report=\.\.(\\|/)(fcase =yes)
[5165] string-match:pktsearch-req-text:\x34\x3c\xd5\xd5\xb5\x5a(fcase =no)
[5166] string-match:pktsearch-req-text:\x0c\x92\xca\xfe\xf0\x0d(fcase =no)
[5167] string-match:pktsearch-req-text:\x34\x3c..\xb5\x5a(fcase =no)
[5168] string-match:pktsearch-req-text:\xFD\x01\x10\xDF\xAB\x12\x34\xCD(fcase =no)
[5169] string-match:dcerpc-req-KERBEROS-auth-payload:\x23.\x03\x01(\x01|\x02|\x03|\x04|\x05|\x06|\x07)(fcase =no)
[5170] string-match:dcerpc-req-SPNEGO-auth-payload:\x23.\x03\x01(\x01|\x02|\x03|\x04|\x05|\x06|\x07)(fcase =no)
[5171] string-match:dcerpc-req-KERBEROS-auth-payload:\x84\xFF\xFF\xFF(\xFF|\xFE|\xFD)(fcase =no)
[5172] string-match:dcerpc-req-SPNEGO-auth-payload:\x84\xFF\xFF\xFF(\xFF|\xFE|\xFD)(fcase =no)
[5173] unsigned-gt:http-req-range-header-length:0xffffffff:0xe0:no
[5174] string-match:http-req-range-header:\xEB\x1B\x5B\xBE\x43\x6F\x6F\x6C\xBF\x49(fcase =yes)
[5175] unsigned-gt:tns-req-driload-param-text-len:0xffffffff:16:no
[5176] string-match:http-post-req-uri-path:_maincfgret\.cgi(fcase =yes)
[5177] string-match:http-post-req-message-body-query-param-name:instancename(fcase =yes)
[5178] unsigned-gt:http-post-req-message-body-query-param-value-length:0xffffffff:512:no
[5179] numerical-eq:mysql-error-code:0xffffffff:V4_AUTH_OVERFLOW:no
[5180] string-match:smtp-rcpt-cmd-param:ecartis@(fcase =yes)
[5181] string-match:smtp-message-body:\$post-password(fcase =yes)
[5182] string-match:http-req-uri-path:biztalkhttpreceive\.dll(fcase =yes)
[5183] unsigned-gt:http-req-uri-query-params-length:0xffffffff:250:no
[5184] numerical-eq:netbios-ss-error-code:0xffffffff:MS05-UMPNPMGR_OVERFLOW:no
[5185] unsigned-in-range:netbios-ss-dcerpc-req-UMPNPMGR-request-op-num:0xffffffff:0x35:0x36::no
[5186] unsigned-gt:netbios-ss-dcerpc-req-UMPNPMGR-request-frag-length:0xffffffff:500:no
[5187] string-match-ap:req-content-text:\x30#F0\x30#F0\x20\x22.:\x5C(fcase =no)(offset=0, depth=64)
[5188] string-match-ap:req-content-text:GET (/\.hash=|/\x30#F0\x30#F0)(fcase =no)(offset=0, depth=0)
[5189] string-match-ap:rsp-content-text:GET (/\.hash=|/\x30#F0\x30#F0)(fcase =no)(offset=0, depth=0)
[5190] numerical-eq:netbios-ss-dcerpc-req-SPOOLSS-op-num:0xffffffff:70:no
[5191] numerical-eq:netbios-ss-dcerpc-req-SPOOLSS-op-num:0xffffffff:0x5:no
[5192] unsigned-gt:netbios-ss-dcerpc-req-SPOOLSS-frag-length:0xffffffff:1050:no
[5193] unsigned-gt:xfs-major-op:0xffffffff:25:no
[5194] string-match:http-req-uri-path:;\.cfm$(fcase =yes)
[5195] unsigned-gt:irc-rsp-reply-usermode-msg-param-len:0xffffffff:251:no
[5196] numerical-eq:pktsearch-tcp-dst-port:0xffffffff:12340:no
[5197] string-match:pktsearch-req-text:\xcd\x80\x31\xc0\xb0\x01\xcd\x80(fcase =no)
[5198] unsigned-gt:tns-req-to-char-param-text-len:0xffffffff:256:no
[5199] string-match:lpr-receive-control-file-content:\nPr00t(fcase =no)
[5200] string-match:lpr-receive-control-file-content:\nU\.\./(fcase =no)
[5201] string-match:dcerpc-req-header:\x68\x65\x79\x66\x75\x63\x6b\x79\x61\x31(fcase =no)
[5202] unsigned-gt:irc-rsp-reply-userhost-msg-param-len:0xffffffff:112:no
[5203] unsigned-gt:pktsearch-subversion-date-text-length:0xffffffff:69:no
[5204] string-match:http-req-uri-path:(\\|/)forms90(\\|/)f90servlet(fcase =yes)
[5205] string-match:http-req-query-params:(form|module)=(\\|/)(fcase =yes)
[5206] string-match:http-req-query-params:(form|module)=\x40#C0:\\(fcase =yes)
[5207] string-match:http-req-query-params:(form|module)=\.\.(\\|/)(fcase =yes)
[5208] string-match:pktsearch-req-text:\x7C#FC.\x02#07\x78#FE(fcase =no)
[5209] unsigned-gt:tns-req-to-timestamp-tz-param-text-len:0xffffffff:128:no
[5210] numerical-eq:smtp-error-code:0xffffffff:JPEG_ICC_FORMAT_ERROR:no
[5211] unsigned-gt:ftp-mdtm-time-length:0xffffffff:3:no
[5212] numerical-eq:pktsearch-req-1st-4b:0xFFFFFFFF:0x05020002:no
[5213] numerical-eq:pktsearch-req-pktlen:0xffffffff:4:no
[5214] numerical-eq:pktsearch-rsp-1st-4b:0xFFFE0000:0x05020000:no
[5215] numerical-eq:pktsearch-rsp-pktlen:0xffffffff:2:no
[5216] numerical-eq:pktsearch-req-1st-4b:0xFFFFFF00:0x05010200:no
[5217] numerical-eq:pktsearch-req-pktlen:0xffffffff:3:no
[5218] string-match:pktsearch-req-text:\x05\x01\x00\x01#FD(fcase =no)(offset=0, depth=0)
[5219] string-match:pktsearch-rsp-text:\x05\x00#FE\x00\x01(fcase =no)(offset=0, depth=0)
[5220] numerical-eq:pktsearch-req-1st-4b:0xFFFF0000:0x04010000:no
[5221] numerical-eq:pktsearch-rsp-1st-4b:0xFFFF0000:0x005A0000:no
[5222] numerical-eq:pktsearch-rsp-pktlen:0xffffffff:8:no
[5223] string-match:http-req-uri-path:index\.php(fcase =no)
[5224] string-match:http-req-uri-query-param-name:req_path(fcase =no)
[5225] string-match:http-req-uri-path:/WebConsole(fcase =no)
[5226] string-match:http-req-uri-path:/TreeAction\.do(fcase =no)
[5227] string-match:http-req-uri-query-param-name:(javascript|index|action)(fcase =yes)
[5228] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:2000:no
[5229] string-match:http-req-uri-path:/isqlplus/(fcase =no)
[5230] string-match:http-req-uri-path:/login.uix(fcase =no)
[5231] string-match:http-req-query-param-name:(username|password)(fcase =no)
[5232] unsigned-gt:http-req-query-param-value-length:0xffffffff:32768:no
[5233] string-match:http-req-query-param-name:connectID(fcase =no)
[5234] unsigned-gt:http-req-query-param-value-length:0xffffffff:255:no
[5235] string-match:smtp-message-body:CLSID:EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F(fcase =yes)
[5236] string-match:smtp-message-body:\x3c/object\x3e(fcase =yes)
[5237] unsigned-gt:smtp-from-message-header-length:0xffffffff:500:no
[5238] string-match:smtp-from-message-header:\x83\xec\x50\xeb\x0c\xb9\x41\x10(fcase =no)
[5239] string-match:smtp-from-message-header:\x22\x5c\x22\x5c\x22\x5c\x22\x5c\x22\x5c\x22\x5c(fcase =yes)
[5240] string-match-ap:req-content-text:\xE3\x16\x00\x00\x00\x58(fcase =no)
[5241] string-match-ap:req-content-text:\xE3\x16\x00\x00\x00\x54(fcase =no)
[5242] string-match-ap:req-content-text:\xE3\x29\x00\x00\x00\x47(fcase =no)
[5243] string-match-ap:rsp-content-text:\xE3\x16\x00\x00\x00\x58(fcase =no)
[5244] string-match-ap:rsp-content-text:\xE3\x16\x00\x00\x00\x54(fcase =no)
[5245] string-match-ap:rsp-content-text:\xE3\x29\x00\x00\x00\x47(fcase =no)
[5246] string-match:http-req-uri-path:\x82\x10\x20\x0b\x91\xd0\x20\x08(fcase =no)
[5247] unsigned-gt:tftp-option-value-length:0xffffffff:256:no
[5248] string-match:http-req-uri-path:/form2raw\.cgi(fcase =yes)
[5249] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:153:no
[5250] numerical-eq:netbios-ss-dcerpc-req-TAPI-op-num:0xffffffff:0x01:no
[5251] unsigned-gt:netbios-ss-dcerpc-req-TAPI-frag-length:0xffffffff:2048:no
[5252] string-match:http-post-req-user-agent-header:groove\.net(fcase =no)
[5253] string-match:http-req-user-agent-header:GrooveAgent WinInet(fcase =no)
[5254] string-match:http-post-req-uri-path:/gms\.dll(fcase =no)
[5255] unsigned-gt:ftp-list-cmd-param-argument-len:0xffffffff:32:no
[5256] unsigned-gt:ftp-nlst-cmd-param-argument-len:0xffffffff:32:no
[5257] unsigned-gt:ftp-stat-cmd-param-argument-len:0xffffffff:32:no
[5258] unsigned-gt:irc-rsp-join-msg-param-len:0xffffffff:300:no
[5259] string-match:http-req-uri-path:SoftCart\.exe(fcase =yes)
[5260] string-match:http-req-uri-query-params:scstore(fcase =yes)
[5261] unsigned-gt:sip-req-invite-via-header-len:0xffffffff:150:no
[5262] unsigned-gt:sip-req-invite-to-header-len:0xffffffff:340:no
[5263] unsigned-gt:sip-req-invite-from-header-len:0xffffffff:260:no
[5264] string-match:irc-req-nick-cmd-param:d%[1..9](fcase =no)
[5265] string-match:irc-req-nick-cmd-param:$hn(fcase =no)
[5266] string-match:pktsearch-distcc-req-text:DIST00000001(fcase =no)
[5267] string-match:pktsearch-distcc-req-text:ARGC0000(fcase =no)
[5268] string-match:pktsearch-distcc-req-text:ARGV0000(fcase =no)
[5269] string-match:tns-req-dbms-metadata-param-text:\'\'\'\|\|(fcase =yes)
[5270] numerical-eq:http-dst-port:0xffffffff:8090:no
[5271] string-match:http-req-uri-path:/tuner/TunerGuide\.php3(fcase =no)
[5272] string-match:http-req-uri-query-param-name:userID(fcase =no)
[5273] unsigned-gt:http-req-uri-query-param-value-length:0xffffffff:256:no
[5274] string-match:http-req-uri-path:/ComGetLogFile\.php3(fcase =no)
[5275] string-match:http-req-uri-query-param-value:\.log(fcase =no)
[5276] numerical-eq:icmp-error-code:0xffffffff:LOKI-TUNNEL:no
[5277] unsigned-gt:tns-req-tz-offset-param-text-len:0xffffffff:128:no
[5278] unsigned-gt:tns-req-validate-geom-param-text-len:0xffffffff:176:no
[5279] unsigned-gt:tns-req-validate-geom-param-text-len:0xffffffff:21:no
[5280] string-match:smtp-message-body:CLSID:03D9F3F2-B0E3-11D2-B081-006008039BF0(fcase =yes)
[5281] string-match:rdp-req-cr-pdu-text:\x00\x00cookie(fcase =yes)(offset=0, depth=40)
[5282] string-match:rdp-req-text:^\x30\x33\x03\x00\x00\x27\x22\xE0(fcase =no)
[5283] string-match:rdp-req-text:\x41\x05\x00\x00\x00\x02\x02\x00\x00(fcase =no)
[5284] unsigned-lt:rdp-req-pdu-text-len:0xffffffff:8:no
[5285] string-match:ftp-site-cmd-param:CHMOD(fcase =yes)
[5286] string-match:http-req-authorization-header:IwYjBAMCBwA=(fcase =no)
[5287] string-match:http-req-authorization-header:\x67\x4f\x43\x42\x41\x45\x41\x51\x55\x46\x42\x51\x55\x46\x42\x51(fcase =yes)
[5288] string-match:http-req-authorization-header:\x30\x4e\x44\x51\x30\x4e\x44\x51\x30\x4e\x44\x49\x34\x49\x45\x49(fcase =yes)
[5289] string-match:http-req-authorization-header:\x45\x52\x45\x52\x41\x3d\x3d(fcase =yes)
[5290] string-match:http-req-authorization-header:YGKwYBBQUCo(fcase =no)
[5291] string-match:http-req-authorization-header:I4IEIAMJAOsGkJCQkJCQ(fcase =no)
[5292] string-match:http-req-header:Icy-Metadata:(fcase =yes)
[5293] string-match:http-req-user-agent-header:iTunes(fcase =yes)
[5294] string-match:http-req-user-agent-header:RMA(fcase =yes)
[5295] string-match:http-req-user-agent-header:WinampMPEG(fcase =yes)
[5296] string-match:http-req-user-agent-header:ultravox(fcase =yes)
[5297] string-match:http-req-user-agent-header:MPlayer(fcase =yes)
[5298] string-match:http-req-user-agent-header:xmms(fcase =yes)
[5299] string-match:http-req-user-agent-header:Nullsoft(fcase =yes)
[5300] string-match:http-req-user-agent-header:VLC Media(fcase =yes)
[5301] string-match:smtp-message-body:CLSID:860BB310-5D01-11D0-BD3B-00A0C911CE86(fcase =yes)
[5302] string-match:smtp-message-body:CLSID:E0F158E1-CB04-11D0-BD4E-00A0C911CE86(fcase =yes)
[5303] string-match:smtp-message-body:CLSID:083863F1-70DE-11D0-BD40-00A0C911CE86(fcase =yes)
[5304] string-match:smtp-message-body:CLSID:33D9A76(\x30#FE|\x32)-90C8-11D0-BD43-00A0C911CE86(fcase =yes)
[5305] string-match:smtp-message-body:CLSID:4EFE2452-168A-11D1-BC76-00C04FB9453B(fcase =yes)
[5306] string-match:smtp-message-body:CLSID:18AB439E-FCF4-40D4-90DA-F79BAA3B0655(fcase =yes)
[5307] string-match:smtp-message-body:CLSID:31087270-D348-432C-899E-2D2F38FF29A0(fcase =yes)
[5308] string-match:smtp-message-body:CLSID:D2923B86-15F1-46FF-A19A-DE825F919576(fcase =yes)
[5309] string-match:smtp-message-body:CLSID:FD78D554-4C6E-11D0-970D-00A0C9191601(fcase =yes)
[5310] string-match:smtp-message-body:CLSID:52CA3BCF-3B9B-419E-A3D6-5D28C0B0B50C(fcase =yes)
[5311] string-match:smtp-message-body:CLSID:01E04581-4EEE-11D0-BFE9-00AA005B4383(fcase =yes)
[5312] string-match:smtp-message-body:CLSID:AF604EFE-8897-11D1-B944-00A0C90312E1(fcase =yes)
[5313] string-match:smtp-message-body:CLSID:7849596A-48EA-486E-8937-A2A3009F31A9(fcase =yes)
[5314] string-match:smtp-message-body:CLSID:FBEB8A05-BEEE-4442-804E-409D6C4515E9(fcase =yes)
[5315] string-match:smtp-message-body:CLSID:3050F391-98B5-11CF-BB82-00AA00BDCE0B(fcase =yes)
[5316] string-match:smtp-message-body:CLSID:8EE42293-C315-11D0-8D6F-00A0C9A06E1F(fcase =yes)
[5317] string-match:smtp-message-body:CLSID:2A6EB050-7F1C-11CE-BE57-00AA0051FE20(fcase =yes)
[5318] string-match:smtp-message-body:CLSID:510A4910-7F1C-11CE-BE57-00AA0051FE20(fcase =yes)
[5319] string-match:smtp-message-body:CLSID:6D36CE10-7F1C-11CE-BE57-00AA0051FE20(fcase =yes)
[5320] string-match:smtp-message-body:CLSID:860D28D0-8BF4-11CE-BE59-00AA0051FE20(fcase =yes)
[5321] string-match:smtp-message-body:CLSID:9478F640-7F1C-11CE-BE57-00AA0051FE20(fcase =yes)
[5322] string-match:smtp-message-body:CLSID:B0516FF0-7F1C-11CE-BE57-00AA0051FE20(fcase =yes)
[5323] string-match:smtp-message-body:CLSID:D99F7670-7F1A-11CE-BE57-00AA0051FE20(fcase =yes)
[5324] string-match:smtp-message-body:CLSID:EEED4C20-7F1B-11CE-BE57-00AA0051FE20(fcase =yes)
[5325] string-match:smtp-message-body:CLSID:C7B6C04A-CBB5-11D0-BB4C-00C04FC2F410(fcase =yes)
[5326] string-match:smtp-message-body:CLSID:85BBD920-42A0-1069-A2E4-08002B30309D(fcase =yes)
[5327] string-match:smtp-message-body:CLSID:E846F0A0-D367-11D1-8286-00A0C9231C29(fcase =yes)
[5328] string-match:smtp-message-body:CLSID:B4B3AECB-DFD6-11D1-9DAA-00805F85CFE3(fcase =yes)
[5329] string-match:smtp-message-body:CLSID:ECABB0BF-7F19-11D2-978E-0000F8757E2A(fcase =yes)
[5330] string-match:smtp-message-body:CLSID:466D66FA-9616-11D2-9342-0000F875AE17(fcase =yes)
[5331] string-match:smtp-message-body:CLSID:67DCC487-AA48-11D1-8F4F-00C04FB611C7(fcase =yes)
[5332] string-match:smtp-message-body:CLSID:00022613-0000-0000-C000-000000000046(fcase =yes)
[5333] string-match:smtp-message-body:CLSID:D2D588B5-D081-11D0-99E0-00C04FC2F8EC(fcase =yes)
[5334] string-match:smtp-message-body:CLSID:5D08B586-343A-11D0-AD46-00C04FD8FDFF(fcase =yes)
[5335] string-match:smtp-message-body:CLSID:CC7BFB4\x32#FE-F175-11D1-A392-00E0291F3959(fcase =yes)
[5336] string-match:smtp-message-body:CLSID:3F8A6C33-E0FD-11D0-8A8C-00A0C90C2BC5(fcase =yes)