-
Notifications
You must be signed in to change notification settings - Fork 0
/
cisco-sdee.rules
2336 lines (2333 loc) · 685 KB
/
cisco-sdee.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Sagan cisco-sdee.rules
# Copyright (c) 2009-2013, Quadrant Information Security <www.quadrantsec.com>
# All rights reserved.
#
# Please submit any custom rules or ideas to [email protected] or the sagan-sigs mailing list
#
#*************************************************************
# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
# following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
# disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
# following disclaimer in the documentation and/or other materials provided with the distribution.
# * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Note: You will need a program to convert Cisco IPS events (from the SDEE protocol) to syslog. At Quadrant,
# we have developed a program called "qdee" ("Q - Dee"). You'll need something similar. "qdee" is _not_
# a open source project at this time.
#
# Sorry.
#
# Contact Champ Clark III for more information ([email protected])
#
# Since these are not "standard" rules, we start the ID's at "6100000".
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPS/IDS License Expiration"; content: "Health Warning"; content: "licenseExpiration"; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/6100000; sid: 6100000; rev:1;)
# Based off http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId={Sigature ID}
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Bad Option List"; content: "SID: 1000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101000; sid: 6101000; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Record Packet Route"; content: "SID: 1001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101001; sid: 6101001; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Timestamp"; content: "SID: 1002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101002; sid: 6101002; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Provide s,c,h,tcc"; content: "SID: 1003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101003; sid: 6101003; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Loose Source Route"; content: "SID: 1004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101004; sid: 6101004; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-SATNET ID"; content: "SID: 1005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101005; sid: 6101005; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Strict Source Route"; content: "SID: 1006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101006; sid: 6101006; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 over IPv4 or IPv6"; content: "SID: 1007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101007; sid: 6101007; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lurk Malware Communication"; content: "SID: 1018 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101018; sid: 6101018; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XShellC601 Malware Communication"; content: "SID: 1019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101019; sid: 6101019; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BB Malware Communication"; content: "SID: 1020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101020; sid: 6101020; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Murcy Malware Communication"; content: "SID: 1021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101021; sid: 6101021; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QDigit Malware Communication"; content: "SID: 1022 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101022; sid: 6101022; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Software Smart Install Denial of Service"; content: "SID: 1027 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101027; sid: 6101027; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BitDefender Internet Security 2009 XSS"; content: "SID: 1028 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101028; sid: 6101028; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iManager Off By One Buffer Overflow"; content: "SID: 1029 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101029; sid: 6101029; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantic IM Manager Administrator Console Code Injection"; content: "SID: 1030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101030; sid: 6101030; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows MPEG Layer-3 Audio Decoder Stack Buffer Overflow"; content: "SID: 1032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101032; sid: 6101032; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Slowloris Exploit"; content: "SID: 1034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101034; sid: 6101034; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] Microsoft DNS server Denial of Service Vulnerability"; content: "SID: 1038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101038; sid: 6101038; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101039; sid: 6101039; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] DNSChanger Malware"; content: "SID: 1040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101040; sid: 6101040; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101044; sid: 6101044; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent HTTP Request Remote Code Execution"; content: "SID: 1051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101051; sid: 6101051; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe PDF Remote Code Execution"; content: "SID: 1052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101052; sid: 6101052; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Cisco WebEx WRF File Buffer Overflow"; content: "SID: 1055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101055; sid: 6101055; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Corehttp Httpd Buffer Overflow"; content: "SID: 1056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101056; sid: 6101056; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101057; sid: 6101057; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Cisco Webex WRF File Buffer Overflow"; content: "SID: 1058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101058; sid: 6101058; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] IIS Hit-Highlighting Authentication Bypass"; content: "SID: 1059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101059; sid: 6101059; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Apache auth_ldap Format String"; content: "SID: 1060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101060; sid: 6101060; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 389 (msg: "[CISCO-SDEE] Windows Active Directory LDAP Remote Code Execution"; content: "SID: 1062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101062; sid: 6101062; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] BIND 8 TSIG Remote Code Execution"; content: "SID: 1063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101063; sid: 6101063; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor Backup Products Tape Engine Service RPC Request Arbitrary Code Execution Vulnerability"; content: "SID: 1067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101067; sid: 6101067; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $PPTP_PORT (msg: "[CISCO-SDEE] Microsoft Windows PPTP Denial of Service"; content: "SID: 1069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101069; sid: 6101069; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] IBM Tivoli Directory Server 6.0 Denial Of Service"; content: "SID: 1076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101076; sid: 6101076; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] PHP File Upload GLOBAL Variable Overwrite"; content: "SID: 1077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101077; sid: 6101077; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix RTSP SETUP Request Denial Of Service"; content: "SID: 1079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101079; sid: 6101079; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Informix Long Username Buffer Overflow"; content: "SID: 1080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101080; sid: 6101080; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101081; sid: 6101081; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101082; sid: 6101082; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Plug and Play Overflow"; content: "SID: 1083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101083; sid: 6101083; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Cisco IOS HTTP Server Vulnerability"; content: "SID: 1085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101085; sid: 6101085; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle OPMN daemon Format String Denial Of Service"; content: "SID: 1086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101086; sid: 6101086; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $FTP_PORT (msg: "[CISCO-SDEE] Oracle XDB FTP Buffer Overflow"; content: "SID: 1088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101088; sid: 6101088; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SAP Message Server Group Parameter Remote Buffer Overflow"; content: "SID: 1089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101089; sid: 6101089; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $NTP_PORT (msg: "[CISCO-SDEE] NTP MODE_PRIVATE Denial of Service"; content: "SID: 1090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101090; sid: 6101090; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSwan and StrongSwan DPD Packet Remote DoS"; content: "SID: 1091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101091; sid: 6101091; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Measuresoft ScadaPro Command Injection"; content: "SID: 1096 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101096; sid: 6101096; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Buffer Overflow"; content: "SID: 1097 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101097; sid: 6101097; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1099 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101099; sid: 6101099; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unknown IP Protocol"; content: "SID: 1101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101101; sid: 6101101; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Impossible IP Packet"; content: "SID: 1102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101102; sid: 6101102; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Localhost Source Spoof"; content: "SID: 1104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101104; sid: 6101104; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101105; sid: 6101105; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsys PROMOTIC ActiveX SaveCfg AddTrend Buffer Overflow"; content: "SID: 1106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101106; sid: 6101106; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RFC 1918 Addresses Seen"; content: "SID: 1107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101107; sid: 6101107; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Packet with Proto 11"; content: "SID: 1108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101108; sid: 6101108; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Interface DoS"; content: "SID: 1109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101109; sid: 6101109; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Arbitrary Files Access and Denial of Service"; content: "SID: 1121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101121; sid: 6101121; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenOffice Remote Code Execution"; content: "SID: 1122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101122; sid: 6101122; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RPC DCOM ISystemActivator Buffer Overflow"; content: "SID: 1124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101124; sid: 6101124; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WellinTech Kingview Buffer Overflow"; content: "SID: 1126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101126; sid: 6101126; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS ISAKMP Vulnerability"; content: "SID: 1127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101127; sid: 6101127; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RRAS Service Overflow"; content: "SID: 1128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101128; sid: 6101128; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Remote Code Execution"; content: "SID: 1129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101129; sid: 6101129; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Malicous Signed Portable Executable File"; content: "SID: 1130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101130; sid: 6101130; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101131; sid: 6101131; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE OnReadyStateChange Remote Code Execution"; content: "SID: 1132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101132; sid: 6101132; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE SelectAll Remote Code Execution"; content: "SID: 1134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101134; sid: 6101134; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Parameter Validation Vulnerability"; content: "SID: 1135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101135; sid: 6101135; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Remote Code Execution"; content: "SID: 1136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101136; sid: 6101136; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Livemesh Application"; content: "SID: 1137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101137; sid: 6101137; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Use After Free"; content: "SID: 1138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101138; sid: 6101138; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Marshalling Code Remote Code Execution Vulnerability"; content: "SID: 1140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101140; sid: 6101140; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Obfuscation Code Fragment"; content: "SID: 1142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101142; sid: 6101142; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectX NULL Byte Overwrite Vulnerability"; content: "SID: 1143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101143; sid: 6101143; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Publisher 2007 Remote Code Execution"; content: "SID: 1144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101144; sid: 6101144; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office PowerPoint Remote Code Execution Vulnerability"; content: "SID: 1152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101152; sid: 6101152; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel 2003 Denial of Service Vulnerability"; content: "SID: 1155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101155; sid: 6101155; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Remote Code Execution"; content: "SID: 1157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101157; sid: 6101157; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability"; content: "SID: 1166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101166; sid: 6101166; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic Alphanumeric Generated Email Address"; content: "SID: 1169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101169; sid: 6101169; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101173; sid: 6101173; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visio Viewer Remote Code Execution"; content: "SID: 1182 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101182; sid: 6101182; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word RTF Heap Overrun"; content: "SID: 1183 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101183; sid: 6101183; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Buffer Overflow"; content: "SID: 1184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101184; sid: 6101184; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Serialization Vulnerability"; content: "SID: 1185 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101185; sid: 6101185; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Memory Corruption"; content: "SID: 1186 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101186; sid: 6101186; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Plus Heap Overflow Vulnerability"; content: "SID: 1187 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101187; sid: 6101187; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Vulnerability"; content: "SID: 1188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101188; sid: 6101188; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel MergeCells Record Heap Overflow"; content: "SID: 1189 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101189; sid: 6101189; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Player newfunction Buffer Overflow"; content: "SID: 1190 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101190; sid: 6101190; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Memory Corruption Vulnerability"; content: "SID: 1191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101191; sid: 6101191; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution"; content: "SID: 1192 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101192; sid: 6101192; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Remote Code Execution"; content: "SID: 1193 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101193; sid: 6101193; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Remote Code Execution Vulnerability"; content: "SID: 1194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101194; sid: 6101194; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft TrueType Font Parsing Vulnerability"; content: "SID: 1195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101195; sid: 6101195; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101196; sid: 6101196; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101197; sid: 6101197; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragmentation Buffer Full"; content: "SID: 1200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101200; sid: 6101200; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overlap"; content: "SID: 1201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101201; sid: 6101201; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overrun - Datagram Too Long"; content: "SID: 1202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101202; sid: 6101202; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overwrite - Data is Overwritten"; content: "SID: 1203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101203; sid: 6101203; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Missing Initial Fragment"; content: "SID: 1204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101204; sid: 6101204; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Datagrams"; content: "SID: 1205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101205; sid: 6101205; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Small"; content: "SID: 1206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101206; sid: 6101206; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Fragments in a Datagram"; content: "SID: 1207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101207; sid: 6101207; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Incomplete Datagram"; content: "SID: 1208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101208; sid: 6101208; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Object Packager Remote Code Execution Vulnerability"; content: "SID: 1210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101210; sid: 6101210; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Spyeye Trojan Toolkit"; content: "SID: 1212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101212; sid: 6101212; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Deflate Encoding Memory Corruption"; content: "SID: 1213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101213; sid: 6101213; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption"; content: "SID: 1218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101218; sid: 6101218; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jolt2 Fragment Reassembly DoS attack"; content: "SID: 1220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101220; sid: 6101220; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server DBMS_CDC_PUBLISH SQL Injection"; content: "SID: 1221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101221; sid: 6101221; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragment Flags Invalid"; content: "SID: 1225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101225; sid: 6101225; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Packet Bad Length"; content: "SID: 1250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101250; sid: 6101250; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flame Malware"; content: "SID: 1256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101256; sid: 6101256; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101258; sid: 6101258; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Internet Explorer 9 Use After Free"; content: "SID: 1261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101261; sid: 6101261; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Unauthorized Digital Certificates"; content: "SID: 1263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101263; sid: 6101263; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Leak"; content: "SID: 1265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101265; sid: 6101265; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101268; sid: 6101268; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Title Element Change Remote Code Execution"; content: "SID: 1270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101270; sid: 6101270; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft insertAdjacentText Remote Code Execution"; content: "SID: 1271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101271; sid: 6101271; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Developer Toolbar Vulnerability"; content: "SID: 1272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101272; sid: 6101272; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 1273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101273; sid: 6101273; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Memory Access Vulnerability"; content: "SID: 1274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101274; sid: 6101274; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Dynamics AX Enterprise Portal Elevation of Privilege"; content: "SID: 1275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101275; sid: 6101275; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution"; content: "SID: 1276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101276; sid: 6101276; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101277; sid: 6101277; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer and Lync HTML Sanitization Cross-Site Scripting"; content: "SID: 1279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101279; sid: 6101279; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Remote Code Execution"; content: "SID: 1281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101281; sid: 6101281; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Heap Overflow"; content: "SID: 1283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101283; sid: 6101283; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101284; sid: 6101284; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Stop Service Code"; content: "SID: 1285 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101285; sid: 6101285; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Reset Service Code"; content: "SID: 1287 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101287; sid: 6101287; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TelePresence Recording Server Media Import Command Injection"; content: "SID: 1288 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101288; sid: 6101288; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix boot code dump"; content: "SID: 1289 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101289; sid: 6101289; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1290 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101290; sid: 6101290; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Firmware Update"; content: "SID: 1291 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101291; sid: 6101291; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1292 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101292; sid: 6101292; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1293 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101293; sid: 6101293; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Groupwise Messenger Server Information Leakage"; content: "SID: 1295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101295; sid: 6101295; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Webex WRF JPEG DHT Chunk Stack Buffer Overflow"; content: "SID: 1296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101296; sid: 6101296; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Enumeration Information Disclosure"; content: "SID: 1298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101298; sid: 6101298; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Segment Overwrite"; content: "SID: 1300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101300; sid: 6101300; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Inactivity Timeout"; content: "SID: 1301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101301; sid: 6101301; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Embryonic Timeout"; content: "SID: 1302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101302; sid: 6101302; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Closing Timeout"; content: "SID: 1303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101303; sid: 6101303; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Packet Queue Overflow"; content: "SID: 1304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101304; sid: 6101304; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP URG flag set"; content: "SID: 1305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101305; sid: 6101305; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Option Other"; content: "SID: 1306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101306; sid: 6101306; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Window Variation"; content: "SID: 1307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101307; sid: 6101307; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TTL evasion"; content: "SID: 1308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101308; sid: 6101308; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Reserved flags set"; content: "SID: 1309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101309; sid: 6101309; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Retransmit Data Different"; content: "SID: 1310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101310; sid: 6101310; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Packet Exceeds MSS"; content: "SID: 1311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101311; sid: 6101311; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS below minimum"; content: "SID: 1312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101312; sid: 6101312; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS exceeds maximum"; content: "SID: 1313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101313; sid: 6101313; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Packet With Data"; content: "SID: 1314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101314; sid: 6101314; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ACK w/o TCP Stream"; content: "SID: 1315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101315; sid: 6101315; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FIN or RST w/o TCP Stream"; content: "SID: 1316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101316; sid: 6101316; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zero Window Probe"; content: "SID: 1317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101317; sid: 6101317; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Reflected List Parameter Vulnerability"; content: "SID: 1326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101326; sid: 6101326; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Microsoft IIS Stack Exhaustion DoS"; content: "SID: 1328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101328; sid: 6101328; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Cached Object Remote Code Execution"; content: "SID: 1329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101329; sid: 6101329; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Drop - Bad Checksum"; content: "SID: 1330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101330; sid: 6101330; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101331; sid: 6101331; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Registered Application Handler Vulnerability"; content: "SID: 1333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101333; sid: 6101333; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows ADO Heap Overflow"; content: "SID: 1334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101334; sid: 6101334; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint Cross Site Scripting Attack"; content: "SID: 1335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101335; sid: 6101335; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Telepresence Command Injection Vulnerability"; content: "SID: 1338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101338; sid: 6101338; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Joomla 1.5.12 TinyBrowser File Upload Code Execution"; content: "SID: 1341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101341; sid: 6101341; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Common Services Framework Help Servlet XSS Vulnerability"; content: "SID: 1343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101343; sid: 6101343; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS BGP Malformed Attribute Denial of Service"; content: "SID: 1346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101346; sid: 6101346; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Skype Call Activity"; content: "SID: 1347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101347; sid: 6101347; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Trojan Iframe.F"; content: "SID: 1349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101349; sid: 6101349; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Viewer Code Execution Vulnerability"; content: "SID: 1350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101350; sid: 6101350; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Web Gateway Remote Command Execution"; content: "SID: 1353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101353; sid: 6101353; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player URL Security Domain Checking Vulnerability"; content: "SID: 1356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101356; sid: 6101356; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Buffer Overflow"; content: "SID: 1358 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101358; sid: 6101358; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Domino Server Controller Authentication Bypass"; content: "SID: 1360 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101360; sid: 6101360; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Read Access Violation Vulnerability"; content: "SID: 1364 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101364; sid: 6101364; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle WebCenter ActiveX Control File Creation Vulnerability"; content: "SID: 1366 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101366; sid: 6101366; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1367 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101367; sid: 6101367; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime JPEG2000 Integer Overflow"; content: "SID: 1369 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101369; sid: 6101369; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FFmpeg 4xm Null Pointer Memory Corruption"; content: "SID: 1370 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101370; sid: 6101370; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Integer Overflow Remote Code Execution"; content: "SID: 1371 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101371; sid: 6101371; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Asynchronous NULL Object Access Remote Code Execution"; content: "SID: 1372 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101372; sid: 6101372; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption Vulnerability"; content: "SID: 1373 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101373; sid: 6101373; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect EarthAgent RPC Buffer Overflow Vulnerability"; content: "SID: 1374 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101374; sid: 6101374; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit Memory Corruption Vulnerability"; content: "SID: 1376 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101376; sid: 6101376; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use After Free Vulnerability"; content: "SID: 1377 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101377; sid: 6101377; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Memory Corruption"; content: "SID: 1378 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101378; sid: 6101378; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1379 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101379; sid: 6101379; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1380 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101380; sid: 6101380; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Networking Vulnerability"; content: "SID: 1381 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101381; sid: 6101381; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Print Spooler Service Format String Vulnerability"; content: "SID: 1382 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101382; sid: 6101382; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Heap Overflow"; content: "SID: 1384 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101384; sid: 6101384; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows IE Layout Memory Corruption"; content: "SID: 1385 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101385; sid: 6101385; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Stack Buffer Overflow Vulnerability"; content: "SID: 1386 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101386; sid: 6101386; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Arbitrary Code Execution"; content: "SID: 1387 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101387; sid: 6101387; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL CMS Structure OriginatorInfo Memory Corruption"; content: "SID: 1388 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101388; sid: 6101388; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Database Archiving Software GIOP Parsing Buffer Overflow"; content: "SID: 1389 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101389; sid: 6101389; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Denial of Service"; content: "SID: 1393 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101393; sid: 6101393; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Linksys PlayerPT ActiveX Control Stack Overflow"; content: "SID: 1394 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101394; sid: 6101394; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 Sequence Parameter Set Parsing Buffer Overflow"; content: "SID: 1395 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101395; sid: 6101395; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Cross Site Scripting (XSS) Vulnerability"; content: "SID: 1396 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101396; sid: 6101396; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Array.reduceRight Integer Overflow Vulnerability"; content: "SID: 1397 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101397; sid: 6101397; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Web Access Cross Site Request Forgery Vulnerability"; content: "SID: 1398 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101398; sid: 6101398; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA Total Defense Suite Information Disclosure Vulnerability"; content: "SID: 1399 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101399; sid: 6101399; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Over IPv6 Encapsulation"; content: "SID: 1400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101400; sid: 6101400; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPIP Encapsulation"; content: "SID: 1401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101401; sid: 6101401; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MPLS Over IPv6 Encapsulation"; content: "SID: 1402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101402; sid: 6101402; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv4 Over IPv6 Encapsulation"; content: "SID: 1403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101403; sid: 6101403; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave PAMI Chunk Remote Code Execution"; content: "SID: 1404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101404; sid: 6101404; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination IP Address"; content: "SID: 1405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101405; sid: 6101405; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Source Port"; content: "SID: 1406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101406; sid: 6101406; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination Port"; content: "SID: 1407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101407; sid: 6101407; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Data Packet"; content: "SID: 1408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101408; sid: 6101408; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Tunnel Detected"; content: "SID: 1409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101409; sid: 6101409; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Over MPLS Tunnel"; content: "SID: 1410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101410; sid: 6101410; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Response Storm"; content: "SID: 1414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101414; sid: 6101414; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Non-DNP3 Communication on a DNP3 Port"; content: "SID: 1415 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101415; sid: 6101415; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Last Received Was A Broadcast Message"; content: "SID: 1417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101417; sid: 6101417; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 7 Applet Remote Code Execution Vulnerability"; content: "SID: 1421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101421; sid: 6101421; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Time Synchronization Required"; content: "SID: 1422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101422; sid: 6101422; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Under Local Control"; content: "SID: 1423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101423; sid: 6101423; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device In Trouble"; content: "SID: 1424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101424; sid: 6101424; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Attempt To Use Unsupported Function Code"; content: "SID: 1425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101425; sid: 6101425; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Request Object Unknown Or Errors In Application Data"; content: "SID: 1426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101426; sid: 6101426; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Parameters Out Of Range"; content: "SID: 1427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101427; sid: 6101427; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Event Buffer Overflow"; content: "SID: 1428 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101428; sid: 6101428; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Already Executing Request"; content: "SID: 1429 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101429; sid: 6101429; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Corrupt Configuration Error"; content: "SID: 1430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101430; sid: 6101430; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Invalid Reserved IIN Flags Set"; content: "SID: 1431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101431; sid: 6101431; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Active Configuration"; content: "SID: 1432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101432; sid: 6101432; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Request"; content: "SID: 1433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101433; sid: 6101433; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Reply"; content: "SID: 1434 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101434; sid: 6101434; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Error"; content: "SID: 1435 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101435; sid: 6101435; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Response Or Authentication Challenge"; content: "SID: 1436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101436; sid: 6101436; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Challenge"; content: "SID: 1437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101437; sid: 6101437; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Response Storm"; content: "SID: 1438 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101438; sid: 6101438; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Restarted"; content: "SID: 1439 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101439; sid: 6101439; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Shamoon Malware Activity"; content: "SID: 1441 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101441; sid: 6101441; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Team Web Access XSS Vulnerability"; content: "SID: 1442 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101442; sid: 6101442; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Configuration Manager Reflected XSS"; content: "SID: 1444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101444; sid: 6101444; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption"; content: "SID: 1445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101445; sid: 6101445; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability"; content: "SID: 1446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101446; sid: 6101446; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ganglia Stack Buffer Overflow Vulnerability"; content: "SID: 1447 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101447; sid: 6101447; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player Player Heap Buffer Overflow Vulnerability"; content: "SID: 1451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101451; sid: 6101451; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption Vulnerability"; content: "SID: 1455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101455; sid: 6101455; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow"; content: "SID: 1459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101459; sid: 6101459; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenLDAP Modrdn Memory Corruption Vulnerability"; content: "SID: 1460 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101460; sid: 6101460; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DATAC Control RealWin SCADA Server Buffer Overflow Vulnerability"; content: "SID: 1461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101461; sid: 6101461; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Universal Server Buffer Overflow"; content: "SID: 1462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101462; sid: 6101462; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DD-WRT Arbitrary Shell Command Execution Vulnerability"; content: "SID: 1464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101464; sid: 6101464; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer execCommand Vulnerability"; content: "SID: 1466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101466; sid: 6101466; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Format String Vulnerability"; content: "SID: 1468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101468; sid: 6101468; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Object Processing Vulnerability"; content: "SID: 1469 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101469; sid: 6101469; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox and SeaMonkey Remote Cross-Site Scripting Vulnerability"; content: "SID: 1470 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101470; sid: 6101470; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability"; content: "SID: 1471 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101471; sid: 6101471; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Embedded OpenType Font Processing Heap Overflow Vulnerability"; content: "SID: 1472 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101472; sid: 6101472; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XDP Encoded PDF File Transfer"; content: "SID: 1474 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101474; sid: 6101474; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webex Player Heap Overflow"; content: "SID: 1475 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101475; sid: 6101475; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA and FWSM DCERPC Inspection DoS"; content: "SID: 1476 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101476; sid: 6101476; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA PIX Denial of Service"; content: "SID: 1478 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101478; sid: 6101478; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1480 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101480; sid: 6101480; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer cloneNode Remote Code Execution"; content: "SID: 1481 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101481; sid: 6101481; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Document Layout Processing Use-After-Free Vulnerability"; content: "SID: 1482 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101482; sid: 6101482; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Event Listener Remote Code Execution"; content: "SID: 1483 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101483; sid: 6101483; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Buffer Overflow"; content: "SID: 1487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101487; sid: 6101487; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CISCO ASA DCERPC Inspection Denial Of Service"; content: "SID: 1492 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101492; sid: 6101492; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Distributed Denial of Service on Financial Institutions"; content: "SID: 1493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101493; sid: 6101493; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Overflow"; content: "SID: 1494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101494; sid: 6101494; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Remote Code Execution"; content: "SID: 1495 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101495; sid: 6101495; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works 9 Remote Code Execution Vulnerability"; content: "SID: 1496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101496; sid: 6101496; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1497 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101497; sid: 6101497; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Report Manager Reflected Cross Site Scripting Vulnerability"; content: "SID: 1498 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101498; sid: 6101498; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word PAPX Section Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101501; sid: 6101501; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Response-Splitting Protection Bypass"; content: "SID: 1503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101503; sid: 6101503; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101504; sid: 6101504; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow"; content: "SID: 1507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101507; sid: 6101507; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ImageMagick ResolutionUnit Tag Invalid Validation Denial of Service Vulnerability"; content: "SID: 1508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101508; sid: 6101508; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office TIFF Image Converter Memory Corruption"; content: "SID: 1511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101511; sid: 6101511; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Easy Printer Care HPTicketMgr.dll ActiveX Remote Code Execution"; content: "SID: 1512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101512; sid: 6101512; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101513; sid: 6101513; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101514; sid: 6101514; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Invalid Function Code Is Used"; content: "SID: 1520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101520; sid: 6101520; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Reserved Function Code Used"; content: "SID: 1524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101524; sid: 6101524; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101528; sid: 6101528; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use-After-Free Code Execution"; content: "SID: 1532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101532; sid: 6101532; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Buffer Overflow"; content: "SID: 1534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101534; sid: 6101534; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exim Mail Transfer Agent Arbitrary Code Execution Vulnerability"; content: "SID: 1535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101535; sid: 6101535; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat PDF Font Processing Memory Corruption"; content: "SID: 1536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101536; sid: 6101536; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In JPEG 2000 Heap Buffer Overflow"; content: "SID: 1537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101537; sid: 6101537; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unified MeetingPlace Web Conferencing Buffer Overflow"; content: "SID: 1538 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101538; sid: 6101538; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Hyperion Strategic Finance Client Heap Buffer Overflow"; content: "SID: 1540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101540; sid: 6101540; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Code Execution"; content: "SID: 1545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101545; sid: 6101545; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] H3C and Huawei SNMP Access Control Vulnerability"; content: "SID: 1546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101546; sid: 6101546; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word 2010 Stack Overflow"; content: "SID: 1547 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101547; sid: 6101547; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Picture Manager Memory Corruption"; content: "SID: 1548 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101548; sid: 6101548; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM xdrDecodeString Heap Buffer Overflow"; content: "SID: 1550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101550; sid: 6101550; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox SVGTextElement.getCharNumAtPositio Use-After-Free"; content: "SID: 1555 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101555; sid: 6101555; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Intelligent Management Center Multiple Remote Code Execution"; content: "SID: 1556 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101556; sid: 6101556; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Notes URL Handler Vulnerability"; content: "SID: 1563 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101563; sid: 6101563; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Domain Bypass"; content: "SID: 1564 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101564; sid: 6101564; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell ZENworks Asset Management Web Console Information Disclosure"; content: "SID: 1565 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101565; sid: 6101565; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vista Speech Recognition ActiveX Vulnerabilities"; content: "SID: 1566 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101566; sid: 6101566; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP StorageWorks P4000 Virtual SAN Appliance Command Execution Vulnerability"; content: "SID: 1569 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101569; sid: 6101569; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple iCloud Traffic"; content: "SID: 1570 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101570; sid: 6101570; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell File Reporter Buffer Overflow"; content: "SID: 1571 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101571; sid: 6101571; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Operations Agent for NonStop Server HEALTH Packet Parsing Stack Buffer"; content: "SID: 1572 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101572; sid: 6101572; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Shockwave ActiveX SwDir.dll Stack Buffer Overflow"; content: "SID: 1573 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101573; sid: 6101573; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare ActiveX Remote Code Execution"; content: "SID: 1574 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101574; sid: 6101574; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iPrint Client ActiveX Remote Code Execution"; content: "SID: 1575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101575; sid: 6101575; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP Channel Driver Denial of Service"; content: "SID: 1577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101577; sid: 6101577; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTPD32 Format String Vulnerability"; content: "SID: 1578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101578; sid: 6101578; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP INVITE Denial of Service"; content: "SID: 1579 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101579; sid: 6101579; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Player Director Record Parsing Remote Code Execution"; content: "SID: 1580 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101580; sid: 6101580; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1584 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101584; sid: 6101584; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1585 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101585; sid: 6101585; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VLC Media Player Code Execution"; content: "SID: 1586 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101586; sid: 6101586; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows File Enumeration Memory Corruption Vulnerability"; content: "SID: 1587 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101587; sid: 6101587; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Stack Overflow Code Execution"; content: "SID: 1588 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101588; sid: 6101588; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Invalid Length Use After Free"; content: "SID: 1589 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101589; sid: 6101589; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1591 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101591; sid: 6101591; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1593 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101593; sid: 6101593; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk Skinny Channel Driver Capabilities_Res_Message Denial of Service"; content: "SID: 1595 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101595; sid: 6101595; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CFormElement Use After Free Vulnerability"; content: "SID: 1596 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101596; sid: 6101596; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Web Proxy Auto-Discovery Arbitrary Code Execution"; content: "SID: 1597 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101597; sid: 6101597; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Business Intelligence Enterprise Edition Cross Site Scripting"; content: "SID: 1598 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101598; sid: 6101598; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 zero length option"; content: "SID: 1600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101600; sid: 6101600; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 1 violation"; content: "SID: 1601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101601; sid: 6101601; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 2 violation"; content: "SID: 1602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101602; sid: 6101602; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 3 violation"; content: "SID: 1603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101603; sid: 6101603; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 4 violation"; content: "SID: 1604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101604; sid: 6101604; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 5 violation"; content: "SID: 1605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101605; sid: 6101605; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 short option data"; content: "SID: 1606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101606; sid: 6101606; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 multi-crafted fragments"; content: "SID: 1607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101607; sid: 6101607; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CTreePos Element Use After Free Vulnerability"; content: "SID: 1608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101608; sid: 6101608; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Code Access Information Disclosure"; content: "SID: 1609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101609; sid: 6101609; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Request"; content: "SID: 1610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101610; sid: 6101610; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Reply"; content: "SID: 1611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101611; sid: 6101611; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Destination Unreachable"; content: "SID: 1612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101612; sid: 6101612; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big Message"; content: "SID: 1613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101613; sid: 6101613; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Time Exceeded Message"; content: "SID: 1614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101614; sid: 6101614; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Parameter Problem Message"; content: "SID: 1615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101615; sid: 6101615; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Query"; content: "SID: 1616 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101616; sid: 6101616; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Report"; content: "SID: 1617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101617; sid: 6101617; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Reduction"; content: "SID: 1618 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101618; sid: 6101618; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Solicitation"; content: "SID: 1619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101619; sid: 6101619; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Advertisement"; content: "SID: 1620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101620; sid: 6101620; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Solicitation"; content: "SID: 1621 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101621; sid: 6101621; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Advertisement"; content: "SID: 1622 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101622; sid: 6101622; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Redirect"; content: "SID: 1623 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101623; sid: 6101623; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Renumbering"; content: "SID: 1624 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101624; sid: 6101624; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Report V2"; content: "SID: 1625 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101625; sid: 6101625; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMPV6 Traffic"; content: "SID: 1626 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101626; sid: 6101626; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMPv6 Traffic"; content: "SID: 1627 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101627; sid: 6101627; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Traffic over IPv4"; content: "SID: 1628 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101628; sid: 6101628; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Traffic over IPv6"; content: "SID: 1629 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101629; sid: 6101629; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big"; content: "SID: 1630 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101630; sid: 6101630; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Reflection Bypass Vulnerability"; content: "SID: 1631 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101631; sid: 6101631; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Unix CUPS HTTP GET Denial Of Service"; content: "SID: 1632 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101632; sid: 6101632; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bootpd 2.4.3 Buffer Overflow"; content: "SID: 1635 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101635; sid: 6101635; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox 1.0.7 InstallTrigger.Install Remote Code Execution"; content: "SID: 1636 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101636; sid: 6101636; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Javascript Engine Overflow"; content: "SID: 1637 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101637; sid: 6101637; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox CSS Layout Memory Corruption"; content: "SID: 1638 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101638; sid: 6101638; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1641 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101641; sid: 6101641; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Kernel-Mode Driver Remote Code Execution"; content: "SID: 1642 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101642; sid: 6101642; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari Out of Bounds Access Denial of Service"; content: "SID: 1643 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101643; sid: 6101643; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Java Applet Payload Creation"; content: "SID: 1646 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101646; sid: 6101646; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent RRULE Weekday Parsing Buffer Overflow"; content: "SID: 1653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101653; sid: 6101653; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PNG Embedded File Type"; content: "SID: 1654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101654; sid: 6101654; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player ActionScript callMethod Code Execution"; content: "SID: 1664 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101664; sid: 6101664; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Secure Backup Server Command Execution Vulnerability"; content: "SID: 1671 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101671; sid: 6101671; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Open Type Font Parsing Vulnerability"; content: "SID: 1681 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101681; sid: 6101681; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE Improper Ref Counting Use After Free Vulnerability"; content: "SID: 1683 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101683; sid: 6101683; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GXV-3000 SIP Phone Eavesdropping Exploit"; content: "SID: 1693 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101693; sid: 6101693; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xitami Web Server Buffer Overflow"; content: "SID: 1694 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101694; sid: 6101694; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Root Access"; content: "SID: 1695 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101695; sid: 6101695; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Guest Access"; content: "SID: 1696 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101696; sid: 6101696; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Nobody Access"; content: "SID: 1697 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101697; sid: 6101697; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Hop-by-Hop Options Present"; content: "SID: 1700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101700; sid: 6101700; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Present"; content: "SID: 1702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101702; sid: 6101702; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragmented Traffic"; content: "SID: 1703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101703; sid: 6101703; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Authentication Header Present"; content: "SID: 1704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101704; sid: 6101704; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 ESP Header Present"; content: "SID: 1705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101705; sid: 6101705; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Traffic Class Field"; content: "SID: 1706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101706; sid: 6101706; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Flow Label Field"; content: "SID: 1707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101707; sid: 6101707; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains An Invalid Address"; content: "SID: 1708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101708; sid: 6101708; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word RTF Document Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101709; sid: 6101709; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Extensions Headers Out Of Order"; content: "SID: 1710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101710; sid: 6101710; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Duplicate IPv6 Extension Headers"; content: "SID: 1711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101711; sid: 6101711; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Duplicate Src And Dst Address"; content: "SID: 1712 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101712; sid: 6101712; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains Multicast Source Address"; content: "SID: 1713 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101713; sid: 6101713; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Address Set To localhost"; content: "SID: 1714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101714; sid: 6101714; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Options Padding Too Long"; content: "SID: 1716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101716; sid: 6101716; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back To Back Padding Options"; content: "SID: 1717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101717; sid: 6101717; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Option Data Too Short"; content: "SID: 1718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101718; sid: 6101718; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101719; sid: 6101719; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Jumbo Payload Option Set"; content: "SID: 1720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101720; sid: 6101720; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101721; sid: 6101721; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101722; sid: 6101722; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Unassigned Options"; content: "SID: 1723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101723; sid: 6101723; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1724 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101724; sid: 6101724; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1725 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101725; sid: 6101725; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Invalid Option Set"; content: "SID: 1726 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101726; sid: 6101726; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101727; sid: 6101727; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type 0"; content: "SID: 1728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101728; sid: 6101728; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Failure Log XSS"; content: "SID: 1729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101729; sid: 6101729; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 1 Routing Header"; content: "SID: 1730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101730; sid: 6101730; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 2 Routing Header"; content: "SID: 1731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101731; sid: 6101731; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type Unknown Type"; content: "SID: 1732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101732; sid: 6101732; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Routing Header Length"; content: "SID: 1733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101733; sid: 6101733; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Incomplete"; content: "SID: 1734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101734; sid: 6101734; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains Invalid IP Address"; content: "SID: 1735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101735; sid: 6101735; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains A Loop"; content: "SID: 1736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101736; sid: 6101736; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Reserved Bits Set"; content: "SID: 1737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101737; sid: 6101737; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Unnecessary Fragment Header"; content: "SID: 1738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101738; sid: 6101738; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Illegal Fragmentation"; content: "SID: 1739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101739; sid: 6101739; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Small IPv6 Fragments"; content: "SID: 1740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101740; sid: 6101740; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragment Header Reserved Bits Set"; content: "SID: 1741 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101741; sid: 6101741; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 No Next Header Option Present"; content: "SID: 1742 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101742; sid: 6101742; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP phpinfo() Cross-Site Scripting Vulnerability"; content: "SID: 1743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101743; sid: 6101743; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Database Privilege Escalation"; content: "SID: 1747 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101747; sid: 6101747; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Peercast Basic Authentication Overflow"; content: "SID: 1749 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101749; sid: 6101749; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] PHP zip URL Wrapper Buffer Overflow (HTTP)"; content: "SID: 1755 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101755; sid: 6101755; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Axigen POP3 Server Remote Format String Attack"; content: "SID: 1756 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101756; sid: 6101756; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] VLC HTTPD Format String Bug"; content: "SID: 1758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101758; sid: 6101758; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Solaris RWall Daemon Syslog Format String Vulnerability"; content: "SID: 1760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101760; sid: 6101760; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Post File Upload Buffer Overflow"; content: "SID: 1761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101761; sid: 6101761; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Value Scan"; content: "SID: 1762 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101762; sid: 6101762; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Synergy Clipboard Integer Overflow"; content: "SID: 1773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101773; sid: 6101773; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Web Admin Server Command Injection"; content: "SID: 1774 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101774; sid: 6101774; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netware Client Service Buffer Overflow"; content: "SID: 1775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101775; sid: 6101775; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Information Leaking Vulnerability"; content: "SID: 1777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101777; sid: 6101777; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Cross Site Scripting Vulnerability"; content: "SID: 1778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101778; sid: 6101778; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Server Memory Corruption Vulnerability"; content: "SID: 1780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101780; sid: 6101780; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nimda Worm TFTP Request"; content: "SID: 1781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101781; sid: 6101781; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Total Defense Suite UNCWS SQL Injection"; content: "SID: 1786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101786; sid: 6101786; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Remote Compiler Option Loading"; content: "SID: 1787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101787; sid: 6101787; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tom Sawyer GET Extension Factory ActiveX Remote Code Execution"; content: "SID: 1789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101789; sid: 6101789; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Operations Manager Privilege Escalation"; content: "SID: 1790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101790; sid: 6101790; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HeapLib Instantiation"; content: "SID: 1791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101791; sid: 6101791; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CButton User After Free"; content: "SID: 1792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101792; sid: 6101792; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework OData Services Denial of Service"; content: "SID: 1793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101793; sid: 6101793; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Vulnerability"; content: "SID: 1794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101794; sid: 6101794; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Streamprocess Buffer Overflow"; content: "SID: 1799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101799; sid: 6101799; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks RealPlayer URL Parsing Stack Buffer Overflow"; content: "SID: 1801 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101801; sid: 6101801; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby on Rails Remote Code Execution Vulnerability"; content: "SID: 1802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101802; sid: 6101802; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange iCal DoS"; content: "SID: 1803 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101803; sid: 6101803; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 1.7 Update 10 Remote Code Execution"; content: "SID: 1804 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101804; sid: 6101804; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA 1000v Cloud Firewall H.323 Inspection Denial of Service"; content: "SID: 1807 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101807; sid: 6101807; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Applet Rhino Script Engine Policy Bypass"; content: "SID: 1813 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101813; sid: 6101813; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate NULL Byte Name Insertion"; content: "SID: 1814 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101814; sid: 6101814; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate Integer Overflow"; content: "SID: 1815 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101815; sid: 6101815; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS IPSLA DoS"; content: "SID: 1819 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101819; sid: 6101819; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quest Software Big Brother Arbitrary File Deletion and Overwriting"; content: "SID: 1820 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101820; sid: 6101820; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Gopher Parsing Overflow"; content: "SID: 1822 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101822; sid: 6101822; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUPS GIF Parsing Heap Overflow"; content: "SID: 1823 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101823; sid: 6101823; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET XML Signature Syntax and Processing Vulnerability"; content: "SID: 1831 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101831; sid: 6101831; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix XenApp And XenDesktop XML Buffer Overflow"; content: "SID: 1833 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101833; sid: 6101833; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Sunway ForceControl SNMP NetDBServer Buffer Overflow"; content: "SID: 1835 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101835; sid: 6101835; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP JetDirect PJL Interface Universal Path Traversal"; content: "SID: 1836 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101836; sid: 6101836; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML5 Heap Spray"; content: "SID: 1837 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101837; sid: 6101837; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wibu-Systems WibuKey Runtime for Windows ActiveX Control Buffer Overflow"; content: "SID: 1838 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101838; sid: 6101838; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory LDAP Null Search Parameter Overflow"; content: "SID: 1850 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101850; sid: 6101850; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Portable SDK for UPnP Devices Buffer Overflow Vulnerabilities"; content: "SID: 1851 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101851; sid: 6101851; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby On Rails Remote Code Execution"; content: "SID: 1853 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101853; sid: 6101853; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM Remote Code Execution"; content: "SID: 1855 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101855; sid: 6101855; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1857 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101857; sid: 6101857; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OmniInet.exe Buffer Overflow Vulnerability"; content: "SID: 1858 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101858; sid: 6101858; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1862 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101862; sid: 6101862; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability"; content: "SID: 1863 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101863; sid: 6101863; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1864 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101864; sid: 6101864; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent Buffer Overflow Vulnerability"; content: "SID: 1865 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101865; sid: 6101865; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox DOM Insertions Memory Corruption"; content: "SID: 1866 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101866; sid: 6101866; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1867 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101867; sid: 6101867; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vector Markup Language Remote Code Execution"; content: "SID: 1868 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101868; sid: 6101868; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ATA 187 Remote Access Vulnerability"; content: "SID: 1873 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101873; sid: 6101873; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VoipNow Professional Nsextt Parameter XSS Vulnerability"; content: "SID: 1874 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101874; sid: 6101874; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebERP Local File Include Vulnerability"; content: "SID: 1877 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101877; sid: 6101877; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Web Console Format String Vulnerability"; content: "SID: 1878 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101878; sid: 6101878; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Elefant CMS ID Parameter Cross Site Scripting Vulnerability"; content: "SID: 1880 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101880; sid: 6101880; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DSL-2640B Redpass.Cgi Cross Site Request Forgery Vulnerability"; content: "SID: 1881 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101881; sid: 6101881; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Cross Site Scripting Vulnerability"; content: "SID: 1882 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101882; sid: 6101882; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Logo.Link Parameter Cross Site Scripting Vulnerability"; content: "SID: 1883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101883; sid: 6101883; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Count Per Day Plugin Datemin Parameter XSS Vulnerability"; content: "SID: 1885 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101885; sid: 6101885; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Wp-ImageZoom File Parameter Remote File Disclosure Vulnerability"; content: "SID: 1886 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101886; sid: 6101886; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InduSoft Web Studio Unauthenticated Insecure Remote Operations"; content: "SID: 1892 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101892; sid: 6101892; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bitweaver Highlight Parameter Cross Site Scripting Vulnerability"; content: "SID: 1894 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101894; sid: 6101894; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1895 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101895; sid: 6101895; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XAMPP Cds.Php Cross Site Scripting Vulnerability"; content: "SID: 1896 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101896; sid: 6101896; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nagios XI VisApi.Php Div Parameter XSS Vulnerability"; content: "SID: 1898 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101898; sid: 6101898; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MGB Guestbook Index.Php Cross Site Scripting Vulnerability"; content: "SID: 1899 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101899; sid: 6101899; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Church_Admin Id Parameter XSS Vulnerability"; content: "SID: 1900 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101900; sid: 6101900; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Playerready Cross Site Scripting Vulnerability"; content: "SID: 1904 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101904; sid: 6101904; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sophos E-Mail Security Virtual Appliance Remote Code Execution Vulnerability"; content: "SID: 1908 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101908; sid: 6101908; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KindEditor Name Parameter Cross Site Scripting Vulnerability"; content: "SID: 1909 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101909; sid: 6101909; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability"; content: "SID: 1911 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101911; sid: 6101911; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zenoss ViewDaemonLog Daemon Arbitrary Log File Access Vulnerability"; content: "SID: 1914 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101914; sid: 6101914; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Application Lifecycle Management XGO.ocx Remote Code Execution"; content: "SID: 1920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101920; sid: 6101920; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ManageEngine Support Center Plus Cross Site Scripting Vulnerability"; content: "SID: 1922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101922; sid: 6101922; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SilverStripe BackURL Parameter URI Redirection Vulnerability"; content: "SID: 1924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101924; sid: 6101924; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symphony CMS BluePRINTs URI SQL Injection"; content: "SID: 1925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101925; sid: 6101925; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress ABC Test Plugin Id Parameter XSS Vulnerability"; content: "SID: 1926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101926; sid: 6101926; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Crayon Syntax Highlighter Wp_load Remote File Include"; content: "SID: 1927 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101927; sid: 6101927; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lattice Semiconductor Diamond Programmer Buffer Overflow"; content: "SID: 1928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101928; sid: 6101928; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mcrypt Check File Head Stack Based Buffer Overflow"; content: "SID: 1929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101929; sid: 6101929; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Cross Site Request Forgery Vulnerability"; content: "SID: 1930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101930; sid: 6101930; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Newsletter Preview.php File Disclosure Vulnerability"; content: "SID: 1931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101931; sid: 6101931; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DocXP Fid Parameter Directory Traversal Vulnerability"; content: "SID: 1933 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101933; sid: 6101933; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101937; sid: 6101937; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101938; sid: 6101938; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101939; sid: 6101939; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explore Remote Code Execution"; content: "SID: 1940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101940; sid: 6101940; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1941 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101941; sid: 6101941; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Site Scripting"; content: "SID: 1942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101942; sid: 6101942; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow"; content: "SID: 1944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101944; sid: 6101944; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro Control Manager Cross Site Request Forgery"; content: "SID: 1945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101945; sid: 6101945; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit SVG Memory Corruption"; content: "SID: 1946 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101946; sid: 6101946; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Buffer Overflow Vulnerability"; content: "SID: 1947 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101947; sid: 6101947; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Cloned DOM Object Code Execution"; content: "SID: 1949 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101949; sid: 6101949; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Remote Code Execution"; content: "SID: 1950 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101950; sid: 6101950; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache DoS"; content: "SID: 1958 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101958; sid: 6101958; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit innerHTML Double Free Memory Corruption"; content: "SID: 1959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101959; sid: 6101959; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Service Failed Response Vulnerability"; content: "SID: 1969 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101969; sid: 6101969; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hewlett-Packard OpenView Network Node Manager Remote Code Execution"; content: "SID: 1972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101972; sid: 6101972; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101973; sid: 6101973; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Novell GroupWise HTTP Interfaces Arbitrary File Retrieval"; content: "SID: 1974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101974; sid: 6101974; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] APT1 SSL Certificate"; content: "SID: 1975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101975; sid: 6101975; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Zone-based Firewall SIP Denial of Service"; content: "SID: 1976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101976; sid: 6101976; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Memory Corruption"; content: "SID: 1977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101977; sid: 6101977; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 1978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101978; sid: 6101978; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Viewer VSD File Type Confusion"; content: "SID: 1981 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101981; sid: 6101981; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101984; sid: 6101984; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1990 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101990; sid: 6101990; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1993 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101993; sid: 6101993; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft WKSSVC NetpManageIPCConnect Remote Code Execution"; content: "SID: 1997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101997; sid: 6101997; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101998; sid: 6101998; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Reply"; content: "SID: 2000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102000; sid: 6102000; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Host Unreachable"; content: "SID: 2001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102001; sid: 6102001; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Source Quench"; content: "SID: 2002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102002; sid: 6102002; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Redirect"; content: "SID: 2003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102003; sid: 6102003; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Request"; content: "SID: 2004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102004; sid: 6102004; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Time Exceeded for a Datagram"; content: "SID: 2005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102005; sid: 6102005; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Parameter Problem on Datagram"; content: "SID: 2006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102006; sid: 6102006; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Request"; content: "SID: 2007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102007; sid: 6102007; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Reply"; content: "SID: 2008 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102008; sid: 6102008; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Request"; content: "SID: 2009 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102009; sid: 6102009; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Reply"; content: "SID: 2010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102010; sid: 6102010; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Address Mask Reply"; content: "SID: 2012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102012; sid: 6102012; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] 7T IGSS Buffer Overflow"; content: "SID: 2019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102019; sid: 6102019; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability"; content: "SID: 2021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102021; sid: 6102021; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Schneider Electric Accutech Manager HTTP Request Processing Buffer Overflow"; content: "SID: 2023 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102023; sid: 6102023; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 2024 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102024; sid: 6102024; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CCaret Use-After-Free Vulnerability"; content: "SID: 2030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102030; sid: 6102030; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft OneNote Information Disclosure"; content: "SID: 2034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102034; sid: 6102034; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Elevation of Privilege"; content: "SID: 2036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102036; sid: 6102036; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 2038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102038; sid: 6102038; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 2039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102039; sid: 6102039; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep With Echo"; content: "SID: 2100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102100; sid: 6102100; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Timestamp"; content: "SID: 2101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102101; sid: 6102101; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Address Mask"; content: "SID: 2102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102102; sid: 6102102; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMP Traffic"; content: "SID: 2150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102150; sid: 6102150; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMP Traffic"; content: "SID: 2151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102151; sid: 6102151; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Flood"; content: "SID: 2152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102152; sid: 6102152; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Smurf Attack"; content: "SID: 2153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102153; sid: 6102153; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ping of Death Attack"; content: "SID: 2154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102154; sid: 6102154; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modem DoS"; content: "SID: 2155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102155; sid: 6102155; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102156; sid: 6102156; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Hard Error DoS"; content: "SID: 2157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102157; sid: 6102157; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102158; sid: 6102158; rev: 3;)
alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Destination Unreachable Protocol Unreachable"; content: "SID: 2159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102159; sid: 6102159; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IGMP Header DoS"; content: "SID: 2200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102200; sid: 6102200; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP over fragmented IP"; content: "SID: 2201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102201; sid: 6102201; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP Invalid Packet DoS"; content: "SID: 2202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102202; sid: 6102202; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Port Sweep"; content: "SID: 3001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103001; sid: 6103001; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Port Sweep"; content: "SID: 3002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103002; sid: 6103002; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN Port Sweep"; content: "SID: 3003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103003; sid: 6103003; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Port Sweep"; content: "SID: 3005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103005; sid: 6103005; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN Port Sweep"; content: "SID: 3006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103006; sid: 6103006; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP High Port Sweep"; content: "SID: 3010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103010; sid: 6103010; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN High Port Sweep"; content: "SID: 3011 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103011; sid: 6103011; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN High Port Sweep"; content: "SID: 3012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103012; sid: 6103012; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Null Port Sweep"; content: "SID: 3015 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103015; sid: 6103015; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag Null Port Sweep"; content: "SID: 3016 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103016; sid: 6103016; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Port Sweep"; content: "SID: 3020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103020; sid: 6103020; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN FIN Port Sweep"; content: "SID: 3021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103021; sid: 6103021; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Host Sweep"; content: "SID: 3030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103030; sid: 6103030; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN Host Sweep"; content: "SID: 3031 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103031; sid: 6103031; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Host Sweep"; content: "SID: 3032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103032; sid: 6103032; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG FIN Host Sweep"; content: "SID: 3033 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103033; sid: 6103033; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Host Sweep"; content: "SID: 3034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103034; sid: 6103034; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG NULL Host Sweep"; content: "SID: 3035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103035; sid: 6103035; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Host Sweep"; content: "SID: 3036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103036; sid: 6103036; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN FIN Host Sweep"; content: "SID: 3037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103037; sid: 6103037; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented NULL TCP Packet"; content: "SID: 3038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103038; sid: 6103038; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented Orphaned FIN packet"; content: "SID: 3039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103039; sid: 6103039; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Packet"; content: "SID: 3040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103040; sid: 6103040; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN/FIN Packet"; content: "SID: 3041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103041; sid: 6103041; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Orphaned Fin Packet"; content: "SID: 3042 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103042; sid: 6103042; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented SYN/FIN Packet"; content: "SID: 3043 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103043; sid: 6103043; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Queso Sweep"; content: "SID: 3045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103045; sid: 6103045; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NMAP OS Fingerprint"; content: "SID: 3046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103046; sid: 6103046; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Half-open SYN Attack"; content: "SID: 3050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103050; sid: 6103050; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Connection Window Size RST DoS"; content: "SID: 3051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103051; sid: 6103051; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPNP Service Host Sweep"; content: "SID: 3052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103052; sid: 6103052; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP RCPT TO: Bounce"; content: "SID: 3100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103100; sid: 6103100; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Recipient"; content: "SID: 3101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103101; sid: 6103101; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Sender"; content: "SID: 3102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103102; sid: 6103102; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Reconnaissance"; content: "SID: 3103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103103; sid: 6103103; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Archaic Sendmail Attacks"; content: "SID: 3104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103104; sid: 6103104; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Decode Alias"; content: "SID: 3105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103105; sid: 6103105; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mail Spam"; content: "SID: 3106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103106; sid: 6103106; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Majordomo Execute Attack"; content: "SID: 3107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103107; sid: 6103107; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP MIME Content Overflow"; content: "SID: 3108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103108; sid: 6103108; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long SMTP Command"; content: "SID: 3109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103109; sid: 6103109; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Suspicious Mail Attachment"; content: "SID: 3110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103110; sid: 6103110; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] W32 Sircam Malicious Code"; content: "SID: 3111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103111; sid: 6103111; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino Mail Loop DoS"; content: "SID: 3112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103112; sid: 6103112; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Email Attachment with Malicious Payload"; content: "SID: 3113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103113; sid: 6103113; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FetchMail Arbitrary Code Execution"; content: "SID: 3114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103114; sid: 6103114; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Data Header Overflow"; content: "SID: 3115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103115; sid: 6103115; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbus"; content: "SID: 3116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103116; sid: 6103116; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KLEZ Worm"; content: "SID: 3117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103117; sid: 6103117; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rwhoisd format string"; content: "SID: 3118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103118; sid: 6103118; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP STAT Overflow"; content: "SID: 3119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103119; sid: 6103119; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ANTS Virus"; content: "SID: 3120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103120; sid: 6103120; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vintra MailServer EXPN DoS"; content: "SID: 3121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103121; sid: 6103121; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP EXPN root Recon"; content: "SID: 3122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103122; sid: 6103122; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBus Pro Traffic"; content: "SID: 3123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103123; sid: 6103123; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail prescan Memory Corruption"; content: "SID: 3124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103124; sid: 6103124; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix 1.1.12 envelope address DoS"; content: "SID: 3125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103125; sid: 6103125; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix bounce scan"; content: "SID: 3126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103126; sid: 6103126; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP AUTH Brute Force Attempt"; content: "SID: 3127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103127; sid: 6103127; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange xexch50 overflow"; content: "SID: 3128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103128; sid: 6103128; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus C Variant File Attachment"; content: "SID: 3129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103129; sid: 6103129; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus I Variant File Attachment"; content: "SID: 3130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103130; sid: 6103130; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus L Variant File Attachment"; content: "SID: 3131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103131; sid: 6103131; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment"; content: "SID: 3132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103132; sid: 6103132; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment Variant B"; content: "SID: 3133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103133; sid: 6103133; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoomJuice Worm network probe"; content: "SID: 3134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103134; sid: 6103134; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MyDoom Virus Activity"; content: "SID: 3135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103135; sid: 6103135; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netsky Virus Activity"; content: "SID: 3136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103136; sid: 6103136; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sober Virus Activity"; content: "SID: 3137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103137; sid: 6103137; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.C Virus Email Attachment"; content: "SID: 3138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103138; sid: 6103138; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.E Virus Email Attachment"; content: "SID: 3139 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103139; sid: 6103139; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle Virus Activity"; content: "SID: 3140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103140; sid: 6103140; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lovgate Worm Activity"; content: "SID: 3141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103141; sid: 6103141; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sasser Worm Activity"; content: "SID: 3142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103142; sid: 6103142; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BERBEW Trojan Activity"; content: "SID: 3143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103143; sid: 6103143; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ratos Worm Activity"; content: "SID: 3144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103144; sid: 6103144; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZAFI Worm Activity"; content: "SID: 3145 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103145; sid: 6103145; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bropia Worm Activity"; content: "SID: 3146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103146; sid: 6103146; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Remote Command Execution"; content: "SID: 3150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103150; sid: 6103150; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SYST Command Attempt"; content: "SID: 3151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103151; sid: 6103151; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP CWD ~root"; content: "SID: 3152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103152; sid: 6103152; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Address Specified"; content: "SID: 3153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103153; sid: 6103153; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Port Specified"; content: "SID: 3154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103154; sid: 6103154; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP RETR Pipe Filename Command Execution"; content: "SID: 3155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103155; sid: 6103155; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP STOR Pipe Filename Command Execution"; content: "SID: 3156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103156; sid: 6103156; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASV Port Spoof"; content: "SID: 3157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103157; sid: 6103157; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Format String"; content: "SID: 3158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103158; sid: 6103158; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASS Suspicious Length"; content: "SID: 3159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103159; sid: 6103159; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cesar FTP Buffer Overflow"; content: "SID: 3160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103160; sid: 6103160; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP realpath Buffer Overflow"; content: "SID: 3161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103161; sid: 6103161; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] glFtpD LIST DoS"; content: "SID: 3162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103162; sid: 6103162; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WU-FTPD Heap Corruption"; content: "SID: 3163 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103163; sid: 6103163; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Instant Server Mini Portal Directory Traversal"; content: "SID: 3164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103164; sid: 6103164; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC"; content: "SID: 3165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103165; sid: 6103165; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP USER Suspicious Length"; content: "SID: 3166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103166; sid: 6103166; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Format String in FTP username"; content: "SID: 3167 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103167; sid: 6103167; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Directory Traversal"; content: "SID: 3168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103168; sid: 6103168; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC tar"; content: "SID: 3169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103169; sid: 6103169; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP SITE CPWD Buffer Overflow"; content: "SID: 3170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103170; sid: 6103170; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Priviledged Login"; content: "SID: 3171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103171; sid: 6103171; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ftp Cwd Overflow"; content: "SID: 3172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103172; sid: 6103172; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long FTP Command"; content: "SID: 3173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103173; sid: 6103173; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ProFTPD STAT DoS"; content: "SID: 3175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103175; sid: 6103175; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long MDTM Command"; content: "SID: 3177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103177; sid: 6103177; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Denial Of Service in Microsoft SMS Client"; content: "SID: 3178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103178; sid: 6103178; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ftpdchk DOS"; content: "SID: 3179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103179; sid: 6103179; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BakBone NetVault Remote Heap Overflow"; content: "SID: 3180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103180; sid: 6103180; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] dSMTP Mail Server Format String Overflow"; content: "SID: 3181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103181; sid: 6103181; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Phf Attack"; content: "SID: 3200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103200; sid: 6103200; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .url File Requested"; content: "SID: 3202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103202; sid: 6103202; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .lnk File Requested"; content: "SID: 3203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103203; sid: 6103203; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .bat File Requested"; content: "SID: 3204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103204; sid: 6103204; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .url Link"; content: "SID: 3205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103205; sid: 6103205; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .lnk Link"; content: "SID: 3206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103206; sid: 6103206; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .bat Link"; content: "SID: 3207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103207; sid: 6103207; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Campas Attack"; content: "SID: 3208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103208; sid: 6103208; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Glimpse Server Attack"; content: "SID: 3209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103209; sid: 6103209; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS View Source Attack"; content: "SID: 3210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103210; sid: 6103210; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Hex View Source Attack"; content: "SID: 3211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103211; sid: 6103211; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW NPH-TEST-CGI Attack"; content: "SID: 3212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103212; sid: 6103212; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW TEST-CGI Attack"; content: "SID: 3213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103213; sid: 6103213; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT VIEW Attack"; content: "SID: 3214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103214; sid: 6103214; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT EXECUTE Attack"; content: "SID: 3215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103215; sid: 6103215; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Directory Traversal ../.."; content: "SID: 3216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103216; sid: 6103216; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW php View File Attack"; content: "SID: 3217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103217; sid: 6103217; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI Wrap Attack"; content: "SID: 3218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103218; sid: 6103218; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Buffer Overflow"; content: "SID: 3219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103219; sid: 6103219; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Long URL Attack"; content: "SID: 3220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103220; sid: 6103220; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI-Viewsource Attack"; content: "SID: 3221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103221; sid: 6103221; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Log Scripts Read Attack"; content: "SID: 3222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103222; sid: 6103222; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IRIX cgi-handler Attack"; content: "SID: 3223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103223; sid: 6103223; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] HTTP WebGais"; content: "SID: 3224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103224; sid: 6103224; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW websendmail File Access"; content: "SID: 3225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103225; sid: 6103225; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webdist Bug"; content: "SID: 3226 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103226; sid: 6103226; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Htmlscript Bug"; content: "SID: 3227 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103227; sid: 6103227; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Performer Attack"; content: "SID: 3228 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103228; sid: 6103228; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Win-C-Sample Buffer Overflow"; content: "SID: 3229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103229; sid: 6103229; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Uploader"; content: "SID: 3230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103230; sid: 6103230; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Convert Attack"; content: "SID: 3231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103231; sid: 6103231; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 3232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103232; sid: 6103232; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW count-cgi Overflow"; content: "SID: 3233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103233; sid: 6103233; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Local Trusted Resource Execution"; content: "SID: 3234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103234; sid: 6103234; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] showHelp CHM File Execution Weakness"; content: "SID: 3235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103235; sid: 6103235; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Path Disclosure"; content: "SID: 3236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103236; sid: 6103236; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack"; content: "SID: 3250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103250; sid: 6103250; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack Simplex Mode"; content: "SID: 3251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103251; sid: 6103251; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Agent ActiveX Control"; content: "SID: 3252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103252; sid: 6103252; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] HTTP Request Smuggling"; content: "SID: 3253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103253; sid: 6103253; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XML-RPC PHP Command Execution"; content: "SID: 3254 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103254; sid: 6103254; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] Apache Long HTTP Header DoS"; content: "SID: 3255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103255; sid: 6103255; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS OOB Data"; content: "SID: 3300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103300; sid: 6103300; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NETBIOS Stat"; content: "SID: 3301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103301; sid: 6103301; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBios Session Service Failed Login"; content: "SID: 3302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103302; sid: 6103302; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Login successful with Guest Privileges"; content: "SID: 3303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103303; sid: 6103303; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NULL login attempt"; content: "SID: 3304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103304; sid: 6103304; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB 95 98 Password File Access"; content: "SID: 3305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103305; sid: 6103305; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Registry Access Attempt"; content: "SID: 3306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103306; sid: 6103306; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Red Button"; content: "SID: 3307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103307; sid: 6103307; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Lsarpc Service Access Attempt"; content: "SID: 3308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103308; sid: 6103308; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Srvsvc Service Access Attempt"; content: "SID: 3309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103309; sid: 6103309; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbios Enum Share DoS"; content: "SID: 3310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103310; sid: 6103310; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote SAM Service Access Attempt"; content: "SID: 3311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103311; sid: 6103311; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB .eml email file remote access"; content: "SID: 3312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103312; sid: 6103312; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Suspicious Password Usage"; content: "SID: 3313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103313; sid: 6103313; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Locator Service Overflow"; content: "SID: 3314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103314; sid: 6103314; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows 9x NetBIOS NULL Name Vulnerability"; content: "SID: 3315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103315; sid: 6103315; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Project1 DOS"; content: "SID: 3316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103316; sid: 6103316; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LSASS DCE RPC Request"; content: "SID: 3317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103317; sid: 6103317; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DsRolerUpgradeDownlevelServer Request"; content: "SID: 3318 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103318; sid: 6103318; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCE RPC Request"; content: "SID: 3319 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103319; sid: 6103319; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB ADMIN Hidden Share Access Attempt"; content: "SID: 3320 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103320; sid: 6103320; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB User Enumeration"; content: "SID: 3321 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103321; sid: 6103321; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Windows Share Enumeration"; content: "SID: 3322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103322; sid: 6103322; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB: RFPoison Attack"; content: "SID: 3323 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103323; sid: 6103323; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NIMDA Infected File Transfer"; content: "SID: 3324 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103324; sid: 6103324; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba call_trans2open Overflow"; content: "SID: 3325 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103325; sid: 6103325; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Startup Folder Remote Access"; content: "SID: 3326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103326; sid: 6103326; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC DCOM Overflow"; content: "SID: 3327 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103327; sid: 6103327; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMB RPC NoOp Sled"; content: "SID: 3328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103328; sid: 6103328; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow"; content: "SID: 3329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103329; sid: 6103329; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow 2"; content: "SID: 3330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103330; sid: 6103330; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP MSRPC Messenger Overflow"; content: "SID: 3331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103331; sid: 6103331; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSRPC Messenger Overflow"; content: "SID: 3332 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103332; sid: 6103332; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB MSRPC Messenger Overflow"; content: "SID: 3333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103333; sid: 6103333; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Workstation Service Overflow"; content: "SID: 3334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103334; sid: 6103334; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Anig Worm File Transfer"; content: "SID: 3335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103335; sid: 6103335; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Bit String NTLMv2 Integer Overflow"; content: "SID: 3336 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103336; sid: 6103336; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC Race Condition Exploitation"; content: "SID: 3337 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103337; sid: 6103337; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows LSASS RPC Overflow"; content: "SID: 3338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103338; sid: 6103338; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows System32 Directory File Creation"; content: "SID: 3339 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103339; sid: 6103339; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Shell External Handler"; content: "SID: 3340 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103340; sid: 6103340; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Activity"; content: "SID: 3341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103341; sid: 6103341; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows NetDDE Overflow"; content: "SID: 3342 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103342; sid: 6103342; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Account Locked"; content: "SID: 3343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103343; sid: 6103343; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows 2000 TCP RPC DoS"; content: "SID: 3344 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103344; sid: 6103344; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC WinNuke"; content: "SID: 3345 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103345; sid: 6103345; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows TSShutdn.exe Attempt"; content: "SID: 3346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103346; sid: 6103346; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Library Bit String Heap Corruption"; content: "SID: 3347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103347; sid: 6103347; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Disk Enumerations"; content: "SID: 3348 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103348; sid: 6103348; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Date And Time Enumerations"; content: "SID: 3349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103349; sid: 6103349; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Transport Enumerations"; content: "SID: 3350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103350; sid: 6103350; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS User Session Enumerations"; content: "SID: 3351 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103351; sid: 6103351; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Fragment Reassembly Overflow"; content: "SID: 3352 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103352; sid: 6103352; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Request Overflow"; content: "SID: 3353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103353; sid: 6103353; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Remote Registry Request DoS"; content: "SID: 3356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103356; sid: 6103356; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid Netbios Name"; content: "SID: 3357 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103357; sid: 6103357; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Sun Kill Telnet DoS"; content: "SID: 3400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103400; sid: 6103400; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet-IFS Match"; content: "SID: 3401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103401; sid: 6103401; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] BSD Telnet Daemon Buffer Overflow"; content: "SID: 3402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103402; sid: 6103402; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Excessive Environment Options"; content: "SID: 3403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103403; sid: 6103403; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SysV /bin/login Overflow"; content: "SID: 3404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103404; sid: 6103404; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avirt Gateway Proxy Buffer Overflow"; content: "SID: 3405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103405; sid: 6103405; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris TTYPROMPT Overflow"; content: "SID: 3406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103406; sid: 6103406; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Client NEW ENVIRON Option Overflow"; content: "SID: 3407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103407; sid: 6103407; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Client LINEMODE SLC Option Overflow"; content: "SID: 3408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103408; sid: 6103408; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Over Non-standard Ports"; content: "SID: 3409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103409; sid: 6103409; rev: 4;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg: "[CISCO-SDEE] Finger Bomb"; content: "SID: 3450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103450; sid: 6103450; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BearShare Directory Traversal"; content: "SID: 3451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103451; sid: 6103451; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gopherd Halidate Overflow"; content: "SID: 3452 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103452; sid: 6103452; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS NetMeeting RDS DoS"; content: "SID: 3453 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103453; sid: 6103453; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Check Point Firewall Information Leak"; content: "SID: 3454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103454; sid: 6103454; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java Web Server Cmd Exec"; content: "SID: 3455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103455; sid: 6103455; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris in.fingerd Information Leak"; content: "SID: 3456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103456; sid: 6103456; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root shell"; content: "SID: 3457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103457; sid: 6103457; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM game invite overflow"; content: "SID: 3458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103458; sid: 6103458; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ValiCert Forms.exe Overflow"; content: "SID: 3459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103459; sid: 6103459; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger probe"; content: "SID: 3461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103461; sid: 6103461; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Redirect"; content: "SID: 3462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103462; sid: 6103462; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root"; content: "SID: 3463 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103463; sid: 6103463; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] File access in finger"; content: "SID: 3464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103464; sid: 6103464; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Activity"; content: "SID: 3465 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103465; sid: 6103465; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RAS/PPTP Malformed Control Packet DOS"; content: "SID: 3466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103466; sid: 6103466; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin -froot Attack"; content: "SID: 3500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103500; sid: 6103500; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Long TERM Variable"; content: "SID: 3501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103501; sid: 6103501; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rlogin Activity"; content: "SID: 3502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103502; sid: 6103502; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Authenticate Buffer Overflow"; content: "SID: 3525 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103525; sid: 6103525; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Imap Login Buffer Overflow"; content: "SID: 3526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103526; sid: 6103526; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UW imapd Overflows"; content: "SID: 3527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103527; sid: 6103527; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPSwitch IMail DELETE Command Overflow"; content: "SID: 3528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103528; sid: 6103528; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long EXAMINE Command"; content: "SID: 3529 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103529; sid: 6103529; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Oversized TACACS+ Attack"; content: "SID: 3530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103530; sid: 6103530; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Cisco IOS Telnet DoS"; content: "SID: 3531 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103531; sid: 6103531; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BGP Open Message"; content: "SID: 3532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103532; sid: 6103532; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Misformed BGP Packet DoS"; content: "SID: 3533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103533; sid: 6103533; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long AUTHENTICATE Command"; content: "SID: 3534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103534; sid: 6103534; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] MailEnable HTTP Authorization Buffer Overflow"; content: "SID: 3537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103537; sid: 6103537; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS CSAdmin Attack"; content: "SID: 3540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103540; sid: 6103540; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP Buffer Overflow"; content: "SID: 3550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103550; sid: 6103550; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP User Root"; content: "SID: 3551 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103551; sid: 6103551; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Buffer Overflow"; content: "SID: 3575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103575; sid: 6103575; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Control Message Exploit"; content: "SID: 3576 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103576; sid: 6103576; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP LOGIN Command Invalid Username"; content: "SID: 3577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103577; sid: 6103577; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Format String"; content: "SID: 3578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103578; sid: 6103578; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] IOS Telnet Buffer Overflow"; content: "SID: 3600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103600; sid: 6103600; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Command History Exploit"; content: "SID: 3601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103601; sid: 6103601; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Cisco Identification"; content: "SID: 3602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103602; sid: 6103602; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Enable Bypass"; content: "SID: 3603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103603; sid: 6103603; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Catalyst CR DoS"; content: "SID: 3604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103604; sid: 6103604; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH RSAREF2 Buffer Overflow"; content: "SID: 3650 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103650; sid: 6103650; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH CRC32 Overflow"; content: "SID: 3651 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103651; sid: 6103651; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles"; content: "SID: 3652 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103652; sid: 6103652; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Rapid SSH Connections"; content: "SID: 3653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103653; sid: 6103653; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles Exploit"; content: "SID: 3654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103654; sid: 6103654; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CDE dtspcd Overflow"; content: "SID: 3700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103700; sid: 6103700; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9iAS Web Cache Buffer Overflow"; content: "SID: 3701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103701; sid: 6103701; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Default sa account access"; content: "SID: 3702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103702; sid: 6103702; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid FTP URL Buffer Overflow"; content: "SID: 3703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103703; sid: 6103703; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS FTP STAT Denial of Service"; content: "SID: 3704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103704; sid: 6103704; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli Storage Manager Client Acceptor Overflow"; content: "SID: 3705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103705; sid: 6103705; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT PGP Public Key Server Overflow"; content: "SID: 3706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103706; sid: 6103706; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perl fingerd Command Exec"; content: "SID: 3707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103707; sid: 6103707; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] AnalogX Proxy Socks4a DNS Overflow"; content: "SID: 3708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103708; sid: 6103708; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnalogX Proxy Web Proxy Overflow"; content: "SID: 3709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103709; sid: 6103709; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Directory Traversal"; content: "SID: 3710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103710; sid: 6103710; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Informer FW1 Auth Replay DoS"; content: "SID: 3711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103711; sid: 6103711; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS 'Service_Name' Overflow"; content: "SID: 3714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103714; sid: 6103714; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI+ JPEG Buffer Overflow"; content: "SID: 3716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103716; sid: 6103716; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows .ANI File DoS"; content: "SID: 3718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103718; sid: 6103718; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger PNG Overflow"; content: "SID: 3719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103719; sid: 6103719; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL sa Account Brute Force"; content: "SID: 3720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103720; sid: 6103720; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TNS Brute Force"; content: "SID: 3721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103721; sid: 6103721; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop username"; content: "SID: 3728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103728; sid: 6103728; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop password"; content: "SID: 3729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103729; sid: 6103729; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (TCP)"; content: "SID: 3730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103730; sid: 6103730; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] IMail HTTP Get Buffer Overflow"; content: "SID: 3731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103731; sid: 6103731; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL xp_cmdshell Usage"; content: "SID: 3732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103732; sid: 6103732; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Real Server Format Overflow"; content: "SID: 3733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103733; sid: 6103733; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Overflow"; content: "SID: 3734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103734; sid: 6103734; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Flag Insertion Overflow"; content: "SID: 3735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103735; sid: 6103735; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Subversion get-dated-rev overflow"; content: "SID: 3736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103736; sid: 6103736; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Proxy NTLM Authenticate Overflow"; content: "SID: 3737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103737; sid: 6103737; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Argumentx Vulnerability"; content: "SID: 3738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103738; sid: 6103738; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft SHOUTcast Format String Attack"; content: "SID: 3739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103739; sid: 6103739; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail LDAP Service Buffer Overflow"; content: "SID: 3740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103740; sid: 6103740; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mIRC DCC Send Buffer Overflow"; content: "SID: 3782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103782; sid: 6103782; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Backup Discovery UDP Probe Overflow"; content: "SID: 3783 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103783; sid: 6103783; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Discovery Service SERVICEPC Overflow"; content: "SID: 3784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103784; sid: 6103784; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP UNLOCK Buffer Overflow"; content: "SID: 3785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103785; sid: 6103785; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP PASS Buffer Overflow"; content: "SID: 3786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103786; sid: 6103786; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRIX Printing System Remote Command Execution"; content: "SID: 3787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103787; sid: 6103787; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris LPD Remote Command Execution"; content: "SID: 3788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103788; sid: 6103788; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DistCC Daemon Command Execution"; content: "SID: 3789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103789; sid: 6103789; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Omniback II Command Execution"; content: "SID: 3790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103790; sid: 6103790; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris Printd Unlink File Deletion"; content: "SID: 3791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103791; sid: 6103791; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Long Telnet Username"; content: "SID: 3792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103792; sid: 6103792; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZENworks 6.5 Authentication Overflow"; content: "SID: 3793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103793; sid: 6103793; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle iSQL*PLus Overflow"; content: "SID: 3802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103802; sid: 6103802; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_proxy Buffer Overflow"; content: "SID: 3883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103883; sid: 6103883; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Authentication Heap Based Buffer Overflow"; content: "SID: 3884 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103884; sid: 6103884; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice BO2K TCP Stealth 1"; content: "SID: 3991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103991; sid: 6103991; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Port Sweep"; content: "SID: 4001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104001; sid: 6104001; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Host Flood"; content: "SID: 4002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104002; sid: 6104002; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nmap UDP Port Sweep"; content: "SID: 4003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104003; sid: 6104003; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] DNS Flood Attack"; content: "SID: 4004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104004; sid: 6104004; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Bomb"; content: "SID: 4050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104050; sid: 6104050; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice-Original-UDP"; content: "SID: 4053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104053; sid: 6104053; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIP Trace"; content: "SID: 4054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104054; sid: 6104054; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NTPd readvar overflow"; content: "SID: 4056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104056; sid: 6104056; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPnP LOCATION Overflow"; content: "SID: 4058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104058; sid: 6104058; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Orifice Ping"; content: "SID: 4060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104060; sid: 6104060; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Chargen Echo DoS"; content: "SID: 4061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104061; sid: 6104061; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CSS 11000 Malformed UDP DoS"; content: "SID: 4062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104062; sid: 6104062; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unreal Engine secure Overflow"; content: "SID: 4063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104063; sid: 6104063; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed IKE Packet DoS"; content: "SID: 4067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104067; sid: 6104067; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS NBT Stream"; content: "SID: 4068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104068; sid: 6104068; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tftp Passwd File"; content: "SID: 4100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104100; sid: 6104100; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTPD Directory Traversal"; content: "SID: 4101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104101; sid: 6104101; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ascend Denial of Service"; content: "SID: 4150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104150; sid: 6104150; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BOBAX Virus Activity"; content: "SID: 4151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104151; sid: 6104151; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic File Transfer Signatures"; content: "SID: 4322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104322; sid: 6104322; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Cisco IOS Embedded SNMP Community Names"; content: "SID: 4500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104500; sid: 6104500; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVCO/4K Remote Username / Password Retrieve"; content: "SID: 4501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104501; sid: 6104501; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Community Name Brute Force Attempt"; content: "SID: 4502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104502; sid: 6104502; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Windows NT SNMP System Info Retrieve"; content: "SID: 4503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104503; sid: 6104503; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP IOS Configuration Retrieval"; content: "SID: 4504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104504; sid: 6104504; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP IOS VACM MIB Access"; content: "SID: 4505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104505; sid: 6104505; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] D-Link Wireless SNMP Plain Text Password"; content: "SID: 4506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104506; sid: 6104506; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Protocol Violation"; content: "SID: 4507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104507; sid: 6104507; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Non SNMP Traffic"; content: "SID: 4508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104508; sid: 6104508; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] HP Openview SNMP Hidden Community Name"; content: "SID: 4509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104509; sid: 6104509; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Solaris SNMP Hidden Community Name"; content: "SID: 4510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104510; sid: 6104510; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Avaya SNMP Hidden Community Name"; content: "SID: 4511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104511; sid: 6104511; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104512; sid: 6104512; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Cisco SNMP Message Processing DoS"; content: "SID: 4513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104513; sid: 6104513; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104514; sid: 6104514; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP/VC Embedded Community Names"; content: "SID: 4515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104515; sid: 6104515; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] SNMP Printer Query DoS"; content: "SID: 4516 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104516; sid: 6104516; rev: 4;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS UDP Bomb"; content: "SID: 4600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104600; sid: 6104600; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CheckPoint Firewall RDP ByPass"; content: "SID: 4601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104601; sid: 6104601; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] Beagle (Bagle) Virus DNS Lookup"; content: "SID: 4602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104602; sid: 6104602; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Discover"; content: "SID: 4603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104603; sid: 6104603; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Request"; content: "SID: 4604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104604; sid: 6104604; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Offer"; content: "SID: 4605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104605; sid: 6104605; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTP Long Filename Buffer Overflow"; content: "SID: 4606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104606; sid: 6104606; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Deep Throat Response"; content: "SID: 4607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104607; sid: 6104607; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (UDP)"; content: "SID: 4608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104608; sid: 6104608; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $SNMP_PORT (msg: "[CISCO-SDEE] Orinoco SNMP Info Leak"; content: "SID: 4609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104609; sid: 6104609; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerberos 4 User Recon"; content: "SID: 4610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104610; sid: 6104610; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DWL-900AP+ TFTP Config Retrieve"; content: "SID: 4611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104611; sid: 6104611; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP Phone TFTP Config Retrieve"; content: "SID: 4612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104612; sid: 6104612; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Filename Buffer Overflow"; content: "SID: 4613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104613; sid: 6104613; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Overflow"; content: "SID: 4614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104614; sid: 6104614; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] Beagle.B (Bagle.B) Virus DNS Lookup"; content: "SID: 4615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104615; sid: 6104615; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PoPToP PPtP Short Length Overflow"; content: "SID: 4617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104617; sid: 6104617; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid DHCP Packet"; content: "SID: 4619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104619; sid: 6104619; rev: 3;)
alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[CISCO-SDEE] DNS Limited Broadcast Query"; content: "SID: 4620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104620; sid: 6104620; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104701; sid: 6104701; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104702; sid: 6104702; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104703; sid: 6104703; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104704; sid: 6104704; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS newdsn attack"; content: "SID: 5034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105034; sid: 6105034; rev: 3;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[CISCO-SDEE] HTTP cgi HylaFAX Faxsurvey"; content: "SID: 5035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105035; sid: 6105035; rev: 4;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI MachineInfo Attack"; content: "SID: 5037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105037; sid: 6105037; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW wwwsql file read Bug"; content: "SID: 5038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105038; sid: 6105038; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 5039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105039; sid: 6105039; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW anyform attack"; content: "SID: 5041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105041; sid: 6105041; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webcom.se Guestbook attack"; content: "SID: 5044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105044; sid: 6105044; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW xterm display attack"; content: "SID: 5045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105045; sid: 6105045; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW dumpenv.pl recon"; content: "SID: 5046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105046; sid: 6105046; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Server Side Include POST attack"; content: "SID: 5047 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105047; sid: 6105047; rev: 3;)
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS BAT EXE attack"; content: "SID: 5048 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105048; sid: 6105048; rev: 3;)