Unique Alerts

Below are the Unique Events collected today from all locations. For every event with a priority of all locations high, medium or info, the following information is displayed ("info" indicates a lower level of threat - either because the volume of the attack is low or undefined):

Signature name and classification
Total number of occurrences
Date and time of the first and last occurrence.

Sourcefire sets the priority ranking of each event.

Classification:

Location:

Signature:

Priority:

Displaying alerts 1-100 of 101 total

Signature	Classification	Location	Total #	First	Last
ET VOIP Multiple Unauthorized SIP Responses	attempted-dos	Paris	1	2010-01-20 11:03:46	2010-01-20 11:03:46
ET SCAN NMAP -sS	attempted-recon	Paris	4	2010-01-20 10:47:50	2010-01-20 11:09:56
(snort_decoder): Experimental Tcp Options found	undefined	Paris	319	2010-01-20 10:37:21	2010-01-20 11:41:15
ET P2P BitTorrent peer sync	policy-violation	Paris	1	2010-01-20 11:25:39	2010-01-20 11:25:39
(http_inspect) OVERSIZE REQUEST-URI DIRECTORY	undefined	Paris	663	2010-01-20 10:37:22	2010-01-20 11:41:25
ET SCAN NMAP -sA (2)	attempted-recon	Paris	3	2010-01-20 10:50:00	2010-01-20 11:30:25
(http_inspect) BARE BYTE UNICODE ENCODING	undefined	Paris	37821	2010-01-20 10:37:15	2010-01-20 11:41:28
MALWARE Inside host looking for Trojan.Zeus domain totalunix.net	trojan-activity	Paris	2	2010-01-20 10:56:31	2010-01-20 10:57:43
VOIP-SIP response too small	misc-activity	Paris	429	2010-01-20 10:37:31	2010-01-20 11:41:02
MALWARE Inside host looking for Trojan.Zeus domain 840384tony.mobi	trojan-activity	Paris	1	2010-01-20 11:27:11	2010-01-20 11:27:11
ET SCAN NMAP -sA (1)	attempted-recon	Paris	112	2010-01-20 10:41:25	2010-01-20 11:41:12
MALWARE Inside host looking for Trojan.Zeus domain googlenames.cn	trojan-activity	Paris	4	2010-01-20 10:47:43	2010-01-20 11:20:08
ET SCAN NMAP -f -sS	attempted-recon	Paris	4	2010-01-20 10:47:50	2010-01-20 11:09:56
VOIP-SIP From header invalid characters detected	attempted-dos	Paris	1	2010-01-20 11:08:15	2010-01-20 11:08:15
(snort_decoder): Tcp Options found with bad lengths	undefined	Paris	2419	2010-01-20 10:37:18	2010-01-20 11:41:28
ET P2P BitTorrent DHT get_peers request	policy-violation	Paris	2	2010-01-20 10:54:13	2010-01-20 11:40:17
MALWARE Inside host looking for Trojan.Zeus domain freeguard.biz	trojan-activity	Paris	1	2010-01-20 11:31:04	2010-01-20 11:31:04
VOIP-SIP inbound 401 unauthorized message	protocol-command-decode	Paris	37	2010-01-20 10:40:49	2010-01-20 11:38:43
(http_inspect) WEBROOT DIRECTORY TRAVERSAL	undefined	Paris	90	2010-01-20 10:37:20	2010-01-20 11:41:20
MALWARE Inside host looking for Trojan.Zeus domain trustgame.cn	trojan-activity	Paris	4	2010-01-20 10:45:42	2010-01-20 11:36:14
MALWARE Inside host looking for Trojan.Zeus domain extremeanalonline.com	trojan-activity	Paris	9	2010-01-20 10:53:23	2010-01-20 11:40:41
(snort_decoder): Truncated Tcp Options	undefined	Paris	3	2010-01-20 10:58:18	2010-01-20 11:04:40
MALWARE Inside host looking for Trojan.Zeus domain antivirus.vc	trojan-activity	Paris	2	2010-01-20 11:25:01	2010-01-20 11:36:04
VOIP-SIP outbound 401 Unauthorized message	protocol-command-decode	Paris	34	2010-01-20 10:40:49	2010-01-20 11:38:18
(http_inspect) IIS UNICODE CODEPOINT ENCODING	undefined	Paris	578	2010-01-20 10:37:19	2010-01-20 11:41:24
MALWARE Inside host looking for Trojan.Zeus domain seistic.org	trojan-activity	Paris	1	2010-01-20 10:52:48	2010-01-20 10:52:48
(http_inspect) OVERSIZE CHUNK ENCODING	undefined	Paris	440	2010-01-20 10:37:27	2010-01-20 11:41:28
MALWARE Inside host looking for Trojan.Zeus domain volonterkom.cn	trojan-activity	Paris	1	2010-01-20 10:49:51	2010-01-20 10:49:51
ET P2P BitTorrent DHT ping request	policy-violation	Paris	15	2010-01-20 10:54:13	2010-01-20 11:40:17
ET WEB-MISC Poison Null Byte	web-application-activity	Paris	7	2010-01-20 11:29:00	2010-01-20 11:29:14
(http_inspect) U ENCODING	undefined	Paris	8	2010-01-20 10:46:42	2010-01-20 11:40:43
VOIP-SIP To header invalid characters detected	attempted-dos	Paris	1	2010-01-20 11:08:15	2010-01-20 11:08:15
MALWARE Inside host looking for Trojan.Zeus domain avpersona.net	trojan-activity	Paris	4	2010-01-20 10:42:09	2010-01-20 11:37:18
(http_inspect) DOUBLE DECODING ATTACK	undefined	Paris	986	2010-01-20 10:37:47	2010-01-20 11:41:21
ET P2P BitTorrent DHT nodes reply	policy-violation	Paris	5	2010-01-20 10:54:43	2010-01-20 11:18:15
VOIP-SIP MultiTech INVITE field buffer overflow attempt	attempted-user	Paris	3	2010-01-20 11:07:02	2010-01-20 11:19:07
EXPLOIT ISAKMP first payload certificate request length overflow attempt	attempted-admin	Paris	14	2010-01-20 10:47:35	2010-01-20 11:39:50
VOIP-SIP inbound 401 unauthorized message	protocol-command-decode	Frankfurt	478	2010-01-20 10:38:26	2010-01-20 11:41:35
(http_inspect) WEBROOT DIRECTORY TRAVERSAL	undefined	Frankfurt	21	2010-01-20 10:49:19	2010-01-20 11:09:26
ET SCAN Rapid POP3 Connections - Possible Brute Force Attack	misc-activity	Frankfurt	214	2010-01-20 10:38:32	2010-01-20 11:41:41
ET VOIP Multiple Unauthorized SIP Responses	attempted-dos	Frankfurt	45	2010-01-20 10:40:59	2010-01-20 11:41:35
ET SCAN NMAP -sS	attempted-recon	Frankfurt	10	2010-01-20 10:40:56	2010-01-20 11:37:00
(snort_decoder): Experimental Tcp Options found	undefined	Frankfurt	3198	2010-01-20 10:38:32	2010-01-20 11:41:43
(http_inspect) OVERSIZE REQUEST-URI DIRECTORY	undefined	Frankfurt	718	2010-01-20 10:38:08	2010-01-20 11:41:47
(http_inspect) BARE BYTE UNICODE ENCODING	undefined	Frankfurt	5213	2010-01-20 10:38:09	2010-01-20 11:41:48
ET CURRENT_EVENTS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt	bad-unknown	Frankfurt	1	2010-01-20 11:05:55	2010-01-20 11:05:55
VOIP-SIP response too small	misc-activity	Frankfurt	678	2010-01-20 10:38:39	2010-01-20 11:41:41
ET SCAN NMAP -sA (1)	attempted-recon	Frankfurt	54	2010-01-20 10:39:14	2010-01-20 11:41:13
VOIP-SIP outbound 401 Unauthorized message	protocol-command-decode	Frankfurt	478	2010-01-20 10:38:26	2010-01-20 11:41:35
MALWARE Inside host looking for Trojan.Zeus domain mabira.ws	trojan-activity	Frankfurt	58	2010-01-20 10:40:05	2010-01-20 11:41:45
ET CURRENT_EVENTS NS query for a single dot, possible ddos	attempted-dos	Frankfurt	2	2010-01-20 11:04:21	2010-01-20 11:28:52
(http_inspect) IIS UNICODE CODEPOINT ENCODING	undefined	Frankfurt	686	2010-01-20 10:38:08	2010-01-20 11:41:45
ET SCAN NMAP -f -sS	attempted-recon	Frankfurt	10	2010-01-20 10:40:56	2010-01-20 11:37:00
(http_inspect) OVERSIZE CHUNK ENCODING	undefined	Frankfurt	25	2010-01-20 10:40:55	2010-01-20 11:41:34
DNS named version attempt	attempted-recon	Frankfurt	2	2010-01-20 11:19:50	2010-01-20 11:19:50
ET P2P BitTorrent DHT ping request	policy-violation	Frankfurt	2	2010-01-20 11:02:03	2010-01-20 11:14:19
(snort_decoder) WARNING: TCP Data Offset is less than 5!	undefined	Frankfurt	2	2010-01-20 10:43:02	2010-01-20 10:43:02
(http_inspect) DOUBLE DECODING ATTACK	undefined	Frankfurt	669	2010-01-20 10:38:09	2010-01-20 11:41:48
EXPLOIT ISAKMP first payload certificate request length overflow attempt	attempted-admin	Frankfurt	50	2010-01-20 10:46:39	2010-01-20 11:39:35
(spp_frag3) Fragmentation overlap	undefined	Frankfurt	171	2010-01-20 10:38:50	2010-01-20 11:40:55
VOIP-SIP inbound 401 unauthorized message	protocol-command-decode	Stockholm	15	2010-01-20 10:40:21	2010-01-20 11:39:07
(http_inspect) WEBROOT DIRECTORY TRAVERSAL	undefined	Stockholm	4	2010-01-20 11:24:58	2010-01-20 11:36:05
ET SCAN NMAP -sS	attempted-recon	Stockholm	3	2010-01-20 11:13:14	2010-01-20 11:34:14
(snort_decoder): Experimental Tcp Options found	undefined	Stockholm	1135	2010-01-20 10:38:40	2010-01-20 11:41:50
(http_inspect) OVERSIZE REQUEST-URI DIRECTORY	undefined	Stockholm	119	2010-01-20 10:38:40	2010-01-20 11:41:45
(http_inspect) BARE BYTE UNICODE ENCODING	undefined	Stockholm	6754	2010-01-20 10:38:09	2010-01-20 11:41:49
VOIP-SIP response too small	misc-activity	Stockholm	3754	2010-01-20 10:38:09	2010-01-20 11:41:47
ET SCAN NMAP -sA (1)	attempted-recon	Stockholm	434	2010-01-20 10:38:39	2010-01-20 11:41:45
VOIP-SIP outbound 401 Unauthorized message	protocol-command-decode	Stockholm	15	2010-01-20 10:40:21	2010-01-20 11:39:07
(http_inspect) IIS UNICODE CODEPOINT ENCODING	undefined	Stockholm	241	2010-01-20 10:38:40	2010-01-20 11:41:40
ET SCAN NMAP -f -sS	attempted-recon	Stockholm	22	2010-01-20 10:40:58	2010-01-20 11:38:49
(http_inspect) OVERSIZE CHUNK ENCODING	undefined	Stockholm	7	2010-01-20 10:57:46	2010-01-20 11:41:14
ET P2P BitTorrent DHT ping request	policy-violation	Stockholm	15	2010-01-20 10:44:02	2010-01-20 11:41:01
DNS named version attempt	attempted-recon	Stockholm	1	2010-01-20 11:02:48	2010-01-20 11:02:48
(snort_decoder): Tcp Options found with bad lengths	undefined	Stockholm	322	2010-01-20 10:38:33	2010-01-20 11:41:39
(http_inspect) DOUBLE DECODING ATTACK	undefined	Stockholm	586	2010-01-20 10:38:27	2010-01-20 11:41:42
ET P2P BitTorrent DHT nodes reply	policy-violation	Stockholm	11	2010-01-20 10:42:56	2010-01-20 11:35:27
ET P2P BitTorrent DHT get_peers request	policy-violation	Stockholm	1	2010-01-20 10:51:56	2010-01-20 10:51:56
ET P2P Ares over UDP	policy-violation	Amsterdam	21	2010-01-20 10:36:35	2010-01-20 11:39:19
(snort_decoder): Invalid UDP header, length field < 8	undefined	Amsterdam	1	2010-01-20 11:24:34	2010-01-20 11:24:34
ET SCAN NMAP -sS	attempted-recon	Amsterdam	6	2010-01-20 10:50:30	2010-01-20 11:38:36
(snort_decoder): Experimental Tcp Options found	undefined	Amsterdam	12	2010-01-20 10:36:54	2010-01-20 11:36:35
ET P2P Limewire P2P UDP Traffic	policy-violation	Amsterdam	1	2010-01-20 10:50:44	2010-01-20 10:50:44
(http_inspect) OVERSIZE REQUEST-URI DIRECTORY	undefined	Amsterdam	17	2010-01-20 10:40:09	2010-01-20 11:36:03
ET P2P ThunderNetwork UDP Traffic	policy-violation	Amsterdam	8	2010-01-20 10:39:12	2010-01-20 11:35:53
ET P2P Edonkey Search Results	policy-violation	Amsterdam	19	2010-01-20 10:38:01	2010-01-20 11:28:29
(http_inspect) BARE BYTE UNICODE ENCODING	undefined	Amsterdam	1528	2010-01-20 10:36:29	2010-01-20 11:40:27
MALWARE Inside host looking for Trojan.Zeus domain deadly-pie.cn	trojan-activity	Amsterdam	8	2010-01-20 10:38:35	2010-01-20 11:34:28
VOIP-SIP response too small	misc-activity	Amsterdam	5	2010-01-20 10:39:54	2010-01-20 11:16:24
ET P2P Edonkey Search Request (any type file)	policy-violation	Amsterdam	2	2010-01-20 10:57:11	2010-01-20 11:09:27
ET SCAN NMAP -sA (1)	attempted-recon	Amsterdam	9	2010-01-20 10:41:09	2010-01-20 11:34:46
ET P2P Manolito Ping	policy-violation	Amsterdam	4	2010-01-20 11:00:36	2010-01-20 11:17:25
ET P2P Edonkey Connect Request	policy-violation	Amsterdam	12	2010-01-20 10:39:33	2010-01-20 11:15:58
ET P2P Edonkey Publicize File ACK	policy-violation	Amsterdam	4	2010-01-20 10:43:26	2010-01-20 11:36:04
ET SCAN NMAP -f -sS	attempted-recon	Amsterdam	9	2010-01-20 10:40:13	2010-01-20 11:38:36
(snort_decoder): Tcp Options found with bad lengths	undefined	Amsterdam	13	2010-01-20 11:11:31	2010-01-20 11:37:14
(snort_decoder): Short UDP packet, length field > payload length	undefined	Amsterdam	1	2010-01-20 11:00:34	2010-01-20 11:00:34
MALWARE Inside host looking for Trojan.Zeus domain noabuseplease.cn	trojan-activity	Amsterdam	21	2010-01-20 10:44:52	2010-01-20 11:36:08
ET P2P BitTorrent DHT get_peers request	policy-violation	Amsterdam	3972	2010-01-20 10:36:24	2010-01-20 11:40:28
MALWARE Inside host looking for Trojan.Zeus domain swaker.cn	trojan-activity	Amsterdam	2	2010-01-20 10:50:48	2010-01-20 11:29:59

Internet Barometer 2.0 by Interoute Communications Ltd