Professional Documents
Culture Documents
Describing Signature
Engines
Specify
Type of
ARP Sig
Specify
Request
Inbalance
Storage
Key
Fragment
Status: Not
Fragmented
Layer 4
Specify Protocol:
Layer 4 TCP Protocol
Protocol
TCP
Flags:
SYN
TCP
Mask:
Syn, Ack
Specify
Payload
Inspection
Gap
Peaks
Rate
Protocol
Rate: 25
Protocol: ICMP
ICMP Type: 8
Signature 5081 Signature 5124 Signature 5114 Signature 3215 Signature 3216
cmd.exe Access IIS CGI Decode IIS Unicode Attack Dot Dot Execute Dot Dot Crash
NIMDA
Meta Reset
Interval
Component
List
Component
List in Order
Specify
Fragment
Reassembly
Timeout
Fragment
Specify Reassembly
Hijack Max Timeout
Old ACK
Max Old
ACK
Specify SYN
Flood Max
Embryonic SYN Flood
Max
Embryonic
Service H225 Examines the call signaling and setup in VoIP traffic
Protocol
Specify Query
Src Port 53
Query Src
Port 53
Specify
Query
Value Query
Value
Direction
Service Ports
Swap
Attacker
Victim
Specify
Dst Port
Dst Port
Specify
Payload Payload
Source Source
Gatekeeper
H.
)
DP
22
5
(U
RA
S
RA
S
IP QoS Network
(U
5
DP
22
H.
)
H.225 (Q.931) Call Setup (TCP)
Gateway A Gateway B
QoS=quality of service
RAS=registration, admission, and status
Message
Type:
Q.931
Policy
Type:
Length
Check Value
Range:
Specify Value 1-3
Range: Yes
De-Obfuscate
Specify Request
Regex
Request Regex
Service Ports
Inspection
Type
Service Ports
Direction
Protocol
Regex
String
Specify SQL
Username
SQL Username
Password Present
Inspection Type
Operation Mode
Control Opcode
Direction
Protocol
Service
Ports
Specify
RPC RPC
Program Program
Service
Ports
Specify
Word
Count
Word
Count
Community Name
Length Type
Service Ports
Packet Depth
State
Machine
Direction
Service
Ports
Direction
ICMP
Type
Service
Ports
Direction
Service
Ports
Direction
Sweep Other TCP Detects odd sweeps and scans such as Queso
Unique
Protocol
Mask
TCP
Flags
Specify Storage
Port Key
Range
Port
Range
TCP
Flags
TCP
Flags
Inspection Type
Want Request
Reply Ratio
Configuration Application
Policy
Enable
HTTP
Max HTTP
Requests
AIC Web
Signature Ports
Definition
Enable
FTP
Miscellaneous
Selected
Engine:
AIC FTP
Unrecognized
FTP command
Enable
Selected Engine:
AIC HTTP
Content Type
image/gif
Event Action
Signature Type
Content Types
Name
Content
Type Details