Trellix Intrusion Prevention System correlated attacks
Technical Articles ID:
KB60305
Last Modified: 1/19/2024
Last Modified: 1/19/2024
Environment
Trellix Intrusion Prevention System (Trellix IPS)
Network Security Platform (NSP) has been rebranded as Trellix Intrusion Prevention System (TIPS).
For more information about the changes made to the product see the related articles below:
Network Security Platform (NSP) has been rebranded as Trellix Intrusion Prevention System (TIPS).
For more information about the changes made to the product see the related articles below:
Summary
Recent updates to this article
Date | Update |
January 19, 2024 | Removed the category tags for End of Life versions. |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
(Correlated) Attack Name | (Correlated) Attack ID | (Correlated) Attack Severity | Suppress-Failure | (Correlated) Attack Category |
(Correlated) Attack Subcategory | (Component) Attack Name | (Component) Attack ID | (Component) Attack Severity | (Component) Attack Blockable Option in NSM 6.1 and later |
BOT: Virut Bot Activity Detected | 0x43f00100 | 5 | no | Reconnaissance | multi-aid-knownbot | IRC: IRC Client Activity Detected | 0x40f00100 | 4 | Allowed |
BOT: Virut Bot Activity Detected | 0x43f00100 | 5 | yes | Reconnaissance | multi-aid-knownbot | KERBEROS: Non-Kerberos Traffic Detected | 0x43000c00 | 3 | Disallowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: Client Hello Invalid Unix Timestamp | 0x45c02500 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: TLS Alert Warning Found | 0x45c02600 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type A Query Response Errors Found | 0x43f00700 | 4 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x43f00800 | 5 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Potential Bot Activity - Multiple Resets from SMTP receiver | 0x43f00900 | 5 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type MX Query Response Errors Found | 0x43f00a00 | 4 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | Heuristic SMTP: Multiple Emails sent without Authentication | 0x43f00b00 | 5 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected | 0x45c02300 | 0 | Disallowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | IRC: IRC Client Activity Detected | 0x40f00100 | 4 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found in Zip Files | 0x402a3800 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Password Protected Zip File Found | 0x402a3900 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | DNS: Recursive Query To Root Servers Found | 0x40304200 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | Bot: Potential Stealth Scanner Detected | 0x00011400 | 5 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Invalid Flow Detected | 0x40211000 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | BOT: HTran Connection Bouncer Error Message Detected | 0x48805400 | 5 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to Wrong Hello Record Type | 0x45c02900 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to wrong Record Version | 0x45c02a00 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to Wrong Handshake Type | 0x45c02b00 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Obfuscated Javascript in PDF Detected | 0x402a3a00 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Javascript Shellcode in PDF Detected | 0x402a3b00 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Packed JavaScript Found | 0x40271f00 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable File in PDF File Detected | 0x40275700 | 7 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Possible attempt to create javascript shellcode | 0x4022f900 | 2 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: XOR Encrypted Executable File Found In HTTP Response | 0x402be700 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Hidden or Invisible HTML IFrame Detected | 0x4022a200 | 2 | Disallowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found In Password Protected Zip File | 0x402bb800 | 0 | Allowed |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | 5 | no | Reconnaissance | multi-aid-zeroday | HTTP: Embedded Exe Detected | 0x402bf700 | 8 | Disallowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | SSL: TLS Alert Warning Found | 0x45c02600 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type A Query Response Errors Found | 0x43f00700 | 4 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x43f00800 | 5 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Potential Bot Activity - Multiple Resets from SMTP receiver | 0x43f00900 | 5 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type MX Query Response Errors Found | 0x43f00a00 | 4 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | Heuristic SMTP: Multiple Emails sent without Authentication | 0x43f00b00 | 5 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | IRC: IRC Client Activity Detected | 0x40f00100 | 4 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found in Zip Files | 0x402a3800 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Password Protected Zip File Found | 0x402a3900 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | DNS: Recursive Query To Root Servers Found | 0x40304200 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | Bot: Potential Stealth Scanner Detected | 0x00011400 | 5 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Invalid Flow Detected | 0x40211000 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | BOT: HTran Connection Bouncer Error Message Detected | 0x48805400 | 5 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to wrong Record Version | 0x45c02a00 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to Wrong Handshake Type | 0x45c02b00 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Obfuscated Javascript in PDF Detected | 0x402a3a00 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Javascript Shellcode in PDF Detected | 0x402a3b00 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Packed JavaScript Found | 0x40271f00 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable File in PDF File Detected | 0x40275700 | 7 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Possible attempt to create javascript shellcode | 0x4022f900 | 2 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: XOR Encrypted Executable File Found In HTTP Response | 0x402be700 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Hidden or Invisible HTML IFrame Detected | 0x4022a200 | 2 | Disallowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found In Password Protected Zip File | 0x402bb800 | 0 | Allowed |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | 8 | no | Reconnaissance | multi-aid-zeroday | HTTP: Embedded Exe Detected | 0x402bf700 | 8 | Disallowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: Client Hello Invalid Unix Timestamp | 0x45c02500 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: TLS Alert Warning Found | 0x45c02600 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type A Query Response Errors Found | 0x43f00700 | 4 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x43f00800 | 5 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | BOT Heuristic: Potential Bot Activity - Multiple Resets from SMTP receiver | 0x43f00900 | 5 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | Heuristic DNS: Too Many Type MX Query Response Errors Found | 0x43f00a00 | 4 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | Heuristic SMTP: Multiple Emails sent without Authentication | 0x43f00b00 | 5 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected | 0x45c02300 | 0 | Disallowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | IRC: IRC Client Activity Detected | 0x40f00100 | 4 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found in Zip Files | 0x402a3800 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Password Protected Zip File Found | 0x402a3900 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | DNS: Recursive Query To Root Servers Found | 0x40304200 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | Bot: Potential Stealth Scanner Detected | 0x00011400 | 5 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Invalid Flow Detected | 0x40211000 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | BOT: HTran Connection Bouncer Error Message Detected | 0x48805400 | 5 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to Wrong Hello Record Type | 0x45c02900 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to wrong Record Version | 0x45c02a00 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | SSL: Invalid SSL Flow Detected Due to Wrong Handshake Type | 0x45c02b00 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Obfuscated Javascript in PDF Detected | 0x402a3a00 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Javascript Shellcode in PDF Detected | 0x402a3b00 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Packed JavaScript Found | 0x40271f00 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable File in PDF File Detected | 0x40275700 | 7 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Possible attempt to create javascript shellcode | 0x4022f900 | 2 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: XOR Encrypted Executable File Found In HTTP Response | 0x402be700 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Hidden or Invisible HTML IFrame Detected | 0x4022a200 | 2 | Disallowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Executable Files Found In Password Protected Zip File | 0x402bb800 | 0 | Allowed |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | 3 | no | Reconnaissance | multi-aid-zeroday | HTTP: Embedded Exe Detected | 0x402bf700 | 8 | Disallowed |
Heuristic DNS: Too Many Type A Query Response Errors Found | 0x43f00700 | 4 | no | Reconnaissance | multi-aid | DNS: Standard Query Type A Response Error Found | 0x40304000 | 0 | Disallowed |
BOT Heuristic: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x43f00800 | 5 | no | Reconnaissance | multi-aid | SMTP: Server Rejection due to Blacklist | 0x4040ea00 | 0 | Allowed |
BOT Heuristic: Potential Bot Activity - Multiple Resets from SMTP receiver | 0x43f00900 | 5 | no | Reconnaissance | multi-aid | SMTP: Unexpected Server Rejection | 0x4040eb00 | 0 | Allowed |
Heuristic DNS: Too Many Type MX Query Response Errors Found | 0x43f00a00 | 4 | no | Reconnaissance | multi-aid | DNS: Standard Query Type MX Response Error Found | 0x40304100 | 0 | Disallowed |
Heuristic SMTP: Multiple Emails sent without Authentication | 0x43f00b00 | 5 | no | Reconnaissance | multi-aid | SMTP: Email sent without Authentication | 0x4040ec00 | 0 | Allowed |
BOT: Possible Blackhole Activity Detected | 0x43f00c00 | 5 | no | Reconnaissance | multi-aid-knownbot | HTTP: Potential Blackhole URI Request Detected | 0x402bf900 | 5 | Allowed |
BOT: Possible Blackhole Activity Detected | 0x43f00c00 | 5 | no | Reconnaissance | multi-aid-knownbot | HTTP: Potential Blackhole File Download Request Detected | 0x402bfa00 | 5 | Allowed |
DNS: ISC BIND Referral CNAME and DNAME Assertion Failure DoS (CVE-2017-3137) | 0x43f01300 | 5 | yes | Reconnaissance | multi-aid | DNS: ISC BIND Referral CNAME and DNAME Assertion Failure DoS (CVE-2017-3137) II | 0x4030bf00 | 0 | Disallowed |
DNS: ISC BIND Referral CNAME and DNAME Assertion Failure DoS (CVE-2017-3137) | 0x43f01300 | 5 | yes | Reconnaissance | multi-aid | DNS: ISC BIND Referral CNAME and DNAME Assertion Failure DoS I (CVE-2017-3137) | 0x4030be00 | 0 | Disallowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | yes | Reconnaissance | multi-aid | HTTP: Advantech WebAccess updateTemplate Request | 0x451f8c00 | 0 | Disallowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection - Exploit | 0x40216400 | 4 | Allowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection Attack Detected | 0x4029d300 | 7 | Allowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection - Exploit II | 0x4023dd00 | 5 | Allowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection - Exploit III | 0x4023de00 | 4 | Allowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection - Exploit IV | 0x4026aa00 | 0 | Allowed |
HTTP: Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154) | 0x43f01400 | 5 | no | Reconnaissance | multi-aid | HTTP: SQL Injection - Exploit V | 0x4026ab00 | 0 | Allowed |
HTTP: Network Weather Map persistent XSS vulnerability (CVE-2013-2618) | 0x43f01600 | 7 | no | Reconnaissance | multi-aid | HTTP: Network Weather Map persistent XSS vulnerability (CVE-2013-2618) maid 1 | 0x451c2c00 | 0 | Allowed |
HTTP: Network Weather Map persistent XSS vulnerability (CVE-2013-2618) | 0x43f01600 | 7 | no | Reconnaissance | multi-aid | HTTP: Network Weather Map persistent XSS vulnerability (CVE-2013-2618) maid 2 | 0x451c2d00 | 0 | Allowed |
SSL: Possible Poodle Attack on SSLv3 Vulnerability Detected (CVE-2014-3566) | 0x40020400 | 6 | no | Reconnaissance | brute-force | SSL: SSLv3 Session Detected | 0x45c05200 | 0 | Allowed |
DNS: Too Many Type NS Query Attack Detected | 0x40306d00 | 7 | yes | Reconnaissance | brute-force | DNS: ISC BIND Recursive Resolver Resource Consumption Denial of Service Vulnerability | 0x40306c00 | 0 | Disallowed |
DNS: Squid Proxy DNS Response Spoofing Detected | 0x40308200 | 7 | no | Reconnaissance | brute-force | DNS: Squid Proxy DNS Response Spoofing Vulnerability | 0x40308100 | 5 | Allowed |
DNS: Potential DNS Tunneling - Many NULL Type DNS Queries | 0x40308400 | 2 | yes | Reconnaissance | brute-force | DNS: Null Type Record Query Detected | 0x40308300 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt | 0x40308600 | 6 | yes | Reconnaissance | brute-force | DNS: Suspicious TXT Type DNS Query Detected | 0x40308500 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt II | 0x40308800 | 5 | yes | Reconnaissance | brute-force | DNS: Suspicious DNS Query Detected | 0x40308700 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt IV | 0x40308d00 | 4 | yes | Reconnaissance | brute-force | DNS: Suspicious DNS Query Detected II | 0x40308b00 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt III | 0x40309300 | 2 | yes | Reconnaissance | brute-force | DNS: Overly Long Name DNS Query Detected I | 0x40309000 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt V | 0x40309400 | 2 | yes | Reconnaissance | brute-force | DNS: Overly Long Name DNS Query Detected II | 0x40309100 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt VI | 0x40309500 | 2 | yes | Reconnaissance | brute-force | DNS: Overly Long Name DNS Query Detected III | 0x40309200 | 0 | Disallowed |
DNS: Possible DNS Tunneling Attempt VIII | 0x4030bd00 | 2 | yes | Reconnaissance | brute-force | DNS: Detected Suspicious DNS Query IV | 0x4030bc00 | 0 | Disallowed |
DNS: ISC BIND RPZ Rule Processing Denial of Service Vulnerability (CVE-2017-3140) | 0x4030c500 | 6 | yes | Reconnaissance | brute-force | DNS: ISC BIND RPZ Rule Processing Vulnerability (CVE-2017-3140) | 0x4030c400 | 0 | Disallowed |
SNMP: SNMP Amplification DDoS | 0x40a04100 | 4 | yes | Reconnaissance | brute-force | SNMP: Big Get-Response Packet Detected | 0x40a04000 | 0 | Disallowed |
TFTP: TFTP possible reflection amplification DDoS attack detected | 0x41501e00 | 6 | yes | Reconnaissance | brute-force | TFTP: TFTP Possible Reflection Amplification Correlated Attack | 0x41501d00 | 1 | Disallowed |
NETBIOS-SS: SMBloris attack detected | 0x43c0cc00 | 6 | yes | Reconnaissance | brute-force | NETBIOS-SS: SMBLoris Denial of Service Vulnerability | 0x43c0cb00 | 0 | Disallowed |
NETBIOS-SS: NTLM Authentication Brute Force | 0x43c0df00 | 4 | yes | Reconnaissance | brute-force | NETBIOS-SS: NTLM Activity Detected | 0x43c0de00 | 0 | Disallowed |
HTTP: PHP Multipart Form-Data Request Parsing DoS | 0x4516cc00 | 5 | yes | Reconnaissance | brute-force | HTTP: Possible Malicious Multipart Form-Data Request Detected | 0x4516c800 | 1 | Disallowed |
HTTP: Hydra Tool Brute Force Attack | 0x451d5b00 | 4 | yes | Reconnaissance | brute-force | HTTP: Hydra Tool Traffic Detected | 0x451d5c00 | 0 | Disallowed |
HTTP: WPScan Tool Brute Force Attack | 0x451d6000 | 4 | yes | Reconnaissance | brute-force | HTTP: WPScan Tool Traffic Detected | 0x451d5f00 | 0 | Disallowed |
HTTP: Drupal Xmlrpc.php DoS Attack Detected | 0x451d7600 | 7 | no | Reconnaissance | brute-force | HTTP: XMLRPC PHP DOS Detected | 0x451d7500 | 4 | Allowed |
HTTP: Possible Login Bruteforce Detected | 0x451db200 | 4 | yes | Reconnaissance | brute-force | HTTP: Generic Login Attempt | 0x451db100 | 0 | Disallowed |
HTTP: Possible HTTP KeepAlive DoS Detected | 0x451db400 | 7 | no | Reconnaissance | brute-force | HTTP: KeepAlive Request Detected | 0x451db300 | 5 | Allowed |
HTTP: Possible Oracle OAM Brute Force Login Attempt Detected (CVE-2018-2879) | 0x45235b00 | 4 | yes | Reconnaissance | brute-force | HTTP: Oracle OAM Login Attempt | 0x45235a00 | 0 | Disallowed |
SSH: OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service | 0x45b01e00 | 4 | no | Reconnaissance | brute-force | SSH: OpenSSH Connection Detected | 0x45b01d00 | 0 | Allowed |
SSL: OpenSSL DTLS Hello Message DoS Vulnerability | 0x45c04800 | 4 | no | Reconnaissance | brute-force | SSL: OpenSSL DTLS Possible Hello Message Denial Of Service | 0x45c04700 | 7 | Allowed |
SSL: OpenSSL DTLS Process Out of Sequence Message DoS | 0x45c05100 | 4 | no | Reconnaissance | brute-force | SSL: OpenSSL DTLS Process Out Of Seq Message Denial Of Service | 0x45c05000 | 7 | Allowed |
SSL: OpenSSL Invalid Session Ticket Denial Of Service | 0x45c05700 | 4 | yes | Reconnaissance | brute-force | SSL: NON-Zero Length Session Ticket Extension | 0x45c05600 | 0 | Disallowed |
SSL: OpenSSL DTLS SRTP Extension Parsing Denial of Service | 0x45c05900 | 7 | no | Reconnaissance | brute-force | SSL: Malicious use_srtp Extension Detected in TLS | 0x45c05800 | 7 | Allowed |
SSL: Possible Poodle Attack on TLSv1.x Vulnerability Detected | 0x45c05b00 | 5 | no | Reconnaissance | brute-force | SSL: TLSv1.x Session Detected | 0x45c05a00 | 0 | Allowed |
SSL: OpenSSL DTLS Buffer Record Function Denial Of Service | 0x45c05f00 | 7 | yes | Reconnaissance | brute-force | SSL: OpenSSL DTLS Handshake or Alert Traffic Detected | 0x45c05e00 | 0 | Disallowed |
pktsearch: Red Leaves traffic detected (APT10 implant_NIDS979) | 0x45d3c900 | 8 | yes | Reconnaissance | brute-force | PKTSEARCH: RedLeaves Magic Packet Detected I (APT10 implant_NIDS979) | 0x45d3c700 | 0 | Disallowed |
pktsearch: Red Leaves traffic detected (APT10 implant_NIDS979) | 0x45d3c900 | 8 | yes | Reconnaissance | brute-force | PKTSEARCH: RedLeaves Magic Packet Detected I (APT10 implant_NIDS979) | 0x45d3c700 | 0 | Disallowed |
pktsearch: Red Leaves traffic detected (APT10 implant_NIDS979) | 0x45d3c900 | 8 | yes | Reconnaissance | brute-force | PKTSEARCH: RedLeaves Magic Packet Detected II (APT10 implant_NIDS979) | 0x45d3c800 | 0 | Disallowed |
BOT: ZeroAccess CnC Activity Detected | 0x48812800 | 6 | no | Reconnaissance | host-sweep | BOT: ZeroAccess Traffic Detected II | 0x48812700 | 5 | Allowed |
PKTSEARCH: Memcached Amplification Attack Detected | 0x45d3fd00 | 6 | Yes | Reconnaissance | brute-force | PKTSEARCH: Memcached Response Traffic Detected | 0x45d3fc00 | 0 | Disallowed |
ICMP: Loki2 Tunnel Detected II | 0x40102d00 | 6 | Yes | Reconnaissance | brute-force | ICMP: LOKI2 Tunnel Detected | 0x40101800 | 0 | Disallowed |
SMTP: Possible Brute Force Attack Detected | 0x40416c00 | 6 | Yes | Reconnaissance | brute-force | SMTP: Authentication Failure Seen | 0x40416b00 | 0 | Disallowed |
SSL: Possible OpenSSL Denial of Service via memory exhaustion (CVE-2016-6304) | 0x43f01000 | 5 | Yes | Reconnaissance | Multi-Attack Correlation | SSL: OCSP extension enabled in client hello, OpenSSL: Handshake packet seen |
0x45c08e00, 0x45d39e00 | 0 | Disallowed |
SSL: OpenSSL Memory Exhaustion DOS Vulnerability | 0x4001ab00 | 4 | Yes | Reconnaissance | brute-force | SSL: OpenSSL Memory Leak Vulnerability (CVE-2009-1378) | 0x45c08c00 | 1 | Disallowed |
Botnet: DGA Heuristic Detection of Botnet Zombie | 0x43f00d00 | 7 | No | Reconnaissance | Multi-Attack Correlation | Botnet: DNS Name Lookup Failure Matching DGA Heuristics | 0x4880db00 | 9 | Disallowed |
ICMP: Time stamp Request Host Sweep | 0x40000200 | 4 | No | Reconnaissance | host-sweep | ICMP: Time stamp Probe | 0x40100300 | 3 | Allowed |
TCP: FIN Port Scan | 0x40009800 | 4 | No | Reconnaissance | port-scan | TCP: Illegal FIN Probe | 0x40011300 | 2 | Allowed |
TCP: NULL Port Scan | 0x4000a000 | 4 | No | Reconnaissance | port-scan | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
TCP: XMAS Port Scan | 0x4000a100 | 4 | No | Reconnaissance | port-scan | NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed |
TCP: FIN Host Sweep | 0x4000a900 | 4 | No | Reconnaissance | host-sweep | TCP: Illegal FIN Probe | 0x40011300 | 2 | Allowed |
TCP: NULL Host Sweep | 0x4000aa00 | 4 | No | Reconnaissance | host-sweep | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
TCP: XMAS Host Sweep | 0x4000ab00 | 4 | No | Reconnaissance | host-sweep | NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed |
TCP: Fingerprinting NMAP | 0x4000b300 | 4 | No | Reconnaissance | fingerprinting | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed | ||||||
NMAP: XMAS with SYN Probe | 0x4000ba00 | 5 | Allowed | ||||||
TCP: Fingerprinting Queso | 0x4000b400 | 4 | Yes | Reconnaissance | fingerprinting | TCP: Illegal FIN Probe | 0x40011300 | 2 | Disallowed |
Yes | SCAN: SYN FIN Based Probes | 0x4000ec00 | 3 | Disallowed | |||||
No | TCP: Bare Push Probe | 0x4000bc00 | 5 | Allowed | |||||
ICMP: Netmask Request Host Sweep | 0x40011d00 | 4 | No | Reconnaissance | host-sweep | ICMP: Netmask Request | 0x40011600 | 3 | Allowed |
TELNET: Password Brute Force | 0x40012700 | 4 | Yes | Reconnaissance | brute-force | TELNET: Telnet Login Failure Detected | 0x40601200 | 2 | Disallowed |
RLOGIN: Password Brute Force | 0x40012800 | 4 | Yes | Reconnaissance | brute-force | RLOGIN: Failed Login | 0x40603100 | 2 | Disallowed |
RSH: Password Brute Force | 0x40012900 | 4 | Yes | Reconnaissance | brute-force | RSH: Login Failed | 0x41100100 | 2 | Disallowed |
REXEC: Password Brute Force | 0x40012a00 | 4 | Yes | Reconnaissance | brute-force | REXEC: Login Failed | 0x41101100 | 2 | Disallowed |
MSSQL: Password Brute Force | 0x40012b00 | 4 | Yes | Reconnaissance | brute-force | MSSQL: User Login Failed | 0x41a00a00 | 2 | Disallowed |
RADIUS: Authentication Brute Force | 0x40012c00 | 4 | Yes | Reconnaissance | brute-force | RADIUS: Access Denied | 0x41c00400 | 1 | Disallowed |
FTP: Login Brute Force | 0x40012d00 | 4 | Yes | Reconnaissance | brute-force | FTP: Login Failed | 0x40505600 | 1 | Disallowed |
IMAP: Password Brute Force | 0x40012e00 | 4 | Yes | Reconnaissance | brute-force | IMAP: IMAP Login Failure Detected | 0x41901b00 | 2 | Disallowed |
POP3: Password Brute Force | 0x40012f00 | 4 | Yes | Reconnaissance | brute-force | POP3: POP3 Login Failure Detected | 0x40902c00 | 2 | Disallowed |
SMTP: VRFY Brute Force | 0x40013000 | 4 | Yes | Reconnaissance | brute-force | SMTP: VRFY Command Used | 0x40013100 | 0 | Disallowed |
SMTP: EXPN Brute Force | 0x40013200 | 4 | Yes | Reconnaissance | brute-force | SMTP: EXPN Command Used | 0x40013300 | 0 | Disallowed |
NETBIOS-NS: NBTSTAT Sweep Activity Detected | 0x40013400 | 6 | Yes | Reconnaissance | service-sweep | NETBIOS-NS: NBTSTAT Scan | 0x40013500 | 1 | Disallowed |
NETBIOS-SS: Virus/Worm File Share Spread | 0x40013600 | 4 | Yes | Reconnaissance | service-sweep | NETBIOS-SS: Copy Executable File Attempt | 0x40706500 | 3 | Disallowed |
ORACLE: Brute Force Logon | 0x40014200 | 4 | Yes | Reconnaissance | brute-force | ORACLE: Oracle Login Failure Detected | 0x40014300 | 2 | Disallowed |
SSH: SSH Login Bruteforce Detected | 0x40014400 | 4 | Yes | Reconnaissance | brute-force | SSH: SSH Login Failure Detected | 0x40014500 | 1 | Disallowed |
TCP: SYN Packet Fixed Header Options DoS | 0x40014600 | 4 | Yes | Reconnaissance | brute-force | TCP: SYN Packet Fixed Options Header | 0x00009b00 | 0 | Disallowed |
WORM: W32/Conficker.C Activity Detected | 0x40014700 | 4 | Yes | Reconnaissance | service-sweep | P2P: Suspicious UDP Probe | 0x45d08f00 | 5 | Disallowed |
TCP: RST Resource Exhaustion DoS | 0x40014800 | 4 | Yes | Reconnaissance | brute-force | TCP: RST Socket Exhaustion Dos | 0x00009c00 | 5 | Disallowed |
P2P: KaZaA Client Sweep Activity Detected | 0x40015000 | 4 | No | Reconnaissance | service-sweep | P2P: KaZaA Client Connecting to Server | 0x40015100 | 5 | Allowed |
ICMP: Nachi Worm Host Sweep | 0x40015400 | 4 | No | Reconnaissance | host-sweep | ICMP: Nachi-like Ping | 0x40015500 | 6 | Allowed |
P2P: Share Sweep Traffic Detected | 0x40015a00 | 4 | Yes | Reconnaissance | service-sweep | P2P: Share-like Traffic Detected | 0x40015b00 | 5 | Disallowed |
P2P: Peer-to-peer Distributed File Download Obfuscated-Traffic Detected | 0x40015c00 | 4 | Yes | Reconnaissance | service-sweep | P2P: Unknown Long-lasting Obfuscated Binary Response Data-Stream Transfer Detected | 0x40015d00 | 5 | Disallowed |
BOT: W32/Nuwar@MM Client Sweep Activity Detected | 0x40016200 | 6 | Yes | Reconnaissance | service-sweep | BOT: W32/Nuwar@MM Encrypted Traffic | 0x40016300 | 7 | Disallowed |
SMTP: High Level of SMTP Activity | 0x40016700 | 1 | No | Reconnaissance | service-sweep | SMTP: RCPT TO Command Used | 0x40405800 | 0 | Allowed |
PCANYWHERE: Client Sweep Activity Detected | 0x40016e00 | 4 | Yes | Reconnaissance | service-sweep | PCANYWHERE: Client Scan Activity Detected | 0x43b00200 | 1 | Disallowed |
BOT: Spam-mailbot Communication Detected | 0x40017200 | 5 | No | Reconnaissance | service-sweep | BOT: Spam-mailbot Activity Detected | 0x45d06100 | 5 | Allowed |
DNS: Generic DNS Spoofing Attempt | 0x40017300 | 5 | Yes | Reconnaissance | brute-force | DNS: Generic Spoofing Activity | 0x40303400 | 5 | Disallowed |
DNS: Server Response Validation Vulnerability | 0x40017600 | 5 | Yes | Reconnaissance | brute-force | DNS: Microsoft DNS Server Response Validation Vulnerability II | 0x40303b00 | 5 | Disallowed |
TCP: Small Window DoS | 0x40019100 | 5 | Yes | Reconnaissance | brute-force | TCP: Small Window Flow Detected | 0x00009d00 | 1 | Disallowed |
Kerberos: Kerberos Login Bruteforce Detected | 0x40019800 | 4 | Yes | Reconnaissance | brute-force | KERBEROS: Kerberos Authentication Error Detected | 0x43001a00 | 4 | Disallowed |
NETBIOS-SS: Microsoft Windows SMB NTLM Authentication Lack of Entropy Vulnerability |
0x40019a00 | 4 | Yes | Reconnaissance | brute-force | NETBIOS-SS: Non Admin Access in NTLMSSP Auth | 0x4070b900 | 0 | Disallowed |
NETBIOS-SS: Microsoft Windows SMB Memory Corruption Vulnerability | 0x40019b00 | 4 | Yes | Reconnaissance | brute-force | NETBIOS-SS: SMB Negotiate | 0x4070bc00 | 0 | Disallowed |
DNS: Too Many Type A Query Response Errors Found | 0x40019c00 | 4 | Yes | Reconnaissance | brute-force | DNS: Standard Query Type A Response Error Found | 0x40304000 | 0 | Disallowed |
DNS: Too Many Type MX Query Response Errors Found | 0x40019d00 | 4 | Yes | Reconnaissance | brute-force | DNS: Standard Query Type MX Response Error Found | 0x40304100 | 0 | Disallowed |
SMTP: Multiple Emails sent without Authentication | 0x40019e00 | 5 | No | Reconnaissance | service-sweep | SMTP: Email sent without Authentication | 0x4040ec00 | 0 | Allowed |
BOT: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x40019f00 | 5 | No | Reconnaissance | service-sweep | SMTP: Server Rejection due to Blacklist | 0x4040ea00 | 0 | Allowed |
BOT: Potential Bot Activity -Multiple Resets from SMTP receiver | 0x4001a000 | 5 | No | Reconnaissance | service-sweep | SMTP: Unexpected Server Rejection | 0x4040eb00 | 0 | Allowed |
SIP: SIP Bruteforce Attack Detected-I | 0x4001a100 | 4 | Yes | Reconnaissance | brute-force | SIP: Unauthorized Access Attempt | 0x43801100 | 0 | Disallowed |
SIP: SIP Bruteforce Attack Detected-II | 0x4001a200 | 4 | Yes | Reconnaissance | brute-force | SIP: Server Authentication failure | 0x43801200 | 0 | Disallowed |
HTTP: Possible HTTP Brute Force Attack Against ASP.NET Pages | 0x4001b000 | 4 | Yes | Reconnaissance | brute-force | HTTP: HTTP ASP Page Internal Error | 0x40294800 | 5 | Disallowed |
HTTP: Possible HTTP LOIC Denial-of-Service Attack Detected | 0x4001c000 | 4 | Yes | Reconnaissance | brute-force | HTTP: Possible Non-Standard HTTP Traffic Detected | 0x40296500 | 0 | Disallowed |
HTTP: Possible HTTP GET LOIC Denial-of-Service Attack Detected | 0x4001d000 | 4 | Yes | Reconnaissance | brute-force | HTTP: Possible LOIC Get Request Detected | 0x40299d00 | 0 | Disallowed |
HTTP: Possible SSL Denial-of-Service Attack Detected | 0x4001e000 | 4 | No | Reconnaissance | brute-force | SSL: Invalid SSL Flow Detected | 0x45c02300 | 0 | Disallowed |
HTTP: HTTP Login Bruteforce Detected | 0x40256b00 | 4 | Yes | Reconnaissance | brute-force | HTTP: HTTP Authentication Failure | 0x40256a00 | 5 | Disallowed |
HTTP: Possible HTTP DoS Attack with Invalid HTML Page Access | 0x40280300 | 4 | Yes | Reconnaissance | brute-force | HTTP: HTTP HTML Page Not Found | 0x40280200 | 5 | Disallowed |
NETBIOS-SS: SMB Bruteforce Attempt | 0x4070ac00 | 4 | Yes | Reconnaissance | brute-force | NETBIOS-SS: SMB Logon Failed | 0x4070ab00 | 1 | Disallowed |
PGM: Large Volume of Small Data Fragments | 0x45d06800 | 2 | Yes | Reconnaissance | brute-force | PGM: Small Data Fragment | 0x45d06700 | 1 | Disallowed |
ORACLE: Oracle SID Login Bruteforce Detected | 0x46c06d00 | 4 | Yes | Reconnaissance | brute-force | ORACLE: ORACLE TNS CONNECT_DATA and SID Request Detected | 0x46c06c00 | 0 | Disallowed |
MySQL: Password Brute Force | 0x47101400 | 4 | Yes | Reconnaissance | brute-force | MySQL: Login Failed | 0x47100100 | 3 | Disallowed |
RDP: Terminal Service Denial of service | 0x4001f000 | 5 | Yes | Reconnaissance | brute-force | RDP: RST Packet Detected | 0x00011900 | 5 | Disallowed |
HTTP: Possible Anonymous OpMegaUpload DoS | 0x4001b100 | 5 | Yes | Reconnaissance | brute-force | HTTP: Anonymous OpMegaUpload Detected | 0x402b8400 | 5 | Disallowed |
NETBIOS-SS: Non Admin Access in NTLMSSP Auth II Denial of Service | 0x40020300 | 4 | Yes | Reconnaissance | brute-force | NETBIOS-SS: Non Admin Access in NTLMSSP Auth II | 0x43c03a00 | 4 | Disallowed |
FTP: VSFTPD Connection Handling DOS | 0x4050df00 | 4 | Yes | Reconnaissance | brute-force | FTP: VsFTPd Banner | 0x4050de00 | 0 | Disallowed |
NTP: NTP Amplification DoS | 0x41b00800 | 4 | Yes | Reconnaissance | brute-force | NTP: NTP Amplification Attacks | 0x41b00700 | 5 | Disallowed |
SSL: Too Many HTTPS Requests | 0x45c03600 | 4 | Yes | Reconnaissance | brute-force | SSL: Client HTTPS Request | 0x45c03500 | 0 | Disallowed |
Digium: Digium Asterik Heap Buffer Overflow | 0x45d21600 | 4 | Yes | Reconnaissance | brute-force | Digium: Asterisk Heap Buffer Overflow Skinny Channel Driver Remote Code Execution | 0x45d1ee00 | 5 | Disallowed |
ORACLE: Database Server TNS Listener Poison DoS Attack Detected | 0x46c08200 | 4 | Yes | Reconnaissance | brute-force | ORACLE: Database Server TNS Listener Poison Attack Remote Code Execution | 0x46c08100 | 7 | Disallowed |
MySQL: MariaDB memcmp Function Security Bypass Vulnerability | 0x47101900 | 4 | Yes | Reconnaissance | brute-force | MySQL: Login Failed | 0x47100100 | 3 | Allowed |
BOT: Muieblackcat Activity Detected | 0x43f00e00 | 5 | Yes | Reconnaissance | Multi-Attack Known Bot |
BOT: Muieblackcat Traffic Detected I,
BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected
|
0x48810600, 0x48810700 |
4, 4
|
Disallowed (for both) |
ICMP: Possible Attack To Exploit BlackNurse Vulnerability II | 0x40102c00 | 4 | Yes | Reconnaissance | brute-force | ICMP: Port Unreachable Packet Seen II | 0x40102b00 | 3 | Disallowed |
ICMP: Possible Attack to exploit BlackNurse vulnerability | 0x40102a00 | 4 | Yes | Reconnaissance | brute-force | ICMP: Port Unreachable Packet Seen | 0x40102900 | 3 | Disallowed |
BOT: Cerber Ransomware Activity Detected | 0x48812000 | 6 | Yes | Reconnaissance | host-sweep | BOT: Cerber Ransomware Traffic Detected | 0x48811f00 | 5 | Disallowed |
HTTP: Possible Wordpress brute force login detected | 0x43f01200 | 6 | Yes | Reconnaissance | brute-force | HTTP: WordPress login seen | 0x451d0a00 | 0 | Disallowed |
HTTP: Wordpress User enumeration wpscan | 0x43f01100 | 6 | Yes | Reconnaissance | fingerprinting | HTTP: WordPress user enumeration | 0x451d0800 | 0 | Disallowed |
Affected Products
Languages:
This article is available in the following languages: