Network IDS rules

Home/Network IDS rules

IDS / IPS

52,690 rules · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.

◈

Rules

50 shown of 52,690

et-open attempted-recon

ET POLICY POSSIBLE Crawl using Fetch

sid 2002827 format suricata

et-open pup-activity

ET ADWARE_PUP My Search Spyware Config Download

sid 2002839 format suricata

et-open pup-activity

ET ADWARE_PUP Freeze.com Spyware/Adware (Install)

sid 2002840 format suricata

et-open pup-activity

ET ADWARE_PUP Freeze.com Spyware/Adware (Install Registration)

sid 2002841 format suricata

et-open protocol-command-decode

ET SCAN MYSQL 4.1 brute force root login attempt

sid 2002842 format suricata

et-open policy-violation

ET POLICY Myspace Login Attempt

sid 2002872 format suricata

et-open trojan-activity

ET USER_AGENTS Metafisher/Goldun User-Agent (z)

sid 2002874 format suricata

et-open policy-violation

ET POLICY iTunes User Agent

sid 2002878 format suricata

et-open web-application-attack

ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt

sid 2002879 format suricata T1190 ↗

et-open web-application-attack

ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt

sid 2002901 format suricata T1190 ↗

et-open attempted-recon

ET SCAN Potential VNC Scan 5800-5820

sid 2002910 format suricata

et-open trojan-activity

ET MALWARE Haxdoor Reporting User Activity 2

sid 2002929 format suricata

et-open pup-activity

ET ADWARE_PUP CWS Trafcool.biz Related Installer

sid 2002931 format suricata

et-open attempted-recon

ET POLICY Possible Web Crawl - libwww-perl User Agent

sid 2002935 format suricata

et-open attempted-recon

ET POLICY python.urllib User Agent Web Crawl

sid 2002943 format suricata

et-open misc-activity

ET INFO Java Url Lib User Agent Web Crawl (Inbound)

sid 2002945 format suricata

et-open policy-violation

ET P2P TOR 1.0 Server Key Retrieval

sid 2002950 format suricata

et-open policy-violation

ET P2P TOR 1.0 Status Update

sid 2002951 format suricata

et-open policy-violation

ET P2P TOR 1.0 Inbound Circuit Traffic

sid 2002952 format suricata

et-open policy-violation

ET P2P TOR 1.0 Outbound Circuit Traffic

sid 2002953 format suricata

et-open pup-activity

ET ADWARE_PUP Win32/Tibs Checkin

sid 2002955 format suricata

et-open command-and-control

ET MALWARE Tibs Checkin

sid 2002959 format suricata

et-open pup-activity

ET ADWARE_PUP Elitemediagroup.net Spyware Config Download

sid 2002966 format suricata

et-open pup-activity

ET ADWARE_PUP Dollarrevenue.com Spyware Code Download

sid 2002967 format suricata

et-open trojan-activity

ET MALWARE Banker.Delf Infection - Sending Initial Email to Owner

sid 2002976 format suricata

et-open trojan-activity

ET MALWARE Banload Downloader Infection - Sending initial email to owner

sid 2002977 format suricata

et-open trojan-activity

ET MALWARE SC-KeyLog Keylogger Installed - Sending Initial Email Report

sid 2002979 format suricata

et-open trojan-activity

ET MALWARE Banker.Delf Infection variant 4 - Sending Initial Email to Owner

sid 2002981 format suricata

et-open misc-activity

ET SCAN Rapid POP3 Connections - Possible Brute Force Attack

sid 2002992 format suricata

et-open misc-activity

ET SCAN Rapid POP3S Connections - Possible Brute Force Attack

sid 2002993 format suricata

et-open misc-activity

ET SCAN Rapid IMAP Connections - Possible Brute Force Attack

sid 2002994 format suricata

et-open misc-activity

ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack

sid 2002995 format suricata

et-open policy-violation

ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)

sid 2003047 format suricata

et-open non-standard-protocol

ET HUNTING Suspicious FTP 220 Banner on Local Port (-)

sid 2003055 format suricata

et-open pup-activity

ET ADWARE_PUP 180solutions (Zango) Spyware Local Stats Post

sid 2003060 format suricata

et-open trojan-activity

ET MALWARE Torpig Reporting User Activity (wur8)

sid 2003066 format suricata

et-open attempted-recon

ET SCAN Potential SSH Scan OUTBOUND

sid 2003068 format suricata

et-open successful-recon-limited

ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style)

sid 2003071 format suricata

et-open policy-violation

ET GAMES STEAM Connection (v2)

sid 2003089 format suricata

et-open successful-recon-limited

ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style)

sid 2003149 format suricata

et-open successful-recon-limited

ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style)

sid 2003150 format suricata

et-open misc-activity

ET POLICY Microsoft TEREDO IPv6 tunneling

sid 2003155 format suricata

et-open attempted-recon

ET SCAN IBM NSA User Agent

sid 2003171 format suricata

et-open command-and-control

ET MALWARE Win32.Lager Trojan Initial Checkin

sid 2003187 format suricata

et-open trojan-activity

ET MALWARE Win32.Lager Trojan Reporting

sid 2003188 format suricata

et-open trojan-activity

ET MALWARE Win32.Lager Trojan Reporting (gcu)

sid 2003189 format suricata

et-open attempted-dos

ET VOIP INVITE Message Flood TCP

sid 2003192 format suricata

et-open attempted-dos

ET VOIP REGISTER Message Flood TCP

sid 2003193 format suricata

et-open attempted-dos

ET VOIP Multiple Unauthorized SIP Responses TCP

sid 2003194 format suricata

et-open pup-activity

ET ADWARE_PUP Best-targeted-traffic.com Spyware Checkin

sid 2003209 format suricata

Showing 201-250 of 52,690

Prev 5 Next