File: cisco-sdee.rules

package info (click to toggle)
sagan-rules 1:20170725-1
  • links: PTS
  • area: main
  • in suites: bullseye, sid
  • size: 3,460 kB
  • sloc: makefile: 5
file content (2343 lines) | stat: -rw-r--r-- 707,597 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
# Sagan cisco-sdee.rules
# Copyright (c) 2009-2017, Quadrant Information Security <www.quadrantsec.com>
# All rights reserved.
#
# Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list
#
#*************************************************************
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
#  following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#  Note: You will need a program to convert Cisco IPS events (from the SDEE protocol) to syslog.  At Quadrant, 
#  we have developed a program called "qdee" ("Q - Dee").  You'll need something similar.  "qdee" is _not_ 
#  a open source project at this time.  
#
#  Update Notes [2017/05/09] : The Cisco IPS modules are pretty old.  By default, all these rules have been disabled
#  and you probably shouldn't use them.  The software "qdee" is now shipped with Sagan in the "extra" directory.  
#  You can also check out https://github.com/beave/sagan/tree/master/extra/qdee
# 
#  Contact Champ Clark III for more information (cclark@quadrantsec.com)
#
#  Since these are not "standard" rules, we start the ID's at "6100000". 
#
#  See: https://supportforums.cisco.com/discussion/10008061/problems-ips-#alert-reporting
#       http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html
#       http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_ios_ips/configuration/12-4t/sec-data-ios-ips-12-4t-book.pdf


#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPS/IDS License Expiration"; content: "Health Warning"; content: "licenseExpiration"; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/6100000; sid: 6100000; rev:1;)

# Based off http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId={Sigature ID}

#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Bad Option List"; content: "SID: 1000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101000; sid: 6101000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Record Packet Route"; content: "SID: 1001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101001; sid: 6101001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Timestamp"; content: "SID: 1002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101002; sid: 6101002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Provide s,c,h,tcc"; content: "SID: 1003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101003; sid: 6101003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Loose Source Route"; content: "SID: 1004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101004; sid: 6101004; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-SATNET ID"; content: "SID: 1005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101005; sid: 6101005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Strict Source Route"; content: "SID: 1006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101006; sid: 6101006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 over IPv4 or IPv6"; content: "SID: 1007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101007; sid: 6101007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lurk Malware Communication"; content: "SID: 1018 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101018; sid: 6101018; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XShellC601 Malware Communication"; content: "SID: 1019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101019; sid: 6101019; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BB Malware Communication"; content: "SID: 1020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101020; sid: 6101020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Murcy Malware Communication"; content: "SID: 1021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101021; sid: 6101021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QDigit Malware Communication"; content: "SID: 1022 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101022; sid: 6101022; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Software Smart Install Denial of Service"; content: "SID: 1027 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101027; sid: 6101027; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BitDefender Internet Security 2009 XSS"; content: "SID: 1028 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101028; sid: 6101028; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iManager Off By One Buffer Overflow"; content: "SID: 1029 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101029; sid: 6101029; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantic IM Manager Administrator Console Code Injection"; content: "SID: 1030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101030; sid: 6101030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows MPEG Layer-3 Audio Decoder Stack Buffer Overflow"; content: "SID: 1032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101032; sid: 6101032; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Slowloris Exploit"; content: "SID: 1034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101034; sid: 6101034; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft DNS server Denial of Service Vulnerability"; content: "SID: 1038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101038; sid: 6101038; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101039; sid: 6101039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNSChanger Malware"; content: "SID: 1040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101040; sid: 6101040; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101044; sid: 6101044; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent HTTP Request Remote Code Execution"; content: "SID: 1051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101051; sid: 6101051; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe PDF Remote Code Execution"; content: "SID: 1052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101052; sid: 6101052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF File Buffer Overflow"; content: "SID: 1055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101055; sid: 6101055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Corehttp Httpd Buffer Overflow"; content: "SID: 1056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101056; sid: 6101056; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101057; sid: 6101057; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Webex WRF File Buffer Overflow"; content: "SID: 1058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101058; sid: 6101058; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Hit-Highlighting Authentication Bypass"; content: "SID: 1059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101059; sid: 6101059; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache auth_ldap Format String"; content: "SID: 1060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101060; sid: 6101060; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Active Directory LDAP Remote Code Execution"; content: "SID: 1062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: 389; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101062; sid: 6101062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BIND 8 TSIG Remote Code Execution"; content: "SID: 1063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101063; sid: 6101063; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor Backup Products Tape Engine Service RPC Request Arbitrary Code Execution Vulnerability"; content: "SID: 1067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101067; sid: 6101067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows PPTP Denial of Service"; content: "SID: 1069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $PPTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101069; sid: 6101069; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Directory Server 6.0 Denial Of Service"; content: "SID: 1076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101076; sid: 6101076; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP File Upload GLOBAL Variable Overwrite"; content: "SID: 1077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101077; sid: 6101077; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix RTSP SETUP Request Denial Of Service"; content: "SID: 1079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101079; sid: 6101079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Informix Long Username Buffer Overflow"; content: "SID: 1080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101080; sid: 6101080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101081; sid: 6101081; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101082; sid: 6101082; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Plug and Play Overflow"; content: "SID: 1083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101083; sid: 6101083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS HTTP Server Vulnerability"; content: "SID: 1085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101085; sid: 6101085; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle OPMN daemon Format String Denial Of Service"; content: "SID: 1086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101086; sid: 6101086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle XDB FTP Buffer Overflow"; content: "SID: 1088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $FTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101088; sid: 6101088; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SAP Message Server Group Parameter Remote Buffer Overflow"; content: "SID: 1089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101089; sid: 6101089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NTP MODE_PRIVATE Denial of Service"; content: "SID: 1090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $NTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101090; sid: 6101090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSwan and StrongSwan DPD Packet Remote DoS"; content: "SID: 1091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101091; sid: 6101091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Measuresoft ScadaPro Command Injection"; content: "SID: 1096 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101096; sid: 6101096; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Buffer Overflow"; content: "SID: 1097 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101097; sid: 6101097; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1099 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101099; sid: 6101099; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unknown IP Protocol"; content: "SID: 1101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101101; sid: 6101101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Impossible IP Packet"; content: "SID: 1102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101102; sid: 6101102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Localhost Source Spoof"; content: "SID: 1104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101104; sid: 6101104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101105; sid: 6101105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsys PROMOTIC ActiveX SaveCfg AddTrend Buffer Overflow"; content: "SID: 1106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101106; sid: 6101106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RFC 1918 Addresses Seen"; content: "SID: 1107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101107; sid: 6101107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Packet with Proto 11"; content: "SID: 1108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101108; sid: 6101108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Interface DoS"; content: "SID: 1109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101109; sid: 6101109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Arbitrary Files Access and Denial of Service"; content: "SID: 1121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101121; sid: 6101121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenOffice Remote Code Execution"; content: "SID: 1122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101122; sid: 6101122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RPC DCOM ISystemActivator Buffer Overflow"; content: "SID: 1124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101124; sid: 6101124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WellinTech Kingview Buffer Overflow"; content: "SID: 1126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101126; sid: 6101126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS ISAKMP Vulnerability"; content: "SID: 1127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101127; sid: 6101127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RRAS Service Overflow"; content: "SID: 1128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101128; sid: 6101128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Remote Code Execution"; content: "SID: 1129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101129; sid: 6101129; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Malicous Signed Portable Executable File"; content: "SID: 1130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101130; sid: 6101130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101131; sid: 6101131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE OnReadyStateChange Remote Code Execution"; content: "SID: 1132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101132; sid: 6101132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE SelectAll Remote Code Execution"; content: "SID: 1134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101134; sid: 6101134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Parameter Validation Vulnerability"; content: "SID: 1135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101135; sid: 6101135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Remote Code Execution"; content: "SID: 1136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101136; sid: 6101136; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Livemesh Application"; content: "SID: 1137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101137; sid: 6101137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Use After Free"; content: "SID: 1138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101138; sid: 6101138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Marshalling Code Remote Code Execution Vulnerability"; content: "SID: 1140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101140; sid: 6101140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Obfuscation Code Fragment"; content: "SID: 1142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101142; sid: 6101142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectX NULL Byte Overwrite Vulnerability"; content: "SID: 1143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101143; sid: 6101143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Publisher 2007 Remote Code Execution"; content: "SID: 1144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101144; sid: 6101144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office PowerPoint Remote Code Execution Vulnerability"; content: "SID: 1152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101152; sid: 6101152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel 2003 Denial of Service Vulnerability"; content: "SID: 1155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101155; sid: 6101155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Remote Code Execution"; content: "SID: 1157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101157; sid: 6101157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability"; content: "SID: 1166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101166; sid: 6101166; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic Alphanumeric Generated Email Address"; content: "SID: 1169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101169; sid: 6101169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101173; sid: 6101173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visio Viewer Remote Code Execution"; content: "SID: 1182 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101182; sid: 6101182; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word RTF Heap Overrun"; content: "SID: 1183 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101183; sid: 6101183; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Buffer Overflow"; content: "SID: 1184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101184; sid: 6101184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Serialization Vulnerability"; content: "SID: 1185 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101185; sid: 6101185; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Memory Corruption"; content: "SID: 1186 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101186; sid: 6101186; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Plus Heap Overflow Vulnerability"; content: "SID: 1187 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101187; sid: 6101187; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Vulnerability"; content: "SID: 1188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101188; sid: 6101188; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel MergeCells Record Heap Overflow"; content: "SID: 1189 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101189; sid: 6101189; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Player newfunction Buffer Overflow"; content: "SID: 1190 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101190; sid: 6101190; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Memory Corruption Vulnerability"; content: "SID: 1191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101191; sid: 6101191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution"; content: "SID: 1192 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101192; sid: 6101192; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Remote Code Execution"; content: "SID: 1193 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101193; sid: 6101193; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Remote Code Execution Vulnerability"; content: "SID: 1194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101194; sid: 6101194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft TrueType Font Parsing Vulnerability"; content: "SID: 1195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101195; sid: 6101195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101196; sid: 6101196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101197; sid: 6101197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragmentation Buffer Full"; content: "SID: 1200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101200; sid: 6101200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overlap"; content: "SID: 1201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101201; sid: 6101201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overrun - Datagram Too Long"; content: "SID: 1202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101202; sid: 6101202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overwrite - Data is Overwritten"; content: "SID: 1203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101203; sid: 6101203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Missing Initial Fragment"; content: "SID: 1204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101204; sid: 6101204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Datagrams"; content: "SID: 1205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101205; sid: 6101205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Small"; content: "SID: 1206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101206; sid: 6101206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Fragments in a Datagram"; content: "SID: 1207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101207; sid: 6101207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Incomplete Datagram"; content: "SID: 1208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101208; sid: 6101208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Object Packager Remote Code Execution Vulnerability"; content: "SID: 1210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101210; sid: 6101210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Spyeye Trojan Toolkit"; content: "SID: 1212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101212; sid: 6101212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Deflate Encoding Memory Corruption"; content: "SID: 1213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101213; sid: 6101213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption"; content: "SID: 1218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101218; sid: 6101218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jolt2 Fragment Reassembly DoS attack"; content: "SID: 1220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101220; sid: 6101220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server DBMS_CDC_PUBLISH SQL Injection"; content: "SID: 1221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101221; sid: 6101221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragment Flags Invalid"; content: "SID: 1225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101225; sid: 6101225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Packet Bad Length"; content: "SID: 1250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101250; sid: 6101250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flame Malware"; content: "SID: 1256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101256; sid: 6101256; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101258; sid: 6101258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Internet Explorer 9 Use After Free"; content: "SID: 1261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101261; sid: 6101261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Unauthorized Digital Certificates"; content: "SID: 1263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101263; sid: 6101263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Leak"; content: "SID: 1265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101265; sid: 6101265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101268; sid: 6101268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Title Element Change Remote Code Execution"; content: "SID: 1270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101270; sid: 6101270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft insertAdjacentText Remote Code Execution"; content: "SID: 1271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101271; sid: 6101271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Developer Toolbar Vulnerability"; content: "SID: 1272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101272; sid: 6101272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 1273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101273; sid: 6101273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Memory Access Vulnerability"; content: "SID: 1274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101274; sid: 6101274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Dynamics AX Enterprise Portal Elevation of Privilege"; content: "SID: 1275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101275; sid: 6101275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution"; content: "SID: 1276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101276; sid: 6101276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101277; sid: 6101277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer and Lync HTML Sanitization Cross-Site Scripting"; content: "SID: 1279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101279; sid: 6101279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Remote Code Execution"; content: "SID: 1281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101281; sid: 6101281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Heap Overflow"; content: "SID: 1283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101283; sid: 6101283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101284; sid: 6101284; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Stop Service Code"; content: "SID: 1285 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101285; sid: 6101285; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Reset Service Code"; content: "SID: 1287 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101287; sid: 6101287; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TelePresence Recording Server Media Import Command Injection"; content: "SID: 1288 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101288; sid: 6101288; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix boot code dump"; content: "SID: 1289 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101289; sid: 6101289; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1290 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101290; sid: 6101290; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Firmware Update"; content: "SID: 1291 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101291; sid: 6101291; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1292 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101292; sid: 6101292; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1293 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101293; sid: 6101293; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Groupwise Messenger Server Information Leakage"; content: "SID: 1295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101295; sid: 6101295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Webex WRF JPEG DHT Chunk Stack Buffer Overflow"; content: "SID: 1296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101296; sid: 6101296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Enumeration Information Disclosure"; content: "SID: 1298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101298; sid: 6101298; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Segment Overwrite"; content: "SID: 1300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $FTP_PORT; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101300; sid: 6101300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Inactivity Timeout"; content: "SID: 1301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101301; sid: 6101301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Embryonic Timeout"; content: "SID: 1302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101302; sid: 6101302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Closing Timeout"; content: "SID: 1303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101303; sid: 6101303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Packet Queue Overflow"; content: "SID: 1304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101304; sid: 6101304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP URG flag set"; content: "SID: 1305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101305; sid: 6101305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Option Other"; content: "SID: 1306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101306; sid: 6101306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Window Variation"; content: "SID: 1307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101307; sid: 6101307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TTL evasion"; content: "SID: 1308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101308; sid: 6101308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Reserved flags set"; content: "SID: 1309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101309; sid: 6101309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Retransmit Data Different"; content: "SID: 1310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101310; sid: 6101310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Packet Exceeds MSS"; content: "SID: 1311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101311; sid: 6101311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS below minimum"; content: "SID: 1312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101312; sid: 6101312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS exceeds maximum"; content: "SID: 1313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101313; sid: 6101313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Packet With Data"; content: "SID: 1314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101314; sid: 6101314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ACK w/o TCP Stream"; content: "SID: 1315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101315; sid: 6101315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FIN or RST w/o TCP Stream"; content: "SID: 1316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101316; sid: 6101316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zero Window Probe"; content: "SID: 1317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101317; sid: 6101317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Reflected List Parameter Vulnerability"; content: "SID: 1326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101326; sid: 6101326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS Stack Exhaustion DoS"; content: "SID: 1328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101328; sid: 6101328; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Cached Object Remote Code Execution"; content: "SID: 1329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101329; sid: 6101329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Drop - Bad Checksum"; content: "SID: 1330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101330; sid: 6101330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101331; sid: 6101331; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Registered Application Handler Vulnerability"; content: "SID: 1333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101333; sid: 6101333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows ADO Heap Overflow"; content: "SID: 1334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101334; sid: 6101334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint Cross Site Scripting Attack"; content: "SID: 1335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101335; sid: 6101335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Telepresence Command Injection Vulnerability"; content: "SID: 1338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101338; sid: 6101338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Joomla 1.5.12 TinyBrowser File Upload Code Execution"; content: "SID: 1341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101341; sid: 6101341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Common Services Framework Help Servlet XSS Vulnerability"; content: "SID: 1343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101343; sid: 6101343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS BGP Malformed Attribute Denial of Service"; content: "SID: 1346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101346; sid: 6101346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Skype Call Activity"; content: "SID: 1347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101347; sid: 6101347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Trojan Iframe.F"; content: "SID: 1349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101349; sid: 6101349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Viewer Code Execution Vulnerability"; content: "SID: 1350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101350; sid: 6101350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Web Gateway Remote Command Execution"; content: "SID: 1353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101353; sid: 6101353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player URL Security Domain Checking Vulnerability"; content: "SID: 1356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101356; sid: 6101356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Buffer Overflow"; content: "SID: 1358 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101358; sid: 6101358; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Domino Server Controller Authentication Bypass"; content: "SID: 1360 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101360; sid: 6101360; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Read Access Violation Vulnerability"; content: "SID: 1364 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101364; sid: 6101364; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle WebCenter ActiveX Control File Creation Vulnerability"; content: "SID: 1366 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101366; sid: 6101366; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1367 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101367; sid: 6101367; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime JPEG2000 Integer Overflow"; content: "SID: 1369 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101369; sid: 6101369; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FFmpeg 4xm Null Pointer Memory Corruption"; content: "SID: 1370 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101370; sid: 6101370; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Integer Overflow Remote Code Execution"; content: "SID: 1371 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101371; sid: 6101371; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Asynchronous NULL Object Access Remote Code Execution"; content: "SID: 1372 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101372; sid: 6101372; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption Vulnerability"; content: "SID: 1373 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101373; sid: 6101373; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect EarthAgent RPC Buffer Overflow Vulnerability"; content: "SID: 1374 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101374; sid: 6101374; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit Memory Corruption Vulnerability"; content: "SID: 1376 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101376; sid: 6101376; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use After Free Vulnerability"; content: "SID: 1377 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101377; sid: 6101377; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Memory Corruption"; content: "SID: 1378 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101378; sid: 6101378; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1379 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101379; sid: 6101379; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1380 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101380; sid: 6101380; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Networking Vulnerability"; content: "SID: 1381 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101381; sid: 6101381; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Print Spooler Service Format String Vulnerability"; content: "SID: 1382 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101382; sid: 6101382; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Heap Overflow"; content: "SID: 1384 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101384; sid: 6101384; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows IE Layout Memory Corruption"; content: "SID: 1385 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101385; sid: 6101385; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Stack Buffer Overflow Vulnerability"; content: "SID: 1386 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101386; sid: 6101386; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Arbitrary Code Execution"; content: "SID: 1387 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101387; sid: 6101387; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL CMS Structure OriginatorInfo Memory Corruption"; content: "SID: 1388 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101388; sid: 6101388; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Database Archiving Software GIOP Parsing Buffer Overflow"; content: "SID: 1389 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101389; sid: 6101389; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Denial of Service"; content: "SID: 1393 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101393; sid: 6101393; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Linksys PlayerPT ActiveX Control Stack Overflow"; content: "SID: 1394 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101394; sid: 6101394; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 Sequence Parameter Set Parsing Buffer Overflow"; content: "SID: 1395 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101395; sid: 6101395; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Cross Site Scripting (XSS) Vulnerability"; content: "SID: 1396 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101396; sid: 6101396; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Array.reduceRight Integer Overflow Vulnerability"; content: "SID: 1397 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101397; sid: 6101397; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Web Access Cross Site Request Forgery Vulnerability"; content: "SID: 1398 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101398; sid: 6101398; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA Total Defense Suite Information Disclosure Vulnerability"; content: "SID: 1399 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101399; sid: 6101399; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Over IPv6 Encapsulation"; content: "SID: 1400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101400; sid: 6101400; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPIP Encapsulation"; content: "SID: 1401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101401; sid: 6101401; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MPLS Over IPv6 Encapsulation"; content: "SID: 1402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101402; sid: 6101402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv4 Over IPv6 Encapsulation"; content: "SID: 1403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101403; sid: 6101403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave PAMI Chunk Remote Code Execution"; content: "SID: 1404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101404; sid: 6101404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination IP Address"; content: "SID: 1405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101405; sid: 6101405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Source Port"; content: "SID: 1406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101406; sid: 6101406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination Port"; content: "SID: 1407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101407; sid: 6101407; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Data Packet"; content: "SID: 1408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101408; sid: 6101408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Tunnel Detected"; content: "SID: 1409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101409; sid: 6101409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Over MPLS Tunnel"; content: "SID: 1410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101410; sid: 6101410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Response Storm"; content: "SID: 1414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101414; sid: 6101414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Non-DNP3 Communication on a DNP3 Port"; content: "SID: 1415 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101415; sid: 6101415; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Last Received Was A Broadcast Message"; content: "SID: 1417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101417; sid: 6101417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 7 Applet Remote Code Execution Vulnerability"; content: "SID: 1421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101421; sid: 6101421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Time Synchronization Required"; content: "SID: 1422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101422; sid: 6101422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Under Local Control"; content: "SID: 1423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101423; sid: 6101423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device In Trouble"; content: "SID: 1424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101424; sid: 6101424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Attempt To Use Unsupported Function Code"; content: "SID: 1425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101425; sid: 6101425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Request Object Unknown Or Errors In Application Data"; content: "SID: 1426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101426; sid: 6101426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Parameters Out Of Range"; content: "SID: 1427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101427; sid: 6101427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Event Buffer Overflow"; content: "SID: 1428 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101428; sid: 6101428; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Already Executing Request"; content: "SID: 1429 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101429; sid: 6101429; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Corrupt Configuration Error"; content: "SID: 1430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101430; sid: 6101430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Invalid Reserved IIN Flags Set"; content: "SID: 1431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101431; sid: 6101431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Active Configuration"; content: "SID: 1432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101432; sid: 6101432; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Request"; content: "SID: 1433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101433; sid: 6101433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Reply"; content: "SID: 1434 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101434; sid: 6101434; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Error"; content: "SID: 1435 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101435; sid: 6101435; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Response Or Authentication Challenge"; content: "SID: 1436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101436; sid: 6101436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Challenge"; content: "SID: 1437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101437; sid: 6101437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Response Storm"; content: "SID: 1438 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101438; sid: 6101438; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Restarted"; content: "SID: 1439 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101439; sid: 6101439; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Shamoon Malware Activity"; content: "SID: 1441 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101441; sid: 6101441; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Team Web Access XSS Vulnerability"; content: "SID: 1442 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101442; sid: 6101442; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Configuration Manager Reflected XSS"; content: "SID: 1444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101444; sid: 6101444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption"; content: "SID: 1445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101445; sid: 6101445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability"; content: "SID: 1446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101446; sid: 6101446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ganglia Stack Buffer Overflow Vulnerability"; content: "SID: 1447 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101447; sid: 6101447; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player Player Heap Buffer Overflow Vulnerability"; content: "SID: 1451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101451; sid: 6101451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption Vulnerability"; content: "SID: 1455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101455; sid: 6101455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow"; content: "SID: 1459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101459; sid: 6101459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenLDAP Modrdn Memory Corruption Vulnerability"; content: "SID: 1460 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101460; sid: 6101460; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DATAC Control RealWin SCADA Server Buffer Overflow Vulnerability"; content: "SID: 1461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101461; sid: 6101461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Universal Server Buffer Overflow"; content: "SID: 1462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101462; sid: 6101462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DD-WRT Arbitrary Shell Command Execution Vulnerability"; content: "SID: 1464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101464; sid: 6101464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer execCommand Vulnerability"; content: "SID: 1466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101466; sid: 6101466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Format String Vulnerability"; content: "SID: 1468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101468; sid: 6101468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Object Processing Vulnerability"; content: "SID: 1469 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101469; sid: 6101469; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox and SeaMonkey Remote Cross-Site Scripting Vulnerability"; content: "SID: 1470 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101470; sid: 6101470; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability"; content: "SID: 1471 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101471; sid: 6101471; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Embedded OpenType Font Processing Heap Overflow Vulnerability"; content: "SID: 1472 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101472; sid: 6101472; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XDP Encoded PDF File Transfer"; content: "SID: 1474 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101474; sid: 6101474; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webex Player Heap Overflow"; content: "SID: 1475 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101475; sid: 6101475; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA and FWSM DCERPC Inspection DoS"; content: "SID: 1476 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101476; sid: 6101476; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA PIX Denial of Service"; content: "SID: 1478 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101478; sid: 6101478; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1480 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101480; sid: 6101480; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer cloneNode Remote Code Execution"; content: "SID: 1481 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101481; sid: 6101481; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Document Layout Processing Use-After-Free Vulnerability"; content: "SID: 1482 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101482; sid: 6101482; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Event Listener Remote Code Execution"; content: "SID: 1483 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101483; sid: 6101483; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Buffer Overflow"; content: "SID: 1487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101487; sid: 6101487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CISCO ASA DCERPC Inspection Denial Of Service"; content: "SID: 1492 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101492; sid: 6101492; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Distributed Denial of Service on Financial Institutions"; content: "SID: 1493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101493; sid: 6101493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Overflow"; content: "SID: 1494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101494; sid: 6101494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Remote Code Execution"; content: "SID: 1495 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101495; sid: 6101495; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works 9 Remote Code Execution Vulnerability"; content: "SID: 1496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101496; sid: 6101496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1497 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101497; sid: 6101497; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Report Manager Reflected Cross Site Scripting Vulnerability"; content: "SID: 1498 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101498; sid: 6101498; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word PAPX Section Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101501; sid: 6101501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Response-Splitting Protection Bypass"; content: "SID: 1503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101503; sid: 6101503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101504; sid: 6101504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow"; content: "SID: 1507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101507; sid: 6101507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ImageMagick ResolutionUnit Tag Invalid Validation Denial of Service Vulnerability"; content: "SID: 1508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101508; sid: 6101508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office TIFF Image Converter Memory Corruption"; content: "SID: 1511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101511; sid: 6101511; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Easy Printer Care HPTicketMgr.dll ActiveX Remote Code Execution"; content: "SID: 1512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101512; sid: 6101512; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101513; sid: 6101513; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101514; sid: 6101514; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Invalid Function Code Is Used"; content: "SID: 1520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101520; sid: 6101520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Reserved Function Code Used"; content: "SID: 1524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101524; sid: 6101524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101528; sid: 6101528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use-After-Free Code Execution"; content: "SID: 1532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101532; sid: 6101532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Buffer Overflow"; content: "SID: 1534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101534; sid: 6101534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exim Mail Transfer Agent Arbitrary Code Execution Vulnerability"; content: "SID: 1535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101535; sid: 6101535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat PDF Font Processing Memory Corruption"; content: "SID: 1536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101536; sid: 6101536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In JPEG 2000 Heap Buffer Overflow"; content: "SID: 1537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101537; sid: 6101537; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unified MeetingPlace Web Conferencing Buffer Overflow"; content: "SID: 1538 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101538; sid: 6101538; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Hyperion Strategic Finance Client Heap Buffer Overflow"; content: "SID: 1540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101540; sid: 6101540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Code Execution"; content: "SID: 1545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101545; sid: 6101545; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H3C and Huawei SNMP Access Control Vulnerability"; content: "SID: 1546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101546; sid: 6101546; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word 2010 Stack Overflow"; content: "SID: 1547 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101547; sid: 6101547; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Picture Manager Memory Corruption"; content: "SID: 1548 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101548; sid: 6101548; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM xdrDecodeString Heap Buffer Overflow"; content: "SID: 1550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101550; sid: 6101550; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox SVGTextElement.getCharNumAtPositio Use-After-Free"; content: "SID: 1555 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101555; sid: 6101555; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Intelligent Management Center Multiple Remote Code Execution"; content: "SID: 1556 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101556; sid: 6101556; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Notes URL Handler Vulnerability"; content: "SID: 1563 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101563; sid: 6101563; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Domain Bypass"; content: "SID: 1564 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101564; sid: 6101564; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell ZENworks Asset Management Web Console Information Disclosure"; content: "SID: 1565 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101565; sid: 6101565; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vista Speech Recognition ActiveX Vulnerabilities"; content: "SID: 1566 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101566; sid: 6101566; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP StorageWorks P4000 Virtual SAN Appliance Command Execution Vulnerability"; content: "SID: 1569 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101569; sid: 6101569; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple iCloud Traffic"; content: "SID: 1570 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101570; sid: 6101570; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell File Reporter Buffer Overflow"; content: "SID: 1571 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101571; sid: 6101571; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Operations Agent for NonStop Server HEALTH Packet Parsing Stack Buffer"; content: "SID: 1572 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101572; sid: 6101572; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Shockwave ActiveX SwDir.dll Stack Buffer Overflow"; content: "SID: 1573 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101573; sid: 6101573; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare ActiveX Remote Code Execution"; content: "SID: 1574 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101574; sid: 6101574; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iPrint Client ActiveX Remote Code Execution"; content: "SID: 1575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101575; sid: 6101575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP Channel Driver Denial of Service"; content: "SID: 1577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101577; sid: 6101577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTPD32 Format String Vulnerability"; content: "SID: 1578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101578; sid: 6101578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP INVITE Denial of Service"; content: "SID: 1579 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101579; sid: 6101579; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Player Director Record Parsing Remote Code Execution"; content: "SID: 1580 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101580; sid: 6101580; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1584 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101584; sid: 6101584; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1585 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101585; sid: 6101585; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VLC Media Player Code Execution"; content: "SID: 1586 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101586; sid: 6101586; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows File Enumeration Memory Corruption Vulnerability"; content: "SID: 1587 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101587; sid: 6101587; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Stack Overflow Code Execution"; content: "SID: 1588 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101588; sid: 6101588; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Invalid Length Use After Free"; content: "SID: 1589 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101589; sid: 6101589; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1591 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101591; sid: 6101591; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1593 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101593; sid: 6101593; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk Skinny Channel Driver Capabilities_Res_Message Denial of Service"; content: "SID: 1595 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101595; sid: 6101595; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CFormElement Use After Free Vulnerability"; content: "SID: 1596 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101596; sid: 6101596; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Web Proxy Auto-Discovery Arbitrary Code Execution"; content: "SID: 1597 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101597; sid: 6101597; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Business Intelligence Enterprise Edition Cross Site Scripting"; content: "SID: 1598 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101598; sid: 6101598; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 zero length option"; content: "SID: 1600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101600; sid: 6101600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 1 violation"; content: "SID: 1601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101601; sid: 6101601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 2 violation"; content: "SID: 1602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101602; sid: 6101602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 3 violation"; content: "SID: 1603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101603; sid: 6101603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 4 violation"; content: "SID: 1604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101604; sid: 6101604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 5 violation"; content: "SID: 1605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101605; sid: 6101605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 short option data"; content: "SID: 1606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101606; sid: 6101606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 multi-crafted fragments"; content: "SID: 1607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101607; sid: 6101607; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CTreePos Element Use After Free Vulnerability"; content: "SID: 1608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101608; sid: 6101608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Code Access Information Disclosure"; content: "SID: 1609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101609; sid: 6101609; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Request"; content: "SID: 1610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101610; sid: 6101610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Reply"; content: "SID: 1611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101611; sid: 6101611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Destination Unreachable"; content: "SID: 1612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101612; sid: 6101612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big Message"; content: "SID: 1613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101613; sid: 6101613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Time Exceeded Message"; content: "SID: 1614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101614; sid: 6101614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Parameter Problem Message"; content: "SID: 1615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101615; sid: 6101615; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Query"; content: "SID: 1616 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101616; sid: 6101616; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Report"; content: "SID: 1617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101617; sid: 6101617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Reduction"; content: "SID: 1618 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101618; sid: 6101618; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Solicitation"; content: "SID: 1619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101619; sid: 6101619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Advertisement"; content: "SID: 1620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101620; sid: 6101620; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Solicitation"; content: "SID: 1621 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101621; sid: 6101621; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Advertisement"; content: "SID: 1622 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101622; sid: 6101622; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Redirect"; content: "SID: 1623 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101623; sid: 6101623; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Renumbering"; content: "SID: 1624 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101624; sid: 6101624; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Report V2"; content: "SID: 1625 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101625; sid: 6101625; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMPV6 Traffic"; content: "SID: 1626 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101626; sid: 6101626; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMPv6 Traffic"; content: "SID: 1627 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101627; sid: 6101627; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Traffic over IPv4"; content: "SID: 1628 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101628; sid: 6101628; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Traffic over IPv6"; content: "SID: 1629 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101629; sid: 6101629; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big"; content: "SID: 1630 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101630; sid: 6101630; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Reflection Bypass Vulnerability"; content: "SID: 1631 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101631; sid: 6101631; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unix CUPS HTTP GET Denial Of Service"; content: "SID: 1632 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101632; sid: 6101632; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bootpd 2.4.3 Buffer Overflow"; content: "SID: 1635 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101635; sid: 6101635; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox 1.0.7 InstallTrigger.Install Remote Code Execution"; content: "SID: 1636 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101636; sid: 6101636; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Javascript Engine Overflow"; content: "SID: 1637 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101637; sid: 6101637; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox CSS Layout Memory Corruption"; content: "SID: 1638 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101638; sid: 6101638; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1641 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101641; sid: 6101641; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Kernel-Mode Driver Remote Code Execution"; content: "SID: 1642 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101642; sid: 6101642; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari Out of Bounds Access Denial of Service"; content: "SID: 1643 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101643; sid: 6101643; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Java Applet Payload Creation"; content: "SID: 1646 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101646; sid: 6101646; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent RRULE Weekday Parsing Buffer Overflow"; content: "SID: 1653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101653; sid: 6101653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PNG Embedded File Type"; content: "SID: 1654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101654; sid: 6101654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player ActionScript callMethod Code Execution"; content: "SID: 1664 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101664; sid: 6101664; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Secure Backup Server Command Execution Vulnerability"; content: "SID: 1671 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101671; sid: 6101671; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Open Type Font Parsing Vulnerability"; content: "SID: 1681 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101681; sid: 6101681; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE Improper Ref Counting Use After Free Vulnerability"; content: "SID: 1683 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101683; sid: 6101683; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GXV-3000 SIP Phone Eavesdropping Exploit"; content: "SID: 1693 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101693; sid: 6101693; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xitami Web Server Buffer Overflow"; content: "SID: 1694 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101694; sid: 6101694; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Root Access"; content: "SID: 1695 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101695; sid: 6101695; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Guest Access"; content: "SID: 1696 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101696; sid: 6101696; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Nobody Access"; content: "SID: 1697 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101697; sid: 6101697; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Hop-by-Hop Options Present"; content: "SID: 1700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101700; sid: 6101700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Present"; content: "SID: 1702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101702; sid: 6101702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragmented Traffic"; content: "SID: 1703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101703; sid: 6101703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Authentication Header Present"; content: "SID: 1704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101704; sid: 6101704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 ESP Header Present"; content: "SID: 1705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101705; sid: 6101705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Traffic Class Field"; content: "SID: 1706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101706; sid: 6101706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Flow Label Field"; content: "SID: 1707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101707; sid: 6101707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains An Invalid Address"; content: "SID: 1708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101708; sid: 6101708; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word RTF Document Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101709; sid: 6101709; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Extensions Headers Out Of Order"; content: "SID: 1710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101710; sid: 6101710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Duplicate IPv6 Extension Headers"; content: "SID: 1711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101711; sid: 6101711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Duplicate Src And Dst Address"; content: "SID: 1712 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101712; sid: 6101712; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains Multicast Source Address"; content: "SID: 1713 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101713; sid: 6101713; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Address Set To localhost"; content: "SID: 1714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101714; sid: 6101714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Options Padding Too Long"; content: "SID: 1716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101716; sid: 6101716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back To Back Padding Options"; content: "SID: 1717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101717; sid: 6101717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Option Data Too Short"; content: "SID: 1718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101718; sid: 6101718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101719; sid: 6101719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Jumbo Payload Option Set"; content: "SID: 1720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101720; sid: 6101720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101721; sid: 6101721; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101722; sid: 6101722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Unassigned Options"; content: "SID: 1723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101723; sid: 6101723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1724 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101724; sid: 6101724; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1725 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101725; sid: 6101725; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Invalid Option Set"; content: "SID: 1726 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101726; sid: 6101726; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101727; sid: 6101727; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type 0"; content: "SID: 1728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101728; sid: 6101728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Failure Log XSS"; content: "SID: 1729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101729; sid: 6101729; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 1 Routing Header"; content: "SID: 1730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101730; sid: 6101730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 2 Routing Header"; content: "SID: 1731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101731; sid: 6101731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type Unknown Type"; content: "SID: 1732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101732; sid: 6101732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Routing Header Length"; content: "SID: 1733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101733; sid: 6101733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Incomplete"; content: "SID: 1734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101734; sid: 6101734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains Invalid IP Address"; content: "SID: 1735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101735; sid: 6101735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains A Loop"; content: "SID: 1736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101736; sid: 6101736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Reserved Bits Set"; content: "SID: 1737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101737; sid: 6101737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Unnecessary Fragment Header"; content: "SID: 1738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101738; sid: 6101738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Illegal Fragmentation"; content: "SID: 1739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101739; sid: 6101739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Small IPv6 Fragments"; content: "SID: 1740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101740; sid: 6101740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragment Header Reserved Bits Set"; content: "SID: 1741 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101741; sid: 6101741; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 No Next Header Option Present"; content: "SID: 1742 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101742; sid: 6101742; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP phpinfo() Cross-Site Scripting Vulnerability"; content: "SID: 1743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101743; sid: 6101743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Database Privilege Escalation"; content: "SID: 1747 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101747; sid: 6101747; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Peercast Basic Authentication Overflow"; content: "SID: 1749 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101749; sid: 6101749; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP zip URL Wrapper Buffer Overflow (HTTP)"; content: "SID: 1755 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101755; sid: 6101755; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Axigen POP3 Server Remote Format String Attack"; content: "SID: 1756 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101756; sid: 6101756; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VLC HTTPD Format String Bug"; content: "SID: 1758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101758; sid: 6101758; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Solaris RWall Daemon Syslog Format String Vulnerability"; content: "SID: 1760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101760; sid: 6101760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Post File Upload Buffer Overflow"; content: "SID: 1761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101761; sid: 6101761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Value Scan"; content: "SID: 1762 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101762; sid: 6101762; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Synergy Clipboard Integer Overflow"; content: "SID: 1773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101773; sid: 6101773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Web Admin Server Command Injection"; content: "SID: 1774 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101774; sid: 6101774; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netware Client Service Buffer Overflow"; content: "SID: 1775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101775; sid: 6101775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Information Leaking Vulnerability"; content: "SID: 1777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101777; sid: 6101777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Cross Site Scripting Vulnerability"; content: "SID: 1778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101778; sid: 6101778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Server Memory Corruption Vulnerability"; content: "SID: 1780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101780; sid: 6101780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nimda Worm TFTP Request"; content: "SID: 1781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101781; sid: 6101781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Total Defense Suite UNCWS SQL Injection"; content: "SID: 1786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101786; sid: 6101786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Remote Compiler Option Loading"; content: "SID: 1787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101787; sid: 6101787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tom Sawyer GET Extension Factory ActiveX Remote Code Execution"; content: "SID: 1789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101789; sid: 6101789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Operations Manager Privilege Escalation"; content: "SID: 1790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101790; sid: 6101790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HeapLib Instantiation"; content: "SID: 1791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101791; sid: 6101791; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CButton User After Free"; content: "SID: 1792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101792; sid: 6101792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework OData Services Denial of Service"; content: "SID: 1793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101793; sid: 6101793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Vulnerability"; content: "SID: 1794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101794; sid: 6101794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Streamprocess Buffer Overflow"; content: "SID: 1799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101799; sid: 6101799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks RealPlayer URL Parsing Stack Buffer Overflow"; content: "SID: 1801 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101801; sid: 6101801; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby on Rails Remote Code Execution Vulnerability"; content: "SID: 1802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101802; sid: 6101802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange iCal DoS"; content: "SID: 1803 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101803; sid: 6101803; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 1.7 Update 10 Remote Code Execution"; content: "SID: 1804 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101804; sid: 6101804; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA 1000v Cloud Firewall H.323 Inspection Denial of Service"; content: "SID: 1807 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101807; sid: 6101807; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Applet Rhino Script Engine Policy Bypass"; content: "SID: 1813 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101813; sid: 6101813; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate NULL Byte Name Insertion"; content: "SID: 1814 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101814; sid: 6101814; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate Integer Overflow"; content: "SID: 1815 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101815; sid: 6101815; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS IPSLA DoS"; content: "SID: 1819 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101819; sid: 6101819; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quest Software Big Brother Arbitrary File Deletion and Overwriting"; content: "SID: 1820 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101820; sid: 6101820; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Gopher Parsing Overflow"; content: "SID: 1822 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101822; sid: 6101822; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUPS GIF Parsing Heap Overflow"; content: "SID: 1823 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101823; sid: 6101823; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET XML Signature Syntax and Processing Vulnerability"; content: "SID: 1831 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101831; sid: 6101831; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix XenApp And XenDesktop XML Buffer Overflow"; content: "SID: 1833 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101833; sid: 6101833; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sunway ForceControl SNMP NetDBServer Buffer Overflow"; content: "SID: 1835 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101835; sid: 6101835; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP JetDirect PJL Interface Universal Path Traversal"; content: "SID: 1836 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101836; sid: 6101836; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML5 Heap Spray"; content: "SID: 1837 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101837; sid: 6101837; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wibu-Systems WibuKey Runtime for Windows ActiveX Control Buffer Overflow"; content: "SID: 1838 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101838; sid: 6101838; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory LDAP Null Search Parameter Overflow"; content: "SID: 1850 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101850; sid: 6101850; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Portable SDK for UPnP Devices Buffer Overflow Vulnerabilities"; content: "SID: 1851 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101851; sid: 6101851; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby On Rails Remote Code Execution"; content: "SID: 1853 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101853; sid: 6101853; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM Remote Code Execution"; content: "SID: 1855 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101855; sid: 6101855; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1857 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101857; sid: 6101857; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OmniInet.exe Buffer Overflow Vulnerability"; content: "SID: 1858 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101858; sid: 6101858; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1862 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101862; sid: 6101862; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability"; content: "SID: 1863 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101863; sid: 6101863; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1864 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101864; sid: 6101864; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent Buffer Overflow Vulnerability"; content: "SID: 1865 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101865; sid: 6101865; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox DOM Insertions Memory Corruption"; content: "SID: 1866 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101866; sid: 6101866; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1867 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101867; sid: 6101867; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vector Markup Language Remote Code Execution"; content: "SID: 1868 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101868; sid: 6101868; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ATA 187 Remote Access Vulnerability"; content: "SID: 1873 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101873; sid: 6101873; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VoipNow Professional Nsextt Parameter XSS Vulnerability"; content: "SID: 1874 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101874; sid: 6101874; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebERP Local File Include Vulnerability"; content: "SID: 1877 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101877; sid: 6101877; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Web Console Format String Vulnerability"; content: "SID: 1878 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101878; sid: 6101878; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Elefant CMS ID Parameter Cross Site Scripting Vulnerability"; content: "SID: 1880 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101880; sid: 6101880; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DSL-2640B Redpass.Cgi Cross Site Request Forgery Vulnerability"; content: "SID: 1881 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101881; sid: 6101881; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Cross Site Scripting Vulnerability"; content: "SID: 1882 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101882; sid: 6101882; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Logo.Link Parameter Cross Site Scripting Vulnerability"; content: "SID: 1883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101883; sid: 6101883; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Count Per Day Plugin Datemin Parameter XSS Vulnerability"; content: "SID: 1885 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101885; sid: 6101885; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Wp-ImageZoom File Parameter Remote File Disclosure Vulnerability"; content: "SID: 1886 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101886; sid: 6101886; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InduSoft Web Studio Unauthenticated Insecure Remote Operations"; content: "SID: 1892 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101892; sid: 6101892; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bitweaver Highlight Parameter Cross Site Scripting Vulnerability"; content: "SID: 1894 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101894; sid: 6101894; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1895 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101895; sid: 6101895; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XAMPP Cds.Php Cross Site Scripting Vulnerability"; content: "SID: 1896 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101896; sid: 6101896; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nagios XI VisApi.Php Div Parameter XSS Vulnerability"; content: "SID: 1898 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101898; sid: 6101898; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MGB Guestbook Index.Php Cross Site Scripting Vulnerability"; content: "SID: 1899 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101899; sid: 6101899; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Church_Admin Id Parameter XSS Vulnerability"; content: "SID: 1900 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101900; sid: 6101900; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Playerready Cross Site Scripting Vulnerability"; content: "SID: 1904 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101904; sid: 6101904; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sophos E-Mail Security Virtual Appliance Remote Code Execution Vulnerability"; content: "SID: 1908 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101908; sid: 6101908; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KindEditor Name Parameter Cross Site Scripting Vulnerability"; content: "SID: 1909 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101909; sid: 6101909; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability"; content: "SID: 1911 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101911; sid: 6101911; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zenoss ViewDaemonLog Daemon Arbitrary Log File Access Vulnerability"; content: "SID: 1914 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101914; sid: 6101914; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Application Lifecycle Management XGO.ocx Remote Code Execution"; content: "SID: 1920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101920; sid: 6101920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ManageEngine Support Center Plus Cross Site Scripting Vulnerability"; content: "SID: 1922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101922; sid: 6101922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SilverStripe BackURL Parameter URI Redirection Vulnerability"; content: "SID: 1924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101924; sid: 6101924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symphony CMS BluePRINTs URI SQL Injection"; content: "SID: 1925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101925; sid: 6101925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress ABC Test Plugin Id Parameter XSS Vulnerability"; content: "SID: 1926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101926; sid: 6101926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Crayon Syntax Highlighter Wp_load Remote File Include"; content: "SID: 1927 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101927; sid: 6101927; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lattice Semiconductor Diamond Programmer Buffer Overflow"; content: "SID: 1928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101928; sid: 6101928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mcrypt Check File Head Stack Based Buffer Overflow"; content: "SID: 1929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101929; sid: 6101929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Cross Site Request Forgery Vulnerability"; content: "SID: 1930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101930; sid: 6101930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Newsletter Preview.php File Disclosure Vulnerability"; content: "SID: 1931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101931; sid: 6101931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DocXP Fid Parameter Directory Traversal Vulnerability"; content: "SID: 1933 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101933; sid: 6101933; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101937; sid: 6101937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101938; sid: 6101938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101939; sid: 6101939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explore Remote Code Execution"; content: "SID: 1940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101940; sid: 6101940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1941 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101941; sid: 6101941; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Site Scripting"; content: "SID: 1942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101942; sid: 6101942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow"; content: "SID: 1944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101944; sid: 6101944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro Control Manager Cross Site Request Forgery"; content: "SID: 1945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101945; sid: 6101945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit SVG Memory Corruption"; content: "SID: 1946 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101946; sid: 6101946; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Buffer Overflow Vulnerability"; content: "SID: 1947 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101947; sid: 6101947; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Cloned DOM Object Code Execution"; content: "SID: 1949 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101949; sid: 6101949; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Remote Code Execution"; content: "SID: 1950 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101950; sid: 6101950; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache DoS"; content: "SID: 1958 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101958; sid: 6101958; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit innerHTML Double Free Memory Corruption"; content: "SID: 1959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101959; sid: 6101959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Service Failed Response Vulnerability"; content: "SID: 1969 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101969; sid: 6101969; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hewlett-Packard OpenView Network Node Manager Remote Code Execution"; content: "SID: 1972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101972; sid: 6101972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101973; sid: 6101973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise HTTP Interfaces Arbitrary File Retrieval"; content: "SID: 1974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101974; sid: 6101974; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] APT1 SSL Certificate"; content: "SID: 1975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101975; sid: 6101975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Zone-based Firewall SIP Denial of Service"; content: "SID: 1976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101976; sid: 6101976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Memory Corruption"; content: "SID: 1977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101977; sid: 6101977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 1978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101978; sid: 6101978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Viewer VSD File Type Confusion"; content: "SID: 1981 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101981; sid: 6101981; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101984; sid: 6101984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1990 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101990; sid: 6101990; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1993 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101993; sid: 6101993; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft WKSSVC NetpManageIPCConnect Remote Code Execution"; content: "SID: 1997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101997; sid: 6101997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101998; sid: 6101998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Reply"; content: "SID: 2000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102000; sid: 6102000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Host Unreachable"; content: "SID: 2001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102001; sid: 6102001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Source Quench"; content: "SID: 2002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102002; sid: 6102002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Redirect"; content: "SID: 2003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102003; sid: 6102003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Request"; content: "SID: 2004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102004; sid: 6102004; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Time Exceeded for a Datagram"; content: "SID: 2005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102005; sid: 6102005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Parameter Problem on Datagram"; content: "SID: 2006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102006; sid: 6102006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Request"; content: "SID: 2007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102007; sid: 6102007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Reply"; content: "SID: 2008 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102008; sid: 6102008; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Request"; content: "SID: 2009 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102009; sid: 6102009; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Reply"; content: "SID: 2010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102010; sid: 6102010; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Address Mask Reply"; content: "SID: 2012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102012; sid: 6102012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] 7T IGSS Buffer Overflow"; content: "SID: 2019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102019; sid: 6102019; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability"; content: "SID: 2021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102021; sid: 6102021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Schneider Electric Accutech Manager HTTP Request Processing Buffer Overflow"; content: "SID: 2023 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102023; sid: 6102023; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 2024 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102024; sid: 6102024; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CCaret Use-After-Free Vulnerability"; content: "SID: 2030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102030; sid: 6102030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft OneNote Information Disclosure"; content: "SID: 2034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102034; sid: 6102034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Elevation of Privilege"; content: "SID: 2036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102036; sid: 6102036; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 2038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102038; sid: 6102038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 2039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102039; sid: 6102039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep With Echo"; content: "SID: 2100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102100; sid: 6102100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Timestamp"; content: "SID: 2101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102101; sid: 6102101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Address Mask"; content: "SID: 2102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102102; sid: 6102102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMP Traffic"; content: "SID: 2150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102150; sid: 6102150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMP Traffic"; content: "SID: 2151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102151; sid: 6102151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Flood"; content: "SID: 2152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102152; sid: 6102152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Smurf Attack"; content: "SID: 2153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102153; sid: 6102153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ping of Death Attack"; content: "SID: 2154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102154; sid: 6102154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modem DoS"; content: "SID: 2155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102155; sid: 6102155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102156; sid: 6102156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Hard Error DoS"; content: "SID: 2157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102157; sid: 6102157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102158; sid: 6102158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Destination Unreachable Protocol Unreachable"; content: "SID: 2159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102159; sid: 6102159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IGMP Header DoS"; content: "SID: 2200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102200; sid: 6102200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP over fragmented IP"; content: "SID: 2201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102201; sid: 6102201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP Invalid Packet DoS"; content: "SID: 2202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102202; sid: 6102202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Port Sweep"; content: "SID: 3001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103001; sid: 6103001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Port Sweep"; content: "SID: 3002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103002; sid: 6103002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN Port Sweep"; content: "SID: 3003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103003; sid: 6103003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Port Sweep"; content: "SID: 3005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103005; sid: 6103005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN Port Sweep"; content: "SID: 3006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103006; sid: 6103006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP High Port Sweep"; content: "SID: 3010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103010; sid: 6103010; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN High Port Sweep"; content: "SID: 3011 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103011; sid: 6103011; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN High Port Sweep"; content: "SID: 3012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp;  reference: url,wiki.quadrantsec.com/bin/view/Main/6103012; sid: 6103012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Null Port Sweep"; content: "SID: 3015 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103015; sid: 6103015; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag Null Port Sweep"; content: "SID: 3016 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103016; sid: 6103016; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Port Sweep"; content: "SID: 3020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103020; sid: 6103020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN FIN Port Sweep"; content: "SID: 3021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103021; sid: 6103021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Host Sweep"; content: "SID: 3030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103030; sid: 6103030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN Host Sweep"; content: "SID: 3031 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103031; sid: 6103031; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Host Sweep"; content: "SID: 3032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103032; sid: 6103032; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG FIN Host Sweep"; content: "SID: 3033 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103033; sid: 6103033; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Host Sweep"; content: "SID: 3034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103034; sid: 6103034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG NULL Host Sweep"; content: "SID: 3035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103035; sid: 6103035; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Host Sweep"; content: "SID: 3036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103036; sid: 6103036; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN FIN Host Sweep"; content: "SID: 3037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103037; sid: 6103037; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented NULL TCP Packet"; content: "SID: 3038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103038; sid: 6103038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented Orphaned FIN packet"; content: "SID: 3039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103039; sid: 6103039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Packet"; content: "SID: 3040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103040; sid: 6103040; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN/FIN Packet"; content: "SID: 3041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103041; sid: 6103041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Orphaned Fin Packet"; content: "SID: 3042 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103042; sid: 6103042; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented SYN/FIN Packet"; content: "SID: 3043 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103043; sid: 6103043; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Queso Sweep"; content: "SID: 3045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103045; sid: 6103045; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NMAP OS Fingerprint"; content: "SID: 3046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103046; sid: 6103046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Half-open SYN Attack"; content: "SID: 3050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103050; sid: 6103050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Connection Window Size RST DoS"; content: "SID: 3051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103051; sid: 6103051; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPNP Service Host Sweep"; content: "SID: 3052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103052; sid: 6103052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP RCPT TO: Bounce"; content: "SID: 3100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103100; sid: 6103100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Recipient"; content: "SID: 3101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103101; sid: 6103101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Sender"; content: "SID: 3102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103102; sid: 6103102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Reconnaissance"; content: "SID: 3103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103103; sid: 6103103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Archaic Sendmail Attacks"; content: "SID: 3104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103104; sid: 6103104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Decode Alias"; content: "SID: 3105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103105; sid: 6103105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mail Spam"; content: "SID: 3106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103106; sid: 6103106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Majordomo Execute Attack"; content: "SID: 3107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103107; sid: 6103107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP MIME Content Overflow"; content: "SID: 3108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103108; sid: 6103108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long SMTP Command"; content: "SID: 3109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103109; sid: 6103109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Suspicious Mail Attachment"; content: "SID: 3110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103110; sid: 6103110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] W32 Sircam Malicious Code"; content: "SID: 3111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103111; sid: 6103111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino Mail Loop DoS"; content: "SID: 3112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103112; sid: 6103112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Email Attachment with Malicious Payload"; content: "SID: 3113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103113; sid: 6103113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FetchMail Arbitrary Code Execution"; content: "SID: 3114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103114; sid: 6103114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Data Header Overflow"; content: "SID: 3115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103115; sid: 6103115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbus"; content: "SID: 3116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103116; sid: 6103116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KLEZ Worm"; content: "SID: 3117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103117; sid: 6103117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rwhoisd format string"; content: "SID: 3118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103118; sid: 6103118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP STAT Overflow"; content: "SID: 3119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103119; sid: 6103119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ANTS Virus"; content: "SID: 3120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103120; sid: 6103120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vintra MailServer EXPN DoS"; content: "SID: 3121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103121; sid: 6103121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP EXPN root Recon"; content: "SID: 3122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103122; sid: 6103122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBus Pro Traffic"; content: "SID: 3123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103123; sid: 6103123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail prescan Memory Corruption"; content: "SID: 3124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103124; sid: 6103124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix 1.1.12 envelope address DoS"; content: "SID: 3125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103125; sid: 6103125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix bounce scan"; content: "SID: 3126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103126; sid: 6103126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP AUTH Brute Force Attempt"; content: "SID: 3127 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103127; sid: 6103127; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange xexch50 overflow"; content: "SID: 3128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103128; sid: 6103128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus C Variant File Attachment"; content: "SID: 3129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103129; sid: 6103129; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus I Variant File Attachment"; content: "SID: 3130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103130; sid: 6103130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus L Variant File Attachment"; content: "SID: 3131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103131; sid: 6103131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment"; content: "SID: 3132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103132; sid: 6103132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment Variant B"; content: "SID: 3133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103133; sid: 6103133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoomJuice Worm network probe"; content: "SID: 3134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103134; sid: 6103134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MyDoom Virus Activity"; content: "SID: 3135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103135; sid: 6103135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netsky Virus Activity"; content: "SID: 3136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103136; sid: 6103136; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sober Virus Activity"; content: "SID: 3137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103137; sid: 6103137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.C Virus Email Attachment"; content: "SID: 3138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103138; sid: 6103138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.E Virus Email Attachment"; content: "SID: 3139 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103139; sid: 6103139; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle Virus Activity"; content: "SID: 3140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103140; sid: 6103140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lovgate Worm Activity"; content: "SID: 3141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103141; sid: 6103141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sasser Worm Activity"; content: "SID: 3142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103142; sid: 6103142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BERBEW Trojan Activity"; content: "SID: 3143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103143; sid: 6103143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ratos Worm Activity"; content: "SID: 3144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103144; sid: 6103144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZAFI Worm Activity"; content: "SID: 3145 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103145; sid: 6103145; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bropia Worm Activity"; content: "SID: 3146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103146; sid: 6103146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Remote Command Execution"; content: "SID: 3150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103150; sid: 6103150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SYST Command Attempt"; content: "SID: 3151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103151; sid: 6103151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP CWD ~root"; content: "SID: 3152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103152; sid: 6103152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Address Specified"; content: "SID: 3153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103153; sid: 6103153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Port Specified"; content: "SID: 3154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103154; sid: 6103154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP RETR Pipe Filename Command Execution"; content: "SID: 3155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103155; sid: 6103155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP STOR Pipe Filename Command Execution"; content: "SID: 3156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103156; sid: 6103156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASV Port Spoof"; content: "SID: 3157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103157; sid: 6103157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Format String"; content: "SID: 3158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103158; sid: 6103158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASS Suspicious Length"; content: "SID: 3159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103159; sid: 6103159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cesar FTP Buffer Overflow"; content: "SID: 3160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103160; sid: 6103160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP realpath Buffer Overflow"; content: "SID: 3161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103161; sid: 6103161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] glFtpD LIST DoS"; content: "SID: 3162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103162; sid: 6103162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WU-FTPD Heap Corruption"; content: "SID: 3163 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103163; sid: 6103163; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Instant Server Mini Portal Directory Traversal"; content: "SID: 3164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103164; sid: 6103164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC"; content: "SID: 3165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103165; sid: 6103165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP USER Suspicious Length"; content: "SID: 3166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103166; sid: 6103166; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Format String in FTP username"; content: "SID: 3167 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103167; sid: 6103167; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Directory Traversal"; content: "SID: 3168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103168; sid: 6103168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC tar"; content: "SID: 3169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103169; sid: 6103169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP SITE CPWD Buffer Overflow"; content: "SID: 3170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103170; sid: 6103170; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Priviledged Login"; content: "SID: 3171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103171; sid: 6103171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ftp Cwd Overflow"; content: "SID: 3172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103172; sid: 6103172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long FTP Command"; content: "SID: 3173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103173; sid: 6103173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ProFTPD STAT DoS"; content: "SID: 3175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103175; sid: 6103175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long MDTM Command"; content: "SID: 3177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103177; sid: 6103177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Denial Of Service in Microsoft SMS Client"; content: "SID: 3178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103178; sid: 6103178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ftpdchk DOS"; content: "SID: 3179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103179; sid: 6103179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BakBone NetVault Remote Heap Overflow"; content: "SID: 3180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103180; sid: 6103180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] dSMTP Mail Server Format String Overflow"; content: "SID: 3181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103181; sid: 6103181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Phf Attack"; content: "SID: 3200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103200; sid: 6103200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .url File Requested"; content: "SID: 3202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103202; sid: 6103202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .lnk File Requested"; content: "SID: 3203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103203; sid: 6103203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .bat File Requested"; content: "SID: 3204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103204; sid: 6103204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .url Link"; content: "SID: 3205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103205; sid: 6103205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .lnk Link"; content: "SID: 3206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103206; sid: 6103206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .bat Link"; content: "SID: 3207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103207; sid: 6103207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Campas Attack"; content: "SID: 3208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103208; sid: 6103208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Glimpse Server Attack"; content: "SID: 3209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103209; sid: 6103209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS View Source Attack"; content: "SID: 3210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103210; sid: 6103210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Hex View Source Attack"; content: "SID: 3211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103211; sid: 6103211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW NPH-TEST-CGI Attack"; content: "SID: 3212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103212; sid: 6103212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW TEST-CGI Attack"; content: "SID: 3213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103213; sid: 6103213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT VIEW Attack"; content: "SID: 3214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103214; sid: 6103214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT EXECUTE Attack"; content: "SID: 3215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103215; sid: 6103215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Directory Traversal ../.."; content: "SID: 3216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103216; sid: 6103216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW php View File Attack"; content: "SID: 3217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103217; sid: 6103217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI Wrap Attack"; content: "SID: 3218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103218; sid: 6103218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Buffer Overflow"; content: "SID: 3219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103219; sid: 6103219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Long URL Attack"; content: "SID: 3220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103220; sid: 6103220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI-Viewsource Attack"; content: "SID: 3221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103221; sid: 6103221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Log Scripts Read Attack"; content: "SID: 3222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103222; sid: 6103222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IRIX cgi-handler Attack"; content: "SID: 3223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103223; sid: 6103223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP WebGais"; content: "SID: 3224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103224; sid: 6103224; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW websendmail File Access"; content: "SID: 3225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103225; sid: 6103225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webdist Bug"; content: "SID: 3226 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103226; sid: 6103226; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Htmlscript Bug"; content: "SID: 3227 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103227; sid: 6103227; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Performer Attack"; content: "SID: 3228 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103228; sid: 6103228; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Win-C-Sample Buffer Overflow"; content: "SID: 3229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103229; sid: 6103229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Uploader"; content: "SID: 3230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103230; sid: 6103230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Convert Attack"; content: "SID: 3231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103231; sid: 6103231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 3232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103232; sid: 6103232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW count-cgi Overflow"; content: "SID: 3233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103233; sid: 6103233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Local Trusted Resource Execution"; content: "SID: 3234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103234; sid: 6103234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] showHelp CHM File Execution Weakness"; content: "SID: 3235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103235; sid: 6103235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Path Disclosure"; content: "SID: 3236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103236; sid: 6103236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack"; content: "SID: 3250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103250; sid: 6103250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack Simplex Mode"; content: "SID: 3251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103251; sid: 6103251; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Agent ActiveX Control"; content: "SID: 3252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103252; sid: 6103252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Request Smuggling"; content: "SID: 3253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103253; sid: 6103253; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XML-RPC PHP Command Execution"; content: "SID: 3254 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103254; sid: 6103254; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Long HTTP Header DoS"; content: "SID: 3255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103255; sid: 6103255; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS OOB Data"; content: "SID: 3300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103300; sid: 6103300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NETBIOS Stat"; content: "SID: 3301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103301; sid: 6103301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBios Session Service Failed Login"; content: "SID: 3302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103302; sid: 6103302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Login successful with Guest Privileges"; content: "SID: 3303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103303; sid: 6103303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NULL login attempt"; content: "SID: 3304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103304; sid: 6103304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB 95 98 Password File Access"; content: "SID: 3305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103305; sid: 6103305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Registry Access Attempt"; content: "SID: 3306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103306; sid: 6103306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Red Button"; content: "SID: 3307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103307; sid: 6103307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Lsarpc Service Access Attempt"; content: "SID: 3308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103308; sid: 6103308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Srvsvc Service Access Attempt"; content: "SID: 3309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103309; sid: 6103309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbios Enum Share DoS"; content: "SID: 3310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103310; sid: 6103310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote SAM Service Access Attempt"; content: "SID: 3311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103311; sid: 6103311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB .eml email file remote access"; content: "SID: 3312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103312; sid: 6103312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Suspicious Password Usage"; content: "SID: 3313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103313; sid: 6103313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Locator Service Overflow"; content: "SID: 3314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103314; sid: 6103314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows 9x NetBIOS NULL Name Vulnerability"; content: "SID: 3315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103315; sid: 6103315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Project1 DOS"; content: "SID: 3316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103316; sid: 6103316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LSASS DCE RPC Request"; content: "SID: 3317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103317; sid: 6103317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DsRolerUpgradeDownlevelServer Request"; content: "SID: 3318 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103318; sid: 6103318; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCE RPC Request"; content: "SID: 3319 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103319; sid: 6103319; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB ADMIN Hidden Share Access Attempt"; content: "SID: 3320 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103320; sid: 6103320; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB User Enumeration"; content: "SID: 3321 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103321; sid: 6103321; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Windows Share Enumeration"; content: "SID: 3322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103322; sid: 6103322; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB: RFPoison Attack"; content: "SID: 3323 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103323; sid: 6103323; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NIMDA Infected File Transfer"; content: "SID: 3324 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103324; sid: 6103324; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba call_trans2open Overflow"; content: "SID: 3325 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103325; sid: 6103325; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Startup Folder Remote Access"; content: "SID: 3326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103326; sid: 6103326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC DCOM Overflow"; content: "SID: 3327 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103327; sid: 6103327; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMB RPC NoOp Sled"; content: "SID: 3328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103328; sid: 6103328; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow"; content: "SID: 3329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103329; sid: 6103329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow 2"; content: "SID: 3330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103330; sid: 6103330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP MSRPC Messenger Overflow"; content: "SID: 3331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103331; sid: 6103331; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSRPC Messenger Overflow"; content: "SID: 3332 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103332; sid: 6103332; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB MSRPC Messenger Overflow"; content: "SID: 3333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103333; sid: 6103333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Workstation Service Overflow"; content: "SID: 3334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103334; sid: 6103334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Anig Worm File Transfer"; content: "SID: 3335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103335; sid: 6103335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Bit String NTLMv2 Integer Overflow"; content: "SID: 3336 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103336; sid: 6103336; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC Race Condition Exploitation"; content: "SID: 3337 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103337; sid: 6103337; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows LSASS RPC Overflow"; content: "SID: 3338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103338; sid: 6103338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows System32 Directory File Creation"; content: "SID: 3339 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103339; sid: 6103339; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Shell External Handler"; content: "SID: 3340 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103340; sid: 6103340; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Activity"; content: "SID: 3341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103341; sid: 6103341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows NetDDE Overflow"; content: "SID: 3342 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103342; sid: 6103342; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Account Locked"; content: "SID: 3343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103343; sid: 6103343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows 2000 TCP RPC DoS"; content: "SID: 3344 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103344; sid: 6103344; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC WinNuke"; content: "SID: 3345 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103345; sid: 6103345; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows TSShutdn.exe Attempt"; content: "SID: 3346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103346; sid: 6103346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Library Bit String Heap Corruption"; content: "SID: 3347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103347; sid: 6103347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Disk Enumerations"; content: "SID: 3348 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103348; sid: 6103348; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Date And Time Enumerations"; content: "SID: 3349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103349; sid: 6103349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Transport Enumerations"; content: "SID: 3350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103350; sid: 6103350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS User Session Enumerations"; content: "SID: 3351 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103351; sid: 6103351; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Fragment Reassembly Overflow"; content: "SID: 3352 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103352; sid: 6103352; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Request Overflow"; content: "SID: 3353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103353; sid: 6103353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Remote Registry Request DoS"; content: "SID: 3356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103356; sid: 6103356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid Netbios Name"; content: "SID: 3357 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103357; sid: 6103357; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Kill Telnet DoS"; content: "SID: 3400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103400; sid: 6103400; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet-IFS Match"; content: "SID: 3401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103401; sid: 6103401; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BSD Telnet Daemon Buffer Overflow"; content: "SID: 3402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103402; sid: 6103402; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Excessive Environment Options"; content: "SID: 3403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103403; sid: 6103403; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SysV /bin/login Overflow"; content: "SID: 3404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103404; sid: 6103404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avirt Gateway Proxy Buffer Overflow"; content: "SID: 3405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103405; sid: 6103405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris TTYPROMPT Overflow"; content: "SID: 3406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103406; sid: 6103406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Client NEW ENVIRON Option Overflow"; content: "SID: 3407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103407; sid: 6103407; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Client LINEMODE SLC Option Overflow"; content: "SID: 3408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103408; sid: 6103408; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Over Non-standard Ports"; content: "SID: 3409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103409; sid: 6103409; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Bomb"; content: "SID: 3450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: 79; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103450; sid: 6103450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BearShare Directory Traversal"; content: "SID: 3451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103451; sid: 6103451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gopherd Halidate Overflow"; content: "SID: 3452 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103452; sid: 6103452; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS NetMeeting RDS DoS"; content: "SID: 3453 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103453; sid: 6103453; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Check Point Firewall Information Leak"; content: "SID: 3454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103454; sid: 6103454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java Web Server Cmd Exec"; content: "SID: 3455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103455; sid: 6103455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris in.fingerd Information Leak"; content: "SID: 3456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103456; sid: 6103456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root shell"; content: "SID: 3457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103457; sid: 6103457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM game invite overflow"; content: "SID: 3458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103458; sid: 6103458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ValiCert Forms.exe Overflow"; content: "SID: 3459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103459; sid: 6103459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger probe"; content: "SID: 3461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103461; sid: 6103461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Redirect"; content: "SID: 3462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103462; sid: 6103462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root"; content: "SID: 3463 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103463; sid: 6103463; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] File access in finger"; content: "SID: 3464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103464; sid: 6103464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Activity"; content: "SID: 3465 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103465; sid: 6103465; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RAS/PPTP Malformed Control Packet DOS"; content: "SID: 3466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103466; sid: 6103466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin -froot Attack"; content: "SID: 3500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103500; sid: 6103500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Long TERM Variable"; content: "SID: 3501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103501; sid: 6103501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rlogin Activity"; content: "SID: 3502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103502; sid: 6103502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Authenticate Buffer Overflow"; content: "SID: 3525 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103525; sid: 6103525; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Imap Login Buffer Overflow"; content: "SID: 3526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103526; sid: 6103526; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UW imapd Overflows"; content: "SID: 3527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103527; sid: 6103527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPSwitch IMail DELETE Command Overflow"; content: "SID: 3528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103528; sid: 6103528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long EXAMINE Command"; content: "SID: 3529 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103529; sid: 6103529; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Oversized TACACS+ Attack"; content: "SID: 3530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103530; sid: 6103530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Telnet DoS"; content: "SID: 3531 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103531; sid: 6103531; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BGP Open Message"; content: "SID: 3532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103532; sid: 6103532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Misformed BGP Packet DoS"; content: "SID: 3533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103533; sid: 6103533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long AUTHENTICATE Command"; content: "SID: 3534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103534; sid: 6103534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable HTTP Authorization Buffer Overflow"; content: "SID: 3537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103537; sid: 6103537; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS CSAdmin Attack"; content: "SID: 3540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103540; sid: 6103540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP Buffer Overflow"; content: "SID: 3550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103550; sid: 6103550; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP User Root"; content: "SID: 3551 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103551; sid: 6103551; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Buffer Overflow"; content: "SID: 3575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103575; sid: 6103575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Control Message Exploit"; content: "SID: 3576 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103576; sid: 6103576; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP LOGIN Command Invalid Username"; content: "SID: 3577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103577; sid: 6103577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Format String"; content: "SID: 3578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103578; sid: 6103578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Telnet Buffer Overflow"; content: "SID: 3600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103600; sid: 6103600; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Command History Exploit"; content: "SID: 3601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103601; sid: 6103601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Cisco Identification"; content: "SID: 3602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103602; sid: 6103602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Enable Bypass"; content: "SID: 3603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103603; sid: 6103603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Catalyst CR DoS"; content: "SID: 3604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103604; sid: 6103604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH RSAREF2 Buffer Overflow"; content: "SID: 3650 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103650; sid: 6103650; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH CRC32 Overflow"; content: "SID: 3651 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103651; sid: 6103651; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles"; content: "SID: 3652 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103652; sid: 6103652; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Rapid SSH Connections"; content: "SID: 3653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103653; sid: 6103653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles Exploit"; content: "SID: 3654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103654; sid: 6103654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CDE dtspcd Overflow"; content: "SID: 3700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103700; sid: 6103700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9iAS Web Cache Buffer Overflow"; content: "SID: 3701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103701; sid: 6103701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Default sa account access"; content: "SID: 3702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103702; sid: 6103702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid FTP URL Buffer Overflow"; content: "SID: 3703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103703; sid: 6103703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS FTP STAT Denial of Service"; content: "SID: 3704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103704; sid: 6103704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli Storage Manager Client Acceptor Overflow"; content: "SID: 3705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103705; sid: 6103705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT PGP Public Key Server Overflow"; content: "SID: 3706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103706; sid: 6103706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perl fingerd Command Exec"; content: "SID: 3707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103707; sid: 6103707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnalogX Proxy Socks4a DNS Overflow"; content: "SID: 3708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103708; sid: 6103708; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnalogX Proxy Web Proxy Overflow"; content: "SID: 3709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103709; sid: 6103709; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Directory Traversal"; content: "SID: 3710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103710; sid: 6103710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Informer FW1 Auth Replay DoS"; content: "SID: 3711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103711; sid: 6103711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS 'Service_Name' Overflow"; content: "SID: 3714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103714; sid: 6103714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI+ JPEG Buffer Overflow"; content: "SID: 3716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103716; sid: 6103716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows .ANI File DoS"; content: "SID: 3718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103718; sid: 6103718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger PNG Overflow"; content: "SID: 3719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103719; sid: 6103719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL sa Account Brute Force"; content: "SID: 3720 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103720; sid: 6103720; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TNS Brute Force"; content: "SID: 3721 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103721; sid: 6103721; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop username"; content: "SID: 3728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103728; sid: 6103728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop password"; content: "SID: 3729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103729; sid: 6103729; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (TCP)"; content: "SID: 3730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103730; sid: 6103730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail HTTP Get Buffer Overflow"; content: "SID: 3731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103731; sid: 6103731; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL xp_cmdshell Usage"; content: "SID: 3732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103732; sid: 6103732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Real Server Format Overflow"; content: "SID: 3733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103733; sid: 6103733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Overflow"; content: "SID: 3734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103734; sid: 6103734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Flag Insertion Overflow"; content: "SID: 3735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103735; sid: 6103735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Subversion get-dated-rev overflow"; content: "SID: 3736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103736; sid: 6103736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Proxy NTLM Authenticate Overflow"; content: "SID: 3737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103737; sid: 6103737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Argumentx Vulnerability"; content: "SID: 3738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103738; sid: 6103738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft SHOUTcast Format String Attack"; content: "SID: 3739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103739; sid: 6103739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail LDAP Service Buffer Overflow"; content: "SID: 3740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103740; sid: 6103740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mIRC DCC Send Buffer Overflow"; content: "SID: 3782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103782; sid: 6103782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Backup Discovery UDP Probe Overflow"; content: "SID: 3783 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103783; sid: 6103783; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Discovery Service SERVICEPC Overflow"; content: "SID: 3784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103784; sid: 6103784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP UNLOCK Buffer Overflow"; content: "SID: 3785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103785; sid: 6103785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP PASS Buffer Overflow"; content: "SID: 3786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103786; sid: 6103786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRIX Printing System Remote Command Execution"; content: "SID: 3787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103787; sid: 6103787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris LPD Remote Command Execution"; content: "SID: 3788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103788; sid: 6103788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DistCC Daemon Command Execution"; content: "SID: 3789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103789; sid: 6103789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Omniback II Command Execution"; content: "SID: 3790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103790; sid: 6103790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris Printd Unlink File Deletion"; content: "SID: 3791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103791; sid: 6103791; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long Telnet Username"; content: "SID: 3792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103792; sid: 6103792; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZENworks 6.5 Authentication Overflow"; content: "SID: 3793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103793; sid: 6103793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle iSQL*PLus Overflow"; content: "SID: 3802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103802; sid: 6103802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_proxy Buffer Overflow"; content: "SID: 3883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103883; sid: 6103883; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Authentication Heap Based Buffer Overflow"; content: "SID: 3884 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103884; sid: 6103884; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice BO2K TCP Stealth 1"; content: "SID: 3991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103991; sid: 6103991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Port Sweep"; content: "SID: 4001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104001; sid: 6104001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Host Flood"; content: "SID: 4002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104002; sid: 6104002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nmap UDP Port Sweep"; content: "SID: 4003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104003; sid: 6104003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Flood Attack"; content: "SID: 4004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104004; sid: 6104004; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Bomb"; content: "SID: 4050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104050; sid: 6104050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice-Original-UDP"; content: "SID: 4053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104053; sid: 6104053; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIP Trace"; content: "SID: 4054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104054; sid: 6104054; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NTPd readvar overflow"; content: "SID: 4056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104056; sid: 6104056; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPnP LOCATION Overflow"; content: "SID: 4058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104058; sid: 6104058; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Orifice Ping"; content: "SID: 4060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104060; sid: 6104060; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Chargen Echo DoS"; content: "SID: 4061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104061; sid: 6104061; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CSS 11000 Malformed UDP DoS"; content: "SID: 4062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104062; sid: 6104062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unreal Engine secure Overflow"; content: "SID: 4063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104063; sid: 6104063; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed IKE Packet DoS"; content: "SID: 4067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104067; sid: 6104067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS NBT Stream"; content: "SID: 4068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104068; sid: 6104068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tftp Passwd File"; content: "SID: 4100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104100; sid: 6104100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTPD Directory Traversal"; content: "SID: 4101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104101; sid: 6104101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ascend Denial of Service"; content: "SID: 4150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104150; sid: 6104150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BOBAX Virus Activity"; content: "SID: 4151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104151; sid: 6104151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic File Transfer Signatures"; content: "SID: 4322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104322; sid: 6104322; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Embedded SNMP Community Names"; content: "SID: 4500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104500; sid: 6104500; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVCO/4K Remote Username / Password Retrieve"; content: "SID: 4501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104501; sid: 6104501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community Name Brute Force Attempt"; content: "SID: 4502 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104502; sid: 6104502; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows NT SNMP System Info Retrieve"; content: "SID: 4503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104503; sid: 6104503; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP IOS Configuration Retrieval"; content: "SID: 4504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104504; sid: 6104504; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP IOS VACM MIB Access"; content: "SID: 4505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104505; sid: 6104505; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link Wireless SNMP Plain Text Password"; content: "SID: 4506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104506; sid: 6104506; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Protocol Violation"; content: "SID: 4507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104507; sid: 6104507; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non SNMP Traffic"; content: "SID: 4508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104508; sid: 6104508; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview SNMP Hidden Community Name"; content: "SID: 4509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104509; sid: 6104509; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris SNMP Hidden Community Name"; content: "SID: 4510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104510; sid: 6104510; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avaya SNMP Hidden Community Name"; content: "SID: 4511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104511; sid: 6104511; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104512; sid: 6104512; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco SNMP Message Processing DoS"; content: "SID: 4513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104513; sid: 6104513; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104514; sid: 6104514; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP/VC Embedded Community Names"; content: "SID: 4515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104515; sid: 6104515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Printer Query DoS"; content: "SID: 4516 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104516; sid: 6104516; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS UDP Bomb"; content: "SID: 4600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104600; sid: 6104600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CheckPoint Firewall RDP ByPass"; content: "SID: 4601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104601; sid: 6104601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle (Bagle) Virus DNS Lookup"; content: "SID: 4602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104602; sid: 6104602; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Discover"; content: "SID: 4603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104603; sid: 6104603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Request"; content: "SID: 4604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104604; sid: 6104604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Offer"; content: "SID: 4605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104605; sid: 6104605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTP Long Filename Buffer Overflow"; content: "SID: 4606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104606; sid: 6104606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Deep Throat Response"; content: "SID: 4607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104607; sid: 6104607; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (UDP)"; content: "SID: 4608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104608; sid: 6104608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Orinoco SNMP Info Leak"; content: "SID: 4609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104609; sid: 6104609; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerberos 4 User Recon"; content: "SID: 4610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104610; sid: 6104610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DWL-900AP+ TFTP Config Retrieve"; content: "SID: 4611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104611; sid: 6104611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP Phone TFTP Config Retrieve"; content: "SID: 4612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104612; sid: 6104612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Filename Buffer Overflow"; content: "SID: 4613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104613; sid: 6104613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Overflow"; content: "SID: 4614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104614; sid: 6104614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle.B (Bagle.B) Virus DNS Lookup"; content: "SID: 4615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104615; sid: 6104615; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PoPToP PPtP Short Length Overflow"; content: "SID: 4617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104617; sid: 6104617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid DHCP Packet"; content: "SID: 4619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104619; sid: 6104619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Limited Broadcast Query"; content: "SID: 4620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104620; sid: 6104620; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104701; sid: 6104701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104702; sid: 6104702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104703; sid: 6104703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104704; sid: 6104704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS newdsn attack"; content: "SID: 5034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105034; sid: 6105034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP cgi HylaFAX Faxsurvey"; content: "SID: 5035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105035; sid: 6105035; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI MachineInfo Attack"; content: "SID: 5037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105037; sid: 6105037; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW wwwsql file read Bug"; content: "SID: 5038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105038; sid: 6105038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 5039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105039; sid: 6105039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW anyform attack"; content: "SID: 5041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105041; sid: 6105041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webcom.se Guestbook attack"; content: "SID: 5044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105044; sid: 6105044; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW xterm display attack"; content: "SID: 5045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105045; sid: 6105045; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW dumpenv.pl recon"; content: "SID: 5046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105046; sid: 6105046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Server Side Include POST attack"; content: "SID: 5047 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105047; sid: 6105047; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS BAT EXE attack"; content: "SID: 5048 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105048; sid: 6105048; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS showcode.asp access"; content: "SID: 5049 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105049; sid: 6105049; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS .htr Overflow Attack"; content: "SID: 5050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105050; sid: 6105050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Double Byte Code Page"; content: "SID: 5051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105051; sid: 6105051; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage Extensions PWD Open Attempt"; content: "SID: 5052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105052; sid: 6105052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage _vti_bin Directory List Attempt"; content: "SID: 5053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105053; sid: 6105053; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWWBoard Password"; content: "SID: 5054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105054; sid: 6105054; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Basic Authentication Overflow"; content: "SID: 5055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105055; sid: 6105055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Cisco IOS %% DoS"; content: "SID: 5056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105056; sid: 6105056; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sambar Samples"; content: "SID: 5057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105057; sid: 6105057; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW info2www Attack"; content: "SID: 5058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105058; sid: 6105058; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Alibaba Attack"; content: "SID: 5059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105059; sid: 6105059; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Excite AT-generate.cgi Access"; content: "SID: 5060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105060; sid: 6105060; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW catalog_type.asp Access"; content: "SID: 5061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105061; sid: 6105061; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW classifieds.cgi Attack"; content: "SID: 5062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105062; sid: 6105062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW imagemap.cgi Attack"; content: "SID: 5064 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105064; sid: 6105064; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IRIX infosrch.cgi Attack"; content: "SID: 5065 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105065; sid: 6105065; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW man.sh Access"; content: "SID: 5066 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105066; sid: 6105066; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW plusmail Attack"; content: "SID: 5067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105067; sid: 6105067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW formmail.pl Access"; content: "SID: 5068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105068; sid: 6105068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW whois_raw.cgi Attack"; content: "SID: 5069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105069; sid: 6105069; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW msadcs.dll Access"; content: "SID: 5070 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105070; sid: 6105070; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW msacds.dll Attack"; content: "SID: 5071 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105071; sid: 6105071; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW bizdb1-search.cgi Attack"; content: "SID: 5072 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105072; sid: 6105072; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW EZshopper loadpage.cgi Attack"; content: "SID: 5073 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105073; sid: 6105073; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW EZshopper search.cgi Attack"; content: "SID: 5074 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105074; sid: 6105074; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Virtualized UNC Bug"; content: "SID: 5075 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105075; sid: 6105075; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW webplus bug"; content: "SID: 5076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105076; sid: 6105076; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Excite AT-admin.cgi Access"; content: "SID: 5077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105077; sid: 6105077; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Piranha passwd attack"; content: "SID: 5078 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105078; sid: 6105078; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PCCS MySQL Admin Access"; content: "SID: 5079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105079; sid: 6105079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IBM WebSphere Access"; content: "SID: 5080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105080; sid: 6105080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW WinNT cmd.exe Access"; content: "SID: 5081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105081; sid: 6105081; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Objects Memory Corruption"; content: "SID: 5082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105082; sid: 6105082; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Virtual Vision FTP Browser Access"; content: "SID: 5083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105083; sid: 6105083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Alibaba Attack 2"; content: "SID: 5084 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105084; sid: 6105084; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Source Fragment Access"; content: "SID: 5085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105085; sid: 6105085; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW WEBactive Logfile Access"; content: "SID: 5086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105086; sid: 6105086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sun Java Server Access"; content: "SID: 5087 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105087; sid: 6105087; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Akopia MiniVend Access"; content: "SID: 5088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105088; sid: 6105088; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Big Brother Directory Access"; content: "SID: 5089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105089; sid: 6105089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW FrontPage htimage.exe Access"; content: "SID: 5090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105090; sid: 6105090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Cart32 Remote Admin Access"; content: "SID: 5091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105091; sid: 6105091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI-World Poll It Access"; content: "SID: 5092 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105092; sid: 6105092; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP-Nuke admin.php3 Access"; content: "SID: 5093 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105093; sid: 6105093; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Script Center Account Manager Attack"; content: "SID: 5095 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105095; sid: 6105095; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Script Center Subscribe Me Attack"; content: "SID: 5096 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105096; sid: 6105096; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW FrontPage MS-DOS Device Attack"; content: "SID: 5097 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105097; sid: 6105097; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW GWScripts News Publisher Access"; content: "SID: 5099 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105099; sid: 6105099; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Center Auction Weaver File Access"; content: "SID: 5100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105100; sid: 6105100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Center Auction Weaver Attack"; content: "SID: 5101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105101; sid: 6105101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW phpPhotoAlbum explorer.php Access"; content: "SID: 5102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105102; sid: 6105102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SuSE Apache CGI Source Access"; content: "SID: 5103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105103; sid: 6105103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW YaBB File Access"; content: "SID: 5104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105104; sid: 6105104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Ranson Johnson mailto.cgi Attack"; content: "SID: 5105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105105; sid: 6105105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Ranson Johnson mailform.pl Access"; content: "SID: 5106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105106; sid: 6105106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Mandrake Linux /perl Access"; content: "SID: 5107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105107; sid: 6105107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Netegrity Site Minder Access"; content: "SID: 5108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105108; sid: 6105108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sambar Beta search.dll Access"; content: "SID: 5109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105109; sid: 6105109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SuSE Installed Packages Access"; content: "SID: 5110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105110; sid: 6105110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Solaris Answerbook 2 Access"; content: "SID: 5111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105111; sid: 6105111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Solaris Answerbook 2 Attack"; content: "SID: 5112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105112; sid: 6105112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CommuniGate Pro Access"; content: "SID: 5113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105113; sid: 6105113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Unicode Attack"; content: "SID: 5114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105114; sid: 6105114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Enterprise Server with ?wp Tags"; content: "SID: 5115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105115; sid: 6105115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Endymion MailMan Remote Command Execution"; content: "SID: 5116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105116; sid: 6105116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpGroupWare Remote Command Exec"; content: "SID: 5117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105117; sid: 6105117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eWave ServletExec 3.0C File Upload"; content: "SID: 5118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105118; sid: 6105118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CGI Script Center News Update Admin Passwd Change"; content: "SID: 5119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105119; sid: 6105119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Server Suite Buffer Overflow"; content: "SID: 5120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105120; sid: 6105120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet .shtml Buffer Overflow"; content: "SID: 5121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105121; sid: 6105121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nokia IP440 Denial of Service"; content: "SID: 5122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105122; sid: 6105122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Internet Printing Overflow"; content: "SID: 5123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105123; sid: 6105123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS CGI Double Decode"; content: "SID: 5124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105124; sid: 6105124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PerlCal Directory Traversal"; content: "SID: 5125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105125; sid: 6105125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS .ida Indexing Service Overflow"; content: "SID: 5126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105126; sid: 6105126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW viewsrc.cgi Directory Traversal"; content: "SID: 5127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105127; sid: 6105127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW nph-maillist.pl Cmd Exec"; content: "SID: 5128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105128; sid: 6105128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS HTTP Unauth Command Execution"; content: "SID: 5129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105129; sid: 6105129; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Privileged Information Disclosure"; content: "SID: 5130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105130; sid: 6105130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] talkback.cgi Directory Traversal"; content: "SID: 5131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105131; sid: 6105131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VirusWall catinfo Buffer Overflow"; content: "SID: 5132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105132; sid: 6105132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net.Commerce Macro Path Disclosure"; content: "SID: 5133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105133; sid: 6105133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MacOS PWS DoS"; content: "SID: 5134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105134; sid: 6105134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server Shared Library Overflow"; content: "SID: 5138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105138; sid: 6105138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net.Commerce Macro Denial of Service"; content: "SID: 5140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105140; sid: 6105140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NCM Content.pl SQL Query Vulnerability"; content: "SID: 5141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105141; sid: 6105141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCShop File Disclosure"; content: "SID: 5142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105142; sid: 6105142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS-DOS Device Name DoS"; content: "SID: 5146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105146; sid: 6105146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arcadia Internet Store Directory Traversal Attempt"; content: "SID: 5147 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105147; sid: 6105147; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perception LiteServe Web Server CGI Source Code Disclosure"; content: "SID: 5148 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105148; sid: 6105148; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro Interscan Viruswall Configuration Modification"; content: "SID: 5149 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105149; sid: 6105149; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InterScan VirusWall RegGo.dll Buffer Overflow"; content: "SID: 5150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105150; sid: 6105150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebStore Admin Bypass"; content: "SID: 5151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105151; sid: 6105151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebStore Command Exec"; content: "SID: 5152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105152; sid: 6105152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW uDirectory Directory Traversal"; content: "SID: 5154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105154; sid: 6105154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SiteWare Editor Directory Traversal"; content: "SID: 5155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105155; sid: 6105155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Microsoft fp30reg.dll Overflow"; content: "SID: 5156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105156; sid: 6105156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tarantella TTAWebTop.CGI Directory Traversal Bug"; content: "SID: 5157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105157; sid: 6105157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Proprietary Method Overflow"; content: "SID: 5158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105158; sid: 6105158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin Cmd Exec"; content: "SID: 5159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105159; sid: 6105159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache ? indexing file disclosure bug"; content: "SID: 5160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105160; sid: 6105160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail Command Exec"; content: "SID: 5161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105161; sid: 6105161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Classifieds Command Exec"; content: "SID: 5162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105162; sid: 6105162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mambo Site Server Administrative Password ByPass"; content: "SID: 5163 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105163; sid: 6105163; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPBB Remote SQL Query Manipulation"; content: "SID: 5164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105164; sid: 6105164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] php-nuke article.php sql query"; content: "SID: 5165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105165; sid: 6105165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] php-nuke modules.php DoS"; content: "SID: 5166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105166; sid: 6105166; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin Cmd Exec 2"; content: "SID: 5167 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105167; sid: 6105167; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snapstream PVS Directory Traversal Vulnerability"; content: "SID: 5168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105168; sid: 6105168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SnapStream PVS Plaintext Password Vulnerability"; content: "SID: 5169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105169; sid: 6105169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Null Byte In HTTP Request"; content: "SID: 5170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105170; sid: 6105170; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NC-Book book.cgi Cmd Exec"; content: "SID: 5171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105171; sid: 6105171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinWrapper Admin Server Directory Traversal"; content: "SID: 5172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105172; sid: 6105172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Directory Manager Cmd Exec"; content: "SID: 5173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105173; sid: 6105173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpmyexplorer directory traversal"; content: "SID: 5174 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105174; sid: 6105174; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hassan Shopping Cart Command Exec"; content: "SID: 5175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105175; sid: 6105175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Address List Disclosure"; content: "SID: 5176 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105176; sid: 6105176; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS Arnudp"; content: "SID: 5177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105177; sid: 6105177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Index Server File/Path Recon"; content: "SID: 5178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105178; sid: 6105178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke File Upload"; content: "SID: 5179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105179; sid: 6105179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sgiMerchant Directory Traversal"; content: "SID: 5180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105180; sid: 6105180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MacOS Apache File Disclosure"; content: "SID: 5181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105181; sid: 6105181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebDiscount's eShop Arbitrary Command Exec"; content: "SID: 5182 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105182; sid: 6105182; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP File Inclusion Remote Exec"; content: "SID: 5183 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105183; sid: 6105183; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Authentication Module ByPass"; content: "SID: 5184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105184; sid: 6105184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Tunneling"; content: "SID: 5188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105188; sid: 6105188; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Perl PerlIS.dll Buffer Overflow"; content: "SID: 5191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105191; sid: 6105191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Server .ht File Access"; content: "SID: 5194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105194; sid: 6105194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AS/400 '/' attack"; content: "SID: 5195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105195; sid: 6105195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Red Hat Stronghold Recon attack"; content: "SID: 5196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105196; sid: 6105196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Query Tool command Exec"; content: "SID: 5197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105197; sid: 6105197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] W3Mail Command Exec"; content: "SID: 5199 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105199; sid: 6105199; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Data Stream Source Disclosure"; content: "SID: 5200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105200; sid: 6105200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke Cross Site Scripting"; content: "SID: 5201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105201; sid: 6105201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke File Copy / Delete"; content: "SID: 5202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105202; sid: 6105202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hosting Controller File Access and Upload"; content: "SID: 5203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105203; sid: 6105203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AspUpload Sample Scripts"; content: "SID: 5204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105204; sid: 6105204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache php.exe File Disclosure"; content: "SID: 5205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105205; sid: 6105205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Horde IMP Session Hijack"; content: "SID: 5206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105206; sid: 6105206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Entrust GetAccess directory traversal"; content: "SID: 5207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105207; sid: 6105207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Tools shell metacharacters"; content: "SID: 5208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105208; sid: 6105208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Agora.cgi Cross Site Scripting"; content: "SID: 5209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105209; sid: 6105209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FAQManager.cgi directory traversal"; content: "SID: 5210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105210; sid: 6105210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] zml.cgi File Disclosure"; content: "SID: 5211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105211; sid: 6105211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Admin Authorization Bypass"; content: "SID: 5212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105212; sid: 6105212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Command Exec"; content: "SID: 5213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105213; sid: 6105213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FAQManager.cgi null bytes"; content: "SID: 5214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105214; sid: 6105214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] lastlines.cgi cmd exec/traversal"; content: "SID: 5215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105215; sid: 6105215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Rocket Directory Traversal"; content: "SID: 5216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105216; sid: 6105216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webmin Directory Traversal"; content: "SID: 5217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105217; sid: 6105217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Boozt Buffer Overflow"; content: "SID: 5218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105218; sid: 6105218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino database DoS"; content: "SID: 5219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105219; sid: 6105219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CSVForm Remote Command Exec"; content: "SID: 5220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105220; sid: 6105220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hosting Controller Directory Traversal"; content: "SID: 5221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105221; sid: 6105221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS Beer"; content: "SID: 5222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105222; sid: 6105222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Pi3Web Buffer Overflow"; content: "SID: 5223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105223; sid: 6105223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail SquirrelSpell Command Exec"; content: "SID: 5224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105224; sid: 6105224; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCP Portal Root Path Disclosure"; content: "SID: 5229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105229; sid: 6105229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino Authentication Bypass"; content: "SID: 5230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105230; sid: 6105230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MRTG Directory Traversal"; content: "SID: 5231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105231; sid: 6105231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] URL with XSS"; content: "SID: 5232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105232; sid: 6105232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP fileupload Buffer Overflow"; content: "SID: 5233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105233; sid: 6105233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pforum sql-injection"; content: "SID: 5234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105234; sid: 6105234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mac OS X URI Handler Arbitrary Code Execution"; content: "SID: 5235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105235; sid: 6105235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xoops sql-injection"; content: "SID: 5236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105236; sid: 6105236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP CONNECT Tunnel"; content: "SID: 5237 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105237; sid: 6105237; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EZNET Ezboard Buffer Overflow"; content: "SID: 5238 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105238; sid: 6105238; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sambar cgitest.exe Buffer Overflow"; content: "SID: 5239 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105239; sid: 6105239; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Marcus Xenakis Shell Command Exec"; content: "SID: 5240 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105240; sid: 6105240; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avenger System Command Exec"; content: "SID: 5241 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105241; sid: 6105241; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CS .cgi Script Cmd Exec"; content: "SID: 5243 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105243; sid: 6105243; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PhpSmsSend Command Exec"; content: "SID: 5244 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105244; sid: 6105244; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP 1.1 Chunked Encoding Transfer"; content: "SID: 5245 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105245; sid: 6105245; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ISAPI Filter Buffer Overflow"; content: "SID: 5246 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105246; sid: 6105246; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ASP SSI Buffer Overflow"; content: "SID: 5247 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105247; sid: 6105247; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS HTR ISAPI Buffer Overflow"; content: "SID: 5248 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105248; sid: 6105248; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Allaire JRun // Directory Disclosure"; content: "SID: 5251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105251; sid: 6105251; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Allaire JRun Session ID Recon"; content: "SID: 5252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105252; sid: 6105252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Axis StorPoint CD Authentication Bypass"; content: "SID: 5253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105253; sid: 6105253; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Linux Directory traceroute / nslookup Command Exec"; content: "SID: 5255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105255; sid: 6105255; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dot Dot Slash in URI"; content: "SID: 5256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105256; sid: 6105256; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPNetToolpack traceroute Command Exec"; content: "SID: 5257 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105257; sid: 6105257; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script source disclosure with CodeBrws.asp"; content: "SID: 5258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105258; sid: 6105258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snitz Forums SQL injection"; content: "SID: 5259 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105259; sid: 6105259; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xpede sprc.asp SQL Injection"; content: "SID: 5260 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105260; sid: 6105260; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOffice Server Web Administration Access"; content: "SID: 5261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105261; sid: 6105261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large number of Slashes URL"; content: "SID: 5262 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105262; sid: 6105262; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ecware.exe Access"; content: "SID: 5263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105263; sid: 6105263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RedHat cachemgr.cgi Access"; content: "SID: 5265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105265; sid: 6105265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iCat Carbo Server File Disclosure"; content: "SID: 5266 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105266; sid: 6105266; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Catalyst Remote Command Execution"; content: "SID: 5268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105268; sid: 6105268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ColdFusion CFDOCS Directory Access"; content: "SID: 5269 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105269; sid: 6105269; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EZ-Mall order.log File Access"; content: "SID: 5270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105270; sid: 6105270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] search.cgi Directory Traversal"; content: "SID: 5271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105271; sid: 6105271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] count.cgi GIF File Disclosure"; content: "SID: 5272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105272; sid: 6105272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bannermatic Sensitive File Access"; content: "SID: 5273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105273; sid: 6105273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netpad.cgi Directory Traversal/Cmd Exec"; content: "SID: 5274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105274; sid: 6105274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Phorum Remote Cmd Exec"; content: "SID: 5275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105275; sid: 6105275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dansie cart.cgi Vulnerability"; content: "SID: 5276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105276; sid: 6105276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] dfire.cgi Command Exec"; content: "SID: 5277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105277; sid: 6105277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VP-ASP shoptest.asp access"; content: "SID: 5278 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105278; sid: 6105278; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JJ Cgi Cmd Exec"; content: "SID: 5279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105279; sid: 6105279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS idq.dll Directory Traversal"; content: "SID: 5280 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105280; sid: 6105280; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Carello add.exe Access"; content: "SID: 5281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105281; sid: 6105281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ExAir advsearch.asp Access"; content: "SID: 5282 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105282; sid: 6105282; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] info2www CGI Directory Traversal"; content: "SID: 5283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105283; sid: 6105283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS webhits.dll Directory Traversal"; content: "SID: 5284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105284; sid: 6105284; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPEventCalendar Cmd Exec"; content: "SID: 5285 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105285; sid: 6105285; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebScripts WebBBS Cmd Exec"; content: "SID: 5286 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105286; sid: 6105286; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SiteServer AdSamples SITE.CSC File Access"; content: "SID: 5287 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105287; sid: 6105287; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Verity search97 Directory Traversal"; content: "SID: 5288 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105288; sid: 6105288; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQLXML ISAPI Buffer Overflow"; content: "SID: 5289 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105289; sid: 6105289; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat DefaultServlet File Disclosure"; content: "SID: 5290 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105290; sid: 6105290; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WEB-INF Dot File Disclosure"; content: "SID: 5291 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105291; sid: 6105291; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SalesCart shop.mdb File Access"; content: "SID: 5292 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105292; sid: 6105292; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] robots.txt File Access"; content: "SID: 5293 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105293; sid: 6105293; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BearShare File Disclosure"; content: "SID: 5294 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105294; sid: 6105294; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] finger CGI Recon"; content: "SID: 5295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105295; sid: 6105295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Server PageServices Directory Access"; content: "SID: 5296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105296; sid: 6105296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] order_log.dat File Access"; content: "SID: 5297 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105297; sid: 6105297; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] shopper.conf File Access"; content: "SID: 5298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105298; sid: 6105298; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] quikstore.cfg File Access"; content: "SID: 5299 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105299; sid: 6105299; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] reg_echo.cgi Recon"; content: "SID: 5300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105300; sid: 6105300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] /consolehelp/ CGI File Access"; content: "SID: 5301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105301; sid: 6105301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] /file/ WebLogic File Access"; content: "SID: 5302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105302; sid: 6105302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pfdispaly.cgi Command Execution"; content: "SID: 5303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105303; sid: 6105303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] files.pl File Access"; content: "SID: 5304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105304; sid: 6105304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] .bash_history File Access"; content: "SID: 5305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105305; sid: 6105305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SoftCart storemgr.pw File Access"; content: "SID: 5306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105306; sid: 6105306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mercantec Softcart Overflow"; content: "SID: 5307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105307; sid: 6105307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rpc-nlog.pl Command Execution"; content: "SID: 5308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105308; sid: 6105308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Handler CGI Command Execution"; content: "SID: 5309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105309; sid: 6105309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INDEX / directory access"; content: "SID: 5310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105310; sid: 6105310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] 8.3 file name access"; content: "SID: 5311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105311; sid: 6105311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] *.jsp/*.jhtml Java Execution"; content: "SID: 5312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105312; sid: 6105312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] order.log File Access"; content: "SID: 5313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105313; sid: 6105313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] windmail.exe Command Execution"; content: "SID: 5314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105314; sid: 6105314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] changedisplay.pl WWWthreads Privilege Elevation"; content: "SID: 5315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105315; sid: 6105315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue Admin Command Exec"; content: "SID: 5316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105316; sid: 6105316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli Endpoint Buffer Overflow"; content: "SID: 5317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105317; sid: 6105317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli ManagedNode Buffer Overflow"; content: "SID: 5318 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105318; sid: 6105318; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SoftCart orders Directory Access"; content: "SID: 5319 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105319; sid: 6105319; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ColdFusion administrator Directory Access"; content: "SID: 5320 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105320; sid: 6105320; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Guest Book CGI access"; content: "SID: 5321 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105321; sid: 6105321; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Request"; content: "SID: 5322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105322; sid: 6105322; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] midicart.mdb File Access"; content: "SID: 5323 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105323; sid: 6105323; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Query (?/)"; content: "SID: 5324 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105324; sid: 6105324; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Contivity cgiproc DoS"; content: "SID: 5325 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105325; sid: 6105325; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Root.exe access"; content: "SID: 5326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105326; sid: 6105326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tilde in URI"; content: "SID: 5327 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105327; sid: 6105327; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP phone DoS"; content: "SID: 5328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105328; sid: 6105328; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache/mod_ssl Worm Probe"; content: "SID: 5329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105329; sid: 6105329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache/mod_ssl Worm Buffer Overflow"; content: "SID: 5330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105330; sid: 6105330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Image Javascript insertion"; content: "SID: 5331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105331; sid: 6105331; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wordtrans-web Command Exec"; content: "SID: 5332 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105332; sid: 6105332; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FUDForum File Disclosure"; content: "SID: 5333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105333; sid: 6105333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB4Web File Disclosure"; content: "SID: 5334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105334; sid: 6105334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB4WEB Proxy Scan"; content: "SID: 5335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105335; sid: 6105335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Abyss Web Server File Disclosure"; content: "SID: 5336 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105336; sid: 6105336; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dot Dot Slash in HTTP Arguments"; content: "SID: 5337 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105337; sid: 6105337; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Front Page Admin password retrival"; content: "SID: 5338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105338; sid: 6105338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SunONE Directory Traversal"; content: "SID: 5339 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105339; sid: 6105339; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Killer Protection Credential File Access"; content: "SID: 5340 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105340; sid: 6105340; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Procurve 4000M Switch DoS"; content: "SID: 5341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105341; sid: 6105341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invision Board phpinfo.php Recon"; content: "SID: 5342 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105342; sid: 6105342; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Host Header Cross Site Scripting"; content: "SID: 5343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105343; sid: 6105343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS MDAC RDS Buffer Overflow"; content: "SID: 5344 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105344; sid: 6105344; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTPBench Information Disclosure"; content: "SID: 5345 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105345; sid: 6105345; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue Information Disclosure"; content: "SID: 5346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105346; sid: 6105346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xoops WebChat SQL Injection"; content: "SID: 5347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105347; sid: 6105347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cobalt RaQ Server overflow.cgi Cmd Exec"; content: "SID: 5348 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105348; sid: 6105348; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Polycom ViewStation Admin Password"; content: "SID: 5349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105349; sid: 6105349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPnuke email attachment access"; content: "SID: 5350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105350; sid: 6105350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS IE Help Overflow"; content: "SID: 5351 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105351; sid: 6105351; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell Buffer Overflow"; content: "SID: 5352 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105352; sid: 6105352; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell 'mode' URI exec"; content: "SID: 5353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105353; sid: 6105353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell 'zipfile' URI exec"; content: "SID: 5354 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105354; sid: 6105354; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DotBr exec.php3 exec"; content: "SID: 5355 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105355; sid: 6105355; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DotBr system.php3 exec"; content: "SID: 5356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105356; sid: 6105356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMP SQL Injection"; content: "SID: 5357 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105357; sid: 6105357; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Psunami.CGI Remote Command Execution"; content: "SID: 5358 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105358; sid: 6105358; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Scan CGI Scripts Access"; content: "SID: 5359 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105359; sid: 6105359; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage htimage.exe Buffer Overflow"; content: "SID: 5360 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105360; sid: 6105360; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage dvwssr.dll Buffer Overflow"; content: "SID: 5362 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105362; sid: 6105362; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage imagemap.exe Buffer Overflow"; content: "SID: 5363 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105363; sid: 6105363; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS WebDAV Overflow"; content: "SID: 5364 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105364; sid: 6105364; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long WebDAV Request"; content: "SID: 5365 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105365; sid: 6105365; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Shell Code in HTTP URL / Args"; content: "SID: 5366 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105366; sid: 6105366; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache CR LF DoS"; content: "SID: 5367 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105367; sid: 6105367; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ACS Windows CSAdmin Overflow"; content: "SID: 5368 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105368; sid: 6105368; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Win32 Apache Batch File CmdExec"; content: "SID: 5369 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105369; sid: 6105369; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTDig File Disclosure"; content: "SID: 5370 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105370; sid: 6105370; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] bdir.htr Access"; content: "SID: 5371 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105371; sid: 6105371; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP %20 source disclosure"; content: "SID: 5372 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105372; sid: 6105372; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS 5 Translate: f Source Disclosure"; content: "SID: 5373 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105373; sid: 6105373; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Executable File Command Exec"; content: "SID: 5374 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105374; sid: 6105374; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_dav Overflow"; content: "SID: 5375 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105375; sid: 6105375; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iisPROTECT Admin SQL Injection"; content: "SID: 5376 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105376; sid: 6105376; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP args to xp_cmdshell in HTTP Request"; content: "SID: 5377 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105377; sid: 6105377; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vignette TCL Injection Command Exec"; content: "SID: 5378 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105378; sid: 6105378; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Services Logging ISAPI Overflow"; content: "SID: 5379 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105379; sid: 6105379; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB SQL injection"; content: "SID: 5380 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105380; sid: 6105380; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPASP SQL injection"; content: "SID: 5381 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105381; sid: 6105381; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xpressions SQL Admin Bypass"; content: "SID: 5382 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105382; sid: 6105382; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cyberstrong eShop SQL Injection"; content: "SID: 5383 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105383; sid: 6105383; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks User Priviledge Modification"; content: "SID: 5385 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105385; sid: 6105385; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks Command Exec"; content: "SID: 5386 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105386; sid: 6105386; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerio MailServer Webmail multiple overflows"; content: "SID: 5388 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105388; sid: 6105388; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebAdmin Long User Name Logon Buffer Overflow"; content: "SID: 5389 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105389; sid: 6105389; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Swen Worm HTTP Counter Update Attempt"; content: "SID: 5390 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105390; sid: 6105390; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage Server Extensions Buffer Overflow"; content: "SID: 5391 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105391; sid: 6105391; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer XML Object Overflow Type 1"; content: "SID: 5392 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105392; sid: 6105392; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer XML Object Overflow Type 2"; content: "SID: 5393 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105393; sid: 6105393; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_gzip Overflow"; content: "SID: 5394 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105394; sid: 6105394; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ACNS Authentication Library Buffer Overflow"; content: "SID: 5395 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105395; sid: 6105395; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SiteInteractive Subscribe Me setup.pl Command Exec"; content: "SID: 5397 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105397; sid: 6105397; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ALT-N MDaemon form2raw.cgi Buffer Overflow"; content: "SID: 5399 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105399; sid: 6105399; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle.B (Bagle.B) Web Beacon"; content: "SID: 5400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105400; sid: 6105400; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook mailto Quote Malformed URI"; content: "SID: 5401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105401; sid: 6105401; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer URL Spoofing"; content: "SID: 5402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105402; sid: 6105402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL OR TLS Malformed Handshake DoS"; content: "SID: 5403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105403; sid: 6105403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Uninitialized Memory Corruption"; content: "SID: 5404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105404; sid: 6105404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS nsiislog.dll long argument overflow"; content: "SID: 5405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105405; sid: 6105405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Illegal MHTML URL"; content: "SID: 5406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105406; sid: 6105406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS PCT Overflow"; content: "SID: 5407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105407; sid: 6105407; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows HCP URI Parsing Script Exec"; content: "SID: 5408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105408; sid: 6105408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft HCP Remote Code Execution"; content: "SID: 5409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105409; sid: 6105409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] APSIS Pound Remote Format String Overflow"; content: "SID: 5410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105410; sid: 6105410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Linksys Http DoS"; content: "SID: 5411 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105411; sid: 6105411; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Goaway Message Overflow"; content: "SID: 5412 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105412; sid: 6105412; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WhatsUp Gold Buffer Overflow Vulnerability"; content: "SID: 5413 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105413; sid: 6105413; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft NNTP Heap Overflow Vulnerability"; content: "SID: 5414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105414; sid: 6105414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE object data remote execution"; content: "SID: 5416 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105416; sid: 6105416; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Object Tag Overflow"; content: "SID: 5417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105417; sid: 6105417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Cross Site Scripting .htw"; content: "SID: 5418 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105418; sid: 6105418; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Frontpage Path Disclosure"; content: "SID: 5419 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105419; sid: 6105419; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS TRACK Requests"; content: "SID: 5420 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105420; sid: 6105420; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS UNC Disclosure"; content: "SID: 5421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105421; sid: 6105421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ISAPI Extension Enumeration"; content: "SID: 5422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105422; sid: 6105422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ism.dll Access"; content: "SID: 5423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105423; sid: 6105423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HRAlign Buffer Overflow"; content: "SID: 5424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105424; sid: 6105424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer IFRAME Tag Overflow"; content: "SID: 5425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105425; sid: 6105425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape NSS SSLv2 Hello Message Overflow"; content: "SID: 5426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105426; sid: 6105426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Space Character DoS"; content: "SID: 5427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105427; sid: 6105427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CNS Registrar DoS"; content: "SID: 5428 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105428; sid: 6105428; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Replication Protocol Buffer Overflow"; content: "SID: 5429 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105429; sid: 6105429; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Darwin Streaming Server DoS"; content: "SID: 5430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105430; sid: 6105430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS W3Who Vulnerabilties"; content: "SID: 5431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105431; sid: 6105431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script Embedded in HTTP Header"; content: "SID: 5432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105432; sid: 6105432; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jabberd Username Overflow"; content: "SID: 5433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105433; sid: 6105433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Registration Request Overflow"; content: "SID: 5434 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105434; sid: 6105434; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Crystal Reports Remote Code Execution"; content: "SID: 5435 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105435; sid: 6105435; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RXBot Activity"; content: "SID: 5436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105436; sid: 6105436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB highlight parameter"; content: "SID: 5437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105437; sid: 6105437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Call Processing Solutions DoS"; content: "SID: 5438 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105438; sid: 6105438; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Loadimage API Overflow"; content: "SID: 5439 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105439; sid: 6105439; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRC Bot Activity"; content: "SID: 5440 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105440; sid: 6105440; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Help File Overflow Vulnerability"; content: "SID: 5441 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105441; sid: 6105441; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cursor/Icon File Format Buffer Overflow"; content: "SID: 5442 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105442; sid: 6105442; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ActiveX Help Control"; content: "SID: 5443 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105443; sid: 6105443; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebAgent logon Buffer Overflow"; content: "SID: 5444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105444; sid: 6105444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats configdir Command Exec"; content: "SID: 5445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105445; sid: 6105445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Install Engine Overflow"; content: "SID: 5446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105446; sid: 6105446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VB.aw Trojan/Back Door"; content: "SID: 5447 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105447; sid: 6105447; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Blaster Worm"; content: "SID: 5448 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105448; sid: 6105448; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Massacre Virus Attachment"; content: "SID: 5449 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105449; sid: 6105449; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Love Letter Worm Attachment"; content: "SID: 5450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105450; sid: 6105450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS WebDAV DoS"; content: "SID: 5451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105451; sid: 6105451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office XP URL Processing Buffer Overflow"; content: "SID: 5452 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105452; sid: 6105452; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats Plugin Command Exec"; content: "SID: 5453 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105453; sid: 6105453; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exim SPA Authentication Buffer Overflow"; content: "SID: 5454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105454; sid: 6105454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arkeia Type 77 Request Buffer Overflow"; content: "SID: 5455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105455; sid: 6105455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer 5 ie5filex Exploit"; content: "SID: 5456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105456; sid: 6105456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WU-FTPD DoS"; content: "SID: 5457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105457; sid: 6105457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebConnect MS-DOS Device Name DoS"; content: "SID: 5458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105458; sid: 6105458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebConnect Directory Traversal Vulnerability"; content: "SID: 5459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105459; sid: 6105459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin phpmyadmin.css.php File Disclosure"; content: "SID: 5460 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105460; sid: 6105460; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue MFCISAPICommand Buffer Overflow"; content: "SID: 5461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105461; sid: 6105461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB Authentication Bypass"; content: "SID: 5462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105462; sid: 6105462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Software GETCONFIG Buffer Overflow"; content: "SID: 5463 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105463; sid: 6105463; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Network Buffer Overflow"; content: "SID: 5464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105464; sid: 6105464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Checksum Buffer Overflow"; content: "SID: 5465 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105465; sid: 6105465; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite PUTOLF Buffer Overflow"; content: "SID: 5466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105466; sid: 6105466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite PUTOLF Directory Traversal"; content: "SID: 5467 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105467; sid: 6105467; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Invalid Command Overflow"; content: "SID: 5468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105468; sid: 6105468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TrackerCam PHP Argument Overflow"; content: "SID: 5469 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105469; sid: 6105469; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SafeNet Sentinel Buffer Overflow"; content: "SID: 5471 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105471; sid: 6105471; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Sysimage Handler Local Executable Reference"; content: "SID: 5472 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105472; sid: 6105472; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java JNLP File Command Injection"; content: "SID: 5473 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105473; sid: 6105473; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQL Query in HTTP Request"; content: "SID: 5474 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105474; sid: 6105474; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor ARCserve Backup Universal Agent Overflow"; content: "SID: 5475 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105475; sid: 6105475; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Application Execution"; content: "SID: 5476 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105476; sid: 6105476; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Possible Heap Payload Construction"; content: "SID: 5477 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105477; sid: 6105477; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange SMTP Overflow"; content: "SID: 5478 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105478; sid: 6105478; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDAV Lock-Token Overflow"; content: "SID: 5479 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105479; sid: 6105479; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDAV If Header Overflow"; content: "SID: 5480 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105480; sid: 6105480; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDBM Overflow"; content: "SID: 5481 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105481; sid: 6105481; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Login Overflow"; content: "SID: 5482 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105482; sid: 6105482; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Content Advisor Buffer Overflow"; content: "SID: 5483 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105483; sid: 6105483; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sambar Server Search Overflow"; content: "SID: 5484 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105484; sid: 6105484; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISS PAM.dll ICQ Parser Buffer Overflow"; content: "SID: 5485 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105485; sid: 6105485; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple File Service LoginExt Overflow"; content: "SID: 5486 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105486; sid: 6105486; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IA WebMail Buffer Overflow"; content: "SID: 5487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105487; sid: 6105487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Icecast Server HTTP Header Buffer Overflow"; content: "SID: 5488 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105488; sid: 6105488; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MyTOB Virus Activity"; content: "SID: 5489 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105489; sid: 6105489; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript IFRAME Exploitation"; content: "SID: 5490 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105490; sid: 6105490; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Install Trigger Function"; content: "SID: 5491 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105491; sid: 6105491; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wurmark Virus Activity"; content: "SID: 5492 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105492; sid: 6105492; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Llsrpc Bind"; content: "SID: 5493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105493; sid: 6105493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webview Script Injection"; content: "SID: 5494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105494; sid: 6105494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LDAP Active Directory Stack Overflow"; content: "SID: 5495 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105495; sid: 6105495; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] License Logging Service Overflow"; content: "SID: 5496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105496; sid: 6105496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP BDAT Vulnerability"; content: "SID: 5497 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105497; sid: 6105497; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Media Player IE Zone Bypass"; content: "SID: 5498 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105498; sid: 6105498; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Link in Object Tag in IE"; content: "SID: 5499 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105499; sid: 6105499; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE .asp File Execution"; content: "SID: 5500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105500; sid: 6105500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE ActiveX ADODB Stream"; content: "SID: 5501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105501; sid: 6105501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Llssrv RPC Activity"; content: "SID: 5502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105502; sid: 6105502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Object Creation In IE Local Zone"; content: "SID: 5503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105503; sid: 6105503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Backup Discovery UDP Probe Overflow"; content: "SID: 5504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105504; sid: 6105504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIP Trace"; content: "SID: 5505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105505; sid: 6105505; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Orifice Ping"; content: "SID: 5506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105506; sid: 6105506; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unreal Engine /secure/ Overflow"; content: "SID: 5507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105507; sid: 6105507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed IKE Packet DoS"; content: "SID: 5508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105508; sid: 6105508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tftp Passwd File"; content: "SID: 5509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105509; sid: 6105509; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTPD Directory Traversal"; content: "SID: 5510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105510; sid: 6105510; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ascend Denial of Service"; content: "SID: 5511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105511; sid: 6105511; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco SNMP Message Processing DoS"; content: "SID: 5512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105512; sid: 6105512; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 5513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105513; sid: 6105513; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP VC Embedded Community Names"; content: "SID: 5514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105514; sid: 6105514; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE DHTML Edit Control"; content: "SID: 5515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105515; sid: 6105515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Wildcard DoS"; content: "SID: 5516 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105516; sid: 6105516; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnswerBook2 Format String"; content: "SID: 5517 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105517; sid: 6105517; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quake Server Connect DoS"; content: "SID: 5518 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105518; sid: 6105518; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Popup Blocker Bypass"; content: "SID: 5519 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105519; sid: 6105519; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XEXCH50 Command Usage"; content: "SID: 5520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105520; sid: 6105520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nested Array Sort Loop DoS"; content: "SID: 5521 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105521; sid: 6105521; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jet Database Engine Shell Command Injection"; content: "SID: 5523 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105523; sid: 6105523; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Font Tag Split"; content: "SID: 5524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105524; sid: 6105524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Express Overflow"; content: "SID: 5525 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105525; sid: 6105525; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Environment Option Information Disclosure"; content: "SID: 5526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105526; sid: 6105526; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Index HTW Cross Site Scripting"; content: "SID: 5527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105527; sid: 6105527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS5 SEARCH overflow"; content: "SID: 5528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105528; sid: 6105528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CheckPoint Firewall RDP ByPass"; content: "SID: 5529 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105529; sid: 6105529; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Discover"; content: "SID: 5530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105530; sid: 6105530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Status Bar Spoof"; content: "SID: 5531 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105531; sid: 6105531; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Deltasource"; content: "SID: 5532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105532; sid: 6105532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Remote Boot Tool"; content: "SID: 5533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105533; sid: 6105533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KaZaA UDP Client Probe"; content: "SID: 5534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105534; sid: 6105534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Overnet Client Scan"; content: "SID: 5535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105535; sid: 6105535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gnutella File Search"; content: "SID: 5536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105536; sid: 6105536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICQ Client DNS Request"; content: "SID: 5537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105537; sid: 6105537; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Client DNS request"; content: "SID: 5538 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105538; sid: 6105538; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo Messenger Client DNS Request"; content: "SID: 5539 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105539; sid: 6105539; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger Client DNS Request"; content: "SID: 5540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105540; sid: 6105540; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modem DoS"; content: "SID: 5541 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105541; sid: 6105541; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PingTunnel ICMP Tunneling"; content: "SID: 5543 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105543; sid: 6105543; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Blaaaaa"; content: "SID: 5544 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105544; sid: 6105544; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Request Smuggling Attempt"; content: "SID: 5545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105545; sid: 6105545; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Key Exchange DoS"; content: "SID: 5546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105546; sid: 6105546; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB File Name Overflow"; content: "SID: 5547 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105547; sid: 6105547; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Windows Remote Agent Password Overflow"; content: "SID: 5548 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105548; sid: 6105548; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Evolution Message Size Overflow"; content: "SID: 5549 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105549; sid: 6105549; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access Cross Site Scripting Vulnerability"; content: "SID: 5551 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105551; sid: 6105551; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player Skin File Code Execution Vulnerability"; content: "SID: 5552 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105552; sid: 6105552; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger and cFinger Double Star User List Search"; content: "SID: 5553 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105553; sid: 6105553; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Object Tag Overflow Runtime Script Exploit"; content: "SID: 5554 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105554; sid: 6105554; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ONS Telnet DOS"; content: "SID: 5555 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105555; sid: 6105555; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javaprxy.dll Heap Overflow"; content: "SID: 5556 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105556; sid: 6105556; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ICC Color Management Module Vulnerability"; content: "SID: 5557 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105557; sid: 6105557; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webcart Command Injection"; content: "SID: 5558 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105558; sid: 6105558; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Format String"; content: "SID: 5559 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105559; sid: 6105559; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable IMAP Overflow"; content: "SID: 5560 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105560; sid: 6105560; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMTP Overflow"; content: "SID: 5561 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105561; sid: 6105561; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Qpopper Overflow"; content: "SID: 5562 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105562; sid: 6105562; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ARCserve Backup MS-SQL Overflow"; content: "SID: 5564 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105564; sid: 6105564; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Print Spooler Service Overflow"; content: "SID: 5565 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105565; sid: 6105565; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Potential IE Cross Frame Scripting"; content: "SID: 5566 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105566; sid: 6105566; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Remote Registry Access"; content: "SID: 5567 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105567; sid: 6105567; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Agent Remote File Access"; content: "SID: 5568 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105568; sid: 6105568; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MDaemon Imap Authentication Overflow"; content: "SID: 5569 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105569; sid: 6105569; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZOTOB Worm Activity"; content: "SID: 5570 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105570; sid: 6105570; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RBOT.CBQ Worm Activity"; content: "SID: 5571 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105571; sid: 6105571; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Design Tools Diagram Surface ActiveX Control"; content: "SID: 5572 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105572; sid: 6105572; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory Server iMonitor Buffer Overflow"; content: "SID: 5573 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105573; sid: 6105573; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenView Network Node Manager Command Injection"; content: "SID: 5574 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105574; sid: 6105574; rev: 4;)
##alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBIOS Session Service Failed Login"; content: "SID: 5575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105575; sid: 6105575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBIOS Session Failed Login - Brute Force [5/3]"; content: "SID: 5575 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; after: track by_src, count 5, seconds 300; threshold: type limit, track by_src, count 3, seconds 300; fwsam: src, 1 day; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107002; sid: 6107002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Login successful with Guest Privileges"; content: "SID: 5576 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105576; sid: 6105576; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NULL login attempt"; content: "SID: 5577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105577; sid: 6105577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB 95 98 Password File Access"; content: "SID: 5578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105578; sid: 6105578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Registry Access Attempt"; content: "SID: 5579 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105579; sid: 6105579; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Lsarpc Service Access Attempt"; content: "SID: 5580 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105580; sid: 6105580; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Srvsvc Service Access Attempt"; content: "SID: 5581 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105581; sid: 6105581; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Enum Share DoS"; content: "SID: 5582 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105582; sid: 6105582; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote SAM Service Access Attempt"; content: "SID: 5583 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105583; sid: 6105583; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB .eml email file remote access"; content: "SID: 5584 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105584; sid: 6105584; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Suspicious Password Usage"; content: "SID: 5585 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105585; sid: 6105585; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Locator Service Overflow"; content: "SID: 5586 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105586; sid: 6105586; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows 9x NetBIOS NULL Name Vulnerability"; content: "SID: 5587 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105587; sid: 6105587; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows DCOM Overflow"; content: "SID: 5588 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105588; sid: 6105588; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB ADMIN Hidden Share Access Attempt"; content: "SID: 5589 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105589; sid: 6105589; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB User Enumeration"; content: "SID: 5590 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105590; sid: 6105590; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Windows Share Enumeration"; content: "SID: 5591 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105591; sid: 6105591; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB RFPoison Attack"; content: "SID: 5592 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105592; sid: 6105592; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NIMDA Infected File Transfer"; content: "SID: 5593 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105593; sid: 6105593; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba call_trans2open Overflow"; content: "SID: 5594 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105594; sid: 6105594; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Startup Folder Remote Access"; content: "SID: 5595 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105595; sid: 6105595; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMB/RPC NoOp Sled"; content: "SID: 5596 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105596; sid: 6105596; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB MSRPC Messenger Overflow"; content: "SID: 5597 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105597; sid: 6105597; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Workstation Service Overflow"; content: "SID: 5598 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105598; sid: 6105598; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Anig Worm File Transfer"; content: "SID: 5599 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105599; sid: 6105599; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Bit String NTLMv2 Integer Overflow"; content: "SID: 5600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105600; sid: 6105600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows LSASS RPC Overflow"; content: "SID: 5601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105601; sid: 6105601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows System32 Directory File Access"; content: "SID: 5602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105602; sid: 6105602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSRPC Protocol violation"; content: "SID: 5603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105603; sid: 6105603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Account Locked"; content: "SID: 5605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105605; sid: 6105605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Authorization Failure"; content: "SID: 5606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105606; sid: 6105606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Supervisor Directory Traversal Vulnerability"; content: "SID: 5608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105608; sid: 6105608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Memory Corruption Vulnerability"; content: "SID: 5609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105609; sid: 6105609; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cacti Graph_Image.PHP Remote Command Execution Vulnerability"; content: "SID: 5610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105610; sid: 6105610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Cookie cache_lastpostdate Overflow"; content: "SID: 5611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105611; sid: 6105611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Unsolicited Response Storm"; content: "SID: 5612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105612; sid: 6105612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Cold Restart Request"; content: "SID: 5613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105613; sid: 6105613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Disable Unsolicited Responses"; content: "SID: 5614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105614; sid: 6105614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Read Request to a PLC"; content: "SID: 5615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105615; sid: 6105615; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Stop Application"; content: "SID: 5616 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105616; sid: 6105616; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Warm Restart"; content: "SID: 5617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105617; sid: 6105617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Broadcast Request"; content: "SID: 5618 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105618; sid: 6105618; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-DNP3 Communication on a DNP3 Port"; content: "SID: 5619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105619; sid: 6105619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Write Request to a PLC"; content: "SID: 5620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105620; sid: 6105620; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Miscellaneous Request to a PLC"; content: "SID: 5621 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105621; sid: 6105621; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Force Listen Only Mode"; content: "SID: 5622 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105622; sid: 6105622; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Restart Communications Option"; content: "SID: 5623 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105623; sid: 6105623; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Clear Counters and Diagnostic Registers"; content: "SID: 5624 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105624; sid: 6105624; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Read Device Identification"; content: "SID: 5625 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105625; sid: 6105625; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Report Server Information"; content: "SID: 5626 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105626; sid: 6105626; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Illegal Packet Size"; content: "SID: 5627 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105627; sid: 6105627; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus Slave Device Busy Exception Code Delay"; content: "SID: 5628 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105628; sid: 6105628; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus Acknowledge Exception Code Delay"; content: "SID: 5629 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105629; sid: 6105629; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Read Request to a PLC"; content: "SID: 5630 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105630; sid: 6105630; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Write Request to a PLC"; content: "SID: 5631 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105631; sid: 6105631; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Non-Modbus Communication"; content: "SID: 5632 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105632; sid: 6105632; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] .HTR Source View"; content: "SID: 5633 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105633; sid: 6105633; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Barracuda Spam Firewall Command Execution"; content: "SID: 5634 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105634; sid: 6105634; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Plug and Play Overflow"; content: "SID: 5635 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105635; sid: 6105635; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] vBulletin Template PHP Code Injection Vulnerability"; content: "SID: 5636 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105636; sid: 6105636; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Download Path Traversal"; content: "SID: 5637 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105637; sid: 6105637; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Command Injection"; content: "SID: 5638 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105638; sid: 6105638; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web View Script Injection Vulnerability"; content: "SID: 5639 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105639; sid: 6105639; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XML Race Condition in Internet Explorer"; content: "SID: 5640 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105640; sid: 6105640; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS DTC DoS"; content: "SID: 5641 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105641; sid: 6105641; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow Overflow"; content: "SID: 5642 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105642; sid: 6105642; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sox WAV File Overflow"; content: "SID: 5643 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105643; sid: 6105643; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Client Service for NetWare Overflow"; content: "SID: 5644 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105644; sid: 6105644; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH URI Handler"; content: "SID: 5645 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105645; sid: 6105645; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gatekeeper Overflow"; content: "SID: 5646 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105646; sid: 6105646; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Savant Webserver Request Overflow"; content: "SID: 5647 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105647; sid: 6105647; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tomcat Denial of Service Attack"; content: "SID: 5648 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105648; sid: 6105648; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ESignal Remote Buffer Overflow"; content: "SID: 5649 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105649; sid: 6105649; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finjan SurfinGate FHTTP Restart Command Execution"; content: "SID: 5650 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105650; sid: 6105650; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Server DoS"; content: "SID: 5651 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105651; sid: 6105651; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Directory Traversal"; content: "SID: 5652 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105652; sid: 6105652; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WLSE/HSE Default Username"; content: "SID: 5653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105653; sid: 6105653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Root Drive Access Attempt"; content: "SID: 5654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105654; sid: 6105654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cobalt RaQ Cross Site Scripting Vulnerability"; content: "SID: 5655 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105655; sid: 6105655; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS Listener DoS"; content: "SID: 5656 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105656; sid: 6105656; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AMLServer Local Path Disclosure"; content: "SID: 5657 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105657; sid: 6105657; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat JSP Engine DoS"; content: "SID: 5658 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105658; sid: 6105658; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare GSX Server Authentication Server Overflow"; content: "SID: 5659 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105659; sid: 6105659; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail Email Header Script Injection"; content: "SID: 5660 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105660; sid: 6105660; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Request"; content: "SID: 5661 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105661; sid: 6105661; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP POST Content-Type Overflow"; content: "SID: 5662 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105662; sid: 6105662; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NoOp Sled On HTTPS Port"; content: "SID: 5663 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTPS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105663; sid: 6105663; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Null Byte File Disclosure"; content: "SID: 5664 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105664; sid: 6105664; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultimate PHP Board Code Execution "; content: "SID: 5665 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105665; sid: 6105665; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unix chetcpasswd.cgi File Disclosure Vulnerability"; content: "SID: 5666 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105666; sid: 6105666; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Site Searcher Arbitrary Code Execution"; content: "SID: 5667 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105667; sid: 6105667; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unauthenticated FTP Connection"; content: "SID: 5668 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105668; sid: 6105668; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arkeia Type 74 Request Overflow"; content: "SID: 5669 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105669; sid: 6105669; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Select Excessive Length"; content: "SID: 5671 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105671; sid: 6105671; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Message Queuing Buffer Overflow"; content: "SID: 5672 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105672; sid: 6105672; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Format String"; content: "SID: 5673 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105673; sid: 6105673; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort Back Orifice Preprocessor Overflow"; content: "SID: 5674 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105674; sid: 6105674; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP-UX LPD Command Execution"; content: "SID: 5675 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105675; sid: 6105675; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] News Manager Lite Authentication Bypass"; content: "SID: 5676 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105676; sid: 6105676; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Universal Server Overflow"; content: "SID: 5677 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105677; sid: 6105677; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats Plugin Log Access"; content: "SID: 5678 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105678; sid: 6105678; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS Listener Denial Of Service"; content: "SID: 5679 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105679; sid: 6105679; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Line Feed DoS"; content: "SID: 5680 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105680; sid: 6105680; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC DHCP Daemon Buffer Overflow"; content: "SID: 5681 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105681; sid: 6105681; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vista Feed Headlines Gadget Remote Code Execution"; content: "SID: 5683 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105683; sid: 6105683; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed SIP Packet"; content: "SID: 5684 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105684; sid: 6105684; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebBBS Command Execution Vulnerability"; content: "SID: 5685 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105685; sid: 6105685; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long POPPASSWD String Overflow"; content: "SID: 5686 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105686; sid: 6105686; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Frame Cross Zone Scripting"; content: "SID: 5687 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105687; sid: 6105687; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RSA WebAgent Redirect Overflow"; content: "SID: 5688 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105688; sid: 6105688; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Keep-Alive DoS"; content: "SID: 5689 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105689; sid: 6105689; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Overflow"; content: "SID: 5692 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105692; sid: 6105692; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metafile Buffer Overflow"; content: "SID: 5693 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105693; sid: 6105693; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Enhanced Metafile Buffer Overflow"; content: "SID: 5694 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105694; sid: 6105694; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Enhanced Metafile DoS"; content: "SID: 5695 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105695; sid: 6105695; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Midi Decoder Overflow"; content: "SID: 5696 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105696; sid: 6105696; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script in Email Body"; content: "SID: 5697 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105697; sid: 6105697; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LanMan DoS"; content: "SID: 5698 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105698; sid: 6105698; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SalesLogix File Upload Vulnerability"; content: "SID: 5699 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105699; sid: 6105699; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP cURL Arbitrary File Access"; content: "SID: 5700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105700; sid: 6105700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Soap Request"; content: "SID: 5701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105701; sid: 6105701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Video Surveillance IP Gateway Encoder/Decoder Telnet Authentication Vulnerability"; content: "SID: 5703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105703; sid: 6105703; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Web Server Remote Root Command Execution"; content: "SID: 5705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105705; sid: 6105705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Persistent Content in a Dynamic Webpage"; content: "SID: 5706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105706; sid: 6105706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SWAT Pre-Authentication Buffer Overflow"; content: "SID: 5708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105708; sid: 6105708; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Eicar Standard Anti-Virus Test File"; content: "SID: 5710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105710; sid: 6105710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed URL"; content: "SID: 5711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105711; sid: 6105711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zip File Name Overflow"; content: "SID: 5713 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105713; sid: 6105713; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GKrellM Buffer Overflow"; content: "SID: 5714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105714; sid: 6105714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SAP Internet Transaction Server Information Disclosure"; content: "SID: 5715 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105715; sid: 6105715; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Stack Group Bidding Protocol DoS"; content: "SID: 5716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105716; sid: 6105716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ipswitch SMTP Format String"; content: "SID: 5717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105717; sid: 6105717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VERITAS NetBackup Volume Manager Daemon Buffer Overflow"; content: "SID: 5718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105718; sid: 6105718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lyris ListManager SQL Command Injection"; content: "SID: 5720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105720; sid: 6105720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Appliance ProxyStyleSheet Command Execution"; content: "SID: 5722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105722; sid: 6105722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS .dll DoS"; content: "SID: 5723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105723; sid: 6105723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nikto Scan"; content: "SID: 5724 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105724; sid: 6105724; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell NMAP Agent Buffer Overflow"; content: "SID: 5725 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105725; sid: 6105725; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Directory Failed Login"; content: "SID: 5726 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105726; sid: 6105726; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco VPN 3000 Concentrator HTTP Attack Vulnerability"; content: "SID: 5727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105727; sid: 6105727; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows IGMP DoS"; content: "SID: 5728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105728; sid: 6105728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player Browser Plug-in Overflow"; content: "SID: 5729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105729; sid: 6105729; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp Playlist File Handling Buffer Overflow"; content: "SID: 5730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105730; sid: 6105730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player BMP Processing Vulnerability"; content: "SID: 5731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105731; sid: 6105731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web Client Remote Code Execution Vulnerability"; content: "SID: 5732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105732; sid: 6105732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Header Hostname"; content: "SID: 5733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105733; sid: 6105733; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE isComponentInstalled() Overflow"; content: "SID: 5734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105734; sid: 6105734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Player ActionDefineFunction Code Execution"; content: "SID: 5735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105735; sid: 6105735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinVNC Client Buffer Overflow"; content: "SID: 5736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105736; sid: 6105736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Action Handlers Overflow"; content: "SID: 5737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105737; sid: 6105737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ACS Registry Access"; content: "SID: 5738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105738; sid: 6105738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Directory Failed Login"; content: "SID: 5739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105739; sid: 6105739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerio Personal Firewall Remote Authentication Buffer Overflow"; content: "SID: 5740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105740; sid: 6105740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PeerCast Buffer Overflow"; content: "SID: 5743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105743; sid: 6105743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Login DoS"; content: "SID: 5744 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105744; sid: 6105744; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP REST command"; content: "SID: 5745 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105745; sid: 6105745; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP ALLO command"; content: "SID: 5746 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105746; sid: 6105746; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MDAC Function Remote Code Execution"; content: "SID: 5747 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105747; sid: 6105747; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-SMTP Session Start"; content: "SID: 5748 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105748; sid: 6105748; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Double Byte Character Parsing"; content: "SID: 5749 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105749; sid: 6105749; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WLSE Cross Site Scripting"; content: "SID: 5750 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105750; sid: 6105750; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultr@VNC Client Overflow"; content: "SID: 5751 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105751; sid: 6105751; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sybase EAServer Overflow"; content: "SID: 5752 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105752; sid: 6105752; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Mailto Handler Vulnerability"; content: "SID: 5753 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105753; sid: 6105753; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PAJAX Remote Code Execution Vulnerability"; content: "SID: 5754 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105754; sid: 6105754; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Embedded TCP Connection Relay"; content: "SID: 5756 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105756; sid: 6105756; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange Server Cross-Site Scripting"; content: "SID: 5757 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105757; sid: 6105757; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bomberclone Buffer Overflow"; content: "SID: 5758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105758; sid: 6105758; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VNC Authentication Bypass"; content: "SID: 5759 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105759; sid: 6105759; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Messenger Accept-Language Value Overflow"; content: "SID: 5760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105760; sid: 6105760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultr@VNC Server Overflow"; content: "SID: 5761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105761; sid: 6105761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wireless Control System Cross Server Site Scripting"; content: "SID: 5763 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105763; sid: 6105763; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ShixxNOTE Font Buffer Overflow"; content: "SID: 5764 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105764; sid: 6105764; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Horde Help Viewer Remote Code Execution"; content: "SID: 5765 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105765; sid: 6105765; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Resolution Response Code Execution"; content: "SID: 5766 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105766; sid: 6105766; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeSSHd Key Exchange Overflow"; content: "SID: 5767 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105767; sid: 6105767; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Warez Activity"; content: "SID: 5768 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105768; sid: 6105768; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed HTTP Request"; content: "SID: 5769 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105769; sid: 6105769; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS XSS"; content: "SID: 5770 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105770; sid: 6105770; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winny Activity"; content: "SID: 5771 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105771; sid: 6105771; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP.NET Information Disclosure Vulnerability"; content: "SID: 5772 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105772; sid: 6105772; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Simple PHP Blog Unauthorized File Access"; content: "SID: 5773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105773; sid: 6105773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player PNG Processing Remote Code Execution"; content: "SID: 5774 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105774; sid: 6105774; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTML Redirection"; content: "SID: 5775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105775; sid: 6105775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Routing and Remote Access Service Code Execution"; content: "SID: 5776 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105776; sid: 6105776; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Favicon Code Execution"; content: "SID: 5777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105777; sid: 6105777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Uplddrvinfo.htm File Deletion Vulnerability"; content: "SID: 5778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105778; sid: 6105778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Connection Request"; content: "SID: 5779 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105779; sid: 6105779; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Connection Established"; content: "SID: 5780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105780; sid: 6105780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Client Association"; content: "SID: 5781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105781; sid: 6105781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP MMS Write Request Attempt"; content: "SID: 5782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105782; sid: 6105782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP MMS Write Request Succeeded"; content: "SID: 5783 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105783; sid: 6105783; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Address Unknown Disconnect"; content: "SID: 5784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105784; sid: 6105784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Protocol Error Disconnect"; content: "SID: 5785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105785; sid: 6105785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid OSI SSEL"; content: "SID: 5786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105786; sid: 6105786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid OSI PSEL"; content: "SID: 5787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105787; sid: 6105787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid TPKT Protocol"; content: "SID: 5788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105788; sid: 6105788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Tunnel Client Activity"; content: "SID: 5789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105789; sid: 6105789; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CS-MARS JBoss Vulnerability"; content: "SID: 5790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105790; sid: 6105790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Hyperlink Object Library Buffer Overflow"; content: "SID: 5792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105792; sid: 6105792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Server Driver Remote Execution"; content: "SID: 5793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105793; sid: 6105793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Routing and Remote Access Service RASMAN Registry Stack Overflow"; content: "SID: 5794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105794; sid: 6105794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Option Overflow Code Execution"; content: "SID: 5795 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105795; sid: 6105795; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS HTTP Unauthorized Command Execution"; content: "SID: 5796 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105796; sid: 6105796; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Calendar DoS"; content: "SID: 5797 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105797; sid: 6105797; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mambo PHP sbp File Inclusion Vulnerability"; content: "SID: 5798 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105798; sid: 6105798; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Server Service Code Execution"; content: "SID: 5799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105799; sid: 6105799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Large Content-Type"; content: "SID: 5800 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105800; sid: 6105800; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime JPEG Code Execution Overflow"; content: "SID: 5801 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105801; sid: 6105801; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTML URI Buffer Overflow"; content: "SID: 5802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105802; sid: 6105802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sygate Login Servlet SQL Injection"; content: "SID: 5803 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105803; sid: 6105803; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPN3000 Concentrator Unauthenticated FTP Access"; content: "SID: 5804 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105804; sid: 6105804; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPN3000 Concentrator FTP RMD Execution"; content: "SID: 5805 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105805; sid: 6105805; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winny P2P Connection Activity"; content: "SID: 5806 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105806; sid: 6105806; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Indexing Service Cross Site Scripting Vulnerability"; content: "SID: 5807 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105807; sid: 6105807; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCERPC Authentication DoS"; content: "SID: 5809 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105809; sid: 6105809; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SecureCRT SSH1 Buffer Overflow"; content: "SID: 5810 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105810; sid: 6105810; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IPS SSL DOS Vulnerability"; content: "SID: 5812 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105812; sid: 6105812; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Vector Markup Language Vulnerability"; content: "SID: 5813 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105813; sid: 6105813; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Step-by-Step Interactive Training Remote Code Execution"; content: "SID: 5814 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105814; sid: 6105814; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebViewFolderIcon setSlice() Overflow"; content: "SID: 5815 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105815; sid: 6105815; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TOR Client Activity"; content: "SID: 5816 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105816; sid: 6105816; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP .NET Cross Site Scripting"; content: "SID: 5817 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105817; sid: 6105817; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 5818 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105818; sid: 6105818; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long FTP XCRC XSHA1 XMD5 Command"; content: "SID: 5819 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105819; sid: 6105819; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec AntiVirus and Client Security Buffer Overflow"; content: "SID: 5820 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105820; sid: 6105820; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectAnimation ActiveX Memory Corruption"; content: "SID: 5821 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105821; sid: 6105821; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Workstation Service Memory Corruption Vulnerability"; content: "SID: 5822 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105822; sid: 6105822; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee Epolicy Overflow"; content: "SID: 5823 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105823; sid: 6105823; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Header DoS"; content: "SID: 5824 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105824; sid: 6105824; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Malformed Invite Packet"; content: "SID: 5825 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105825; sid: 6105825; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EIQ ESA Topology Delete Device Overflow"; content: "SID: 5826 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105826; sid: 6105826; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer ActiveX Control Arbitrary Code Execution"; content: "SID: 5827 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105827; sid: 6105827; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Server Side Cross Site Scripting"; content: "SID: 5828 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105828; sid: 6105828; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid SSL Packet"; content: "SID: 5829 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105829; sid: 6105829; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server HTTP Request Overflow"; content: "SID: 5830 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105830; sid: 6105830; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server RADIUS Accounting Request Vulnerability"; content: "SID: 5831 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105831; sid: 6105831; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Crafted IP Option Vulnerability"; content: "SID: 5832 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105832; sid: 6105832; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime RTSP URL Vulnerability"; content: "SID: 5833 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105833; sid: 6105833; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS SIP DoS Vulnerability"; content: "SID: 5835 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105835; sid: 6105835; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed TCP packet"; content: "SID: 5837 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105837; sid: 6105837; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS NAM SNMP Traffic"; content: "SID: 5838 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105838; sid: 6105838; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Server Response Code Execution"; content: "SID: 5839 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105839; sid: 6105839; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CLSID Code Execution"; content: "SID: 5840 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105840; sid: 6105840; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CatOS NAM SNMP Traffic"; content: "SID: 5841 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105841; sid: 6105841; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris Telnet Authentication Bypass"; content: "SID: 5842 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105842; sid: 6105842; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor Tape Engine Overflow"; content: "SID: 5843 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105843; sid: 6105843; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Memory Corruption Exploit"; content: "SID: 5845 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105845; sid: 6105845; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP 230 Reply Code"; content: "SID: 5846 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105846; sid: 6105846; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Successful Privileged Login"; content: "SID: 5847 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105847; sid: 6105847; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Content Management Service Cross-site Scripting"; content: "SID: 5848 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105848; sid: 6105848; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Content Management Server Vulnerability"; content: "SID: 5849 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105849; sid: 6105849; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort DCE/RPC Preprocessor Vulnerability"; content: "SID: 5850 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105850; sid: 6105850; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WCS Administrative Directory Access"; content: "SID: 5851 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105851; sid: 6105851; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Malformed String Vulnerability"; content: "SID: 5852 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105852; sid: 6105852; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Invite DoS"; content: "SID: 5853 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105853; sid: 6105853; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CUCM/CUPS Denial of Service Vulnerability"; content: "SID: 5854 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105854; sid: 6105854; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Remote Code Execution"; content: "SID: 5855 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105855; sid: 6105855; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Agent URL Parsing Remote Code Execution"; content: "SID: 5856 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105856; sid: 6105856; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPnP Memory Corruption Vulnerability"; content: "SID: 5857 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105857; sid: 6105857; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Server RPC Interface Buffer Overflow"; content: "SID: 5858 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105858; sid: 6105858; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] uTorrent File Handling Buffer Overflow"; content: "SID: 5859 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105859; sid: 6105859; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS FTPd Successful Login"; content: "SID: 5860 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105860; sid: 6105860; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CNS Netflow Collection Engine Default Password"; content: "SID: 5861 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105861; sid: 6105861; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access UTF Character Script Execution"; content: "SID: 5862 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105862; sid: 6105862; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CAPICOM.Certificates Remote Code Execution"; content: "SID: 5863 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105863; sid: 6105863; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Server IMAP Literal Processing Vulnerability"; content: "SID: 5864 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105864; sid: 6105864; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft WMS Arbitrary File Rewrite Vulnerability"; content: "SID: 5865 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105865; sid: 6105865; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Domino IMAP CRAM-MD5 Overflow"; content: "SID: 5866 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105866; sid: 6105866; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Navigation Cancel Page Spoofing Vulnerability"; content: "SID: 5868 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105868; sid: 6105868; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CSS Tag Memory Corruption"; content: "SID: 5869 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105869; sid: 6105869; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Win32 API Vulnerability"; content: "SID: 5870 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105870; sid: 6105870; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Urlmon.dll COM Object Instantiation"; content: "SID: 5871 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105871; sid: 6105871; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API 4 ActiveX Overflow"; content: "SID: 5873 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105873; sid: 6105873; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API 4 ActiveX Overflow"; content: "SID: 5874 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105874; sid: 6105874; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinZip ActiveX Control Instantiation"; content: "SID: 5876 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105876; sid: 6105876; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Protocol Handler Command Execution"; content: "SID: 5877 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105877; sid: 6105877; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VBE Object ID Buffer Overflow"; content: "SID: 5878 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105878; sid: 6105878; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime Java QTPointer Vulnerability"; content: "SID: 5879 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105879; sid: 6105879; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Web Start JNLP File Stack Overflow"; content: "SID: 5880 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105880; sid: 6105880; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS NHRP Buffer Overflow"; content: "SID: 5884 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105884; sid: 6105884; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EnjoySAP kweditcontrol.kwedit Stack Overflow"; content: "SID: 5885 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105885; sid: 6105885; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Socks Proxy Overflow"; content: "SID: 5886 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105886; sid: 6105886; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PDWizard ActiveX Overflow"; content: "SID: 5887 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105887; sid: 6105887; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TLBINF32.DLL COM Object Instantiation"; content: "SID: 5888 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105888; sid: 6105888; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NeoTrace ActiveX Buffer Overflow"; content: "SID: 5889 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105889; sid: 6105889; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long IMAP SUBSCRIBE Command"; content: "SID: 5890 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105890; sid: 6105890; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Motive Communications ActiveUtils Buffer Overflow"; content: "SID: 5892 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105892; sid: 6105892; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP Phone Remote Denial of Service"; content: "SID: 5893 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105893; sid: 6105893; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Storm Worm"; content: "SID: 5894 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105894; sid: 6105894; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Agent HTTP Code Execution"; content: "SID: 5898 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105898; sid: 6105898; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger Webcam Buffer Overflow"; content: "SID: 5899 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105899; sid: 6105899; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Message HTML Injection"; content: "SID: 5902 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105902; sid: 6105902; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS SharePoint XSS"; content: "SID: 5903 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105903; sid: 6105903; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Address Bar Spoof"; content: "SID: 5905 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105905; sid: 6105905; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Malformed Word Document Code Execution"; content: "SID: 5906 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105906; sid: 6105906; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NNTP Overflow"; content: "SID: 5908 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105908; sid: 6105908; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Browser Address Bar Spoofing Attack"; content: "SID: 5909 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105909; sid: 6105909; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM Centralized TFTP File Locator Service Buffer Overflow"; content: "SID: 5910 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105910; sid: 6105910; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM SIP INVITE UDP Denial of Service"; content: "SID: 5912 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105912; sid: 6105912; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PIX/ASA/FWSM MGCP DoS"; content: "SID: 5913 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105913; sid: 6105913; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft FoxPro ActiveX Vulnerability"; content: "SID: 5915 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105915; sid: 6105915; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] URL Handler Vulnerability"; content: "SID: 5916 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105916; sid: 6105916; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AskJeeves Toolbar ActiveX Buffer Overflow"; content: "SID: 5918 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105918; sid: 6105918; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Kodak Image Viewer Overflow"; content: "SID: 5919 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105919; sid: 6105919; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime VRPanoSampleAtom Heap Overflow"; content: "SID: 5920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105920; sid: 6105920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime Color Table Overflow"; content: "SID: 5921 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105921; sid: 6105921; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BEA WebLogic Admin Console Cross Site Scripting"; content: "SID: 5922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105922; sid: 6105922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer FTP Client Directory Traversal issue"; content: "SID: 5923 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105923; sid: 6105923; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Browsers JavaScript Argument Passing Code Execution Vulnerability"; content: "SID: 5924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105924; sid: 6105924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer HTML Object Memory Corruption"; content: "SID: 5925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105925; sid: 6105925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle ctxsys.driload Access Violation Vulnerability"; content: "SID: 5926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105926; sid: 6105926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise WebAccess Overflow"; content: "SID: 5927 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105927; sid: 6105927; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CSA for Windows System Driver Remote Buffer Overflow Vulnerability"; content: "SID: 5928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105928; sid: 6105928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee VirusScan File Name Overflow"; content: "SID: 5929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105929; sid: 6105929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic SQL Injection"; content: "SID: 5930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105930; sid: 6105930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Ratproxy"; content: "SID: 5931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105931; sid: 6105931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database DBMS_Scheduler Privilege Escalation"; content: "SID: 5933 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105933; sid: 6105933; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp MP4 Memory Corruption"; content: "SID: 5934 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105934; sid: 6105934; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime FlipFileTypeAtom_BtoN Underflow"; content: "SID: 5935 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105935; sid: 6105935; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime MOV Heap Overflow"; content: "SID: 5936 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105936; sid: 6105936; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection"; content: "SID: 5937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105937; sid: 6105937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database sys.pbsde.init Procedure Buffer Overflow"; content: "SID: 5938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105938; sid: 6105938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Text Box Memory Curruption"; content: "SID: 5939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105939; sid: 6105939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Objects Memory Corruption Vulnerability"; content: "SID: 5940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105940; sid: 6105940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows CSRSS Message Box Memory Corruption"; content: "SID: 5941 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105941; sid: 6105941; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo Messenger AudioConf ActiveX Overflow"; content: "SID: 5942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105942; sid: 6105942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SQL Query Directory Traversal"; content: "SID: 5943 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105943; sid: 6105943; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eTrust IDS Encryption Key DoS"; content: "SID: 5944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105944; sid: 6105944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS IE Cross Frame Scripting Restriction Bypass"; content: "SID: 5945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105945; sid: 6105945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ingres Database uuid_from_char() Stack Overflow"; content: "SID: 5948 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105948; sid: 6105948; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple HP Web Jetadmin Vulnerabilities"; content: "SID: 5949 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105949; sid: 6105949; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed String Code Execution"; content: "SID: 5950 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105950; sid: 6105950; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor ARCserve Backup MSRPC Memory Corruption"; content: "SID: 5951 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105951; sid: 6105951; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPerfect Importer/Exporter Heap Overflow"; content: "SID: 5952 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105952; sid: 6105952; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Directory Traversal"; content: "SID: 5953 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105953; sid: 6105953; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ePolicy Orchestrator SiteManager ActiveX Buffer Overflow"; content: "SID: 5954 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105954; sid: 6105954; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime udta Buffer Overflow"; content: "SID: 5955 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105955; sid: 6105955; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Vendor SOAP DoS"; content: "SID: 5956 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105956; sid: 6105956; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime Heap Corruption"; content: "SID: 5957 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105957; sid: 6105957; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix ICA Client ActiveX Control Buffer Overflow Vulnerability"; content: "SID: 5959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105959; sid: 6105959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Regular Expressions Heap Corruption"; content: "SID: 5960 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105960; sid: 6105960; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server MD2 package SDO_CODE_SIZE procedure Buffer Overflow"; content: "SID: 5961 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105961; sid: 6105961; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerberos V5 Principal Name Buffer Overflow"; content: "SID: 5963 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105963; sid: 6105963; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup Server bpcd Long Request Buffer Overflow"; content: "SID: 5966 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105966; sid: 6105966; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup CONNECT_OPTIONS Request Buffer Overflow"; content: "SID: 5967 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105967; sid: 6105967; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE daxctle.ocx KeyFrame Memory Curruption"; content: "SID: 5971 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105971; sid: 6105971; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime Movie Buffer Overflow"; content: "SID: 5972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105972; sid: 6105972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Publisher Font Overflow"; content: "SID: 5973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105973; sid: 6105973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SDO_CS.TRANSFORM_LAYER Buffer Overflow"; content: "SID: 5974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105974; sid: 6105974; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Media Player ASX Playlist Parsing Buffer Overflow"; content: "SID: 5975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105975; sid: 6105975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avast! Remote LHA Buffer Overflow"; content: "SID: 5976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105976; sid: 6105976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB2 Handshake DoS"; content: "SID: 5977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105977; sid: 6105977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable SMTP Service SPF Lookup Buffer Overflow"; content: "SID: 5978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105978; sid: 6105978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer COM Object Instantiation Memory Corruption"; content: "SID: 5979 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105979; sid: 6105979; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API Buffer Overflow"; content: "SID: 5980 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105980; sid: 6105980; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic for Applications SDK Overflow"; content: "SID: 5982 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105982; sid: 6105982; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Buffer Overrun"; content: "SID: 5983 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105983; sid: 6105983; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Code Execution"; content: "SID: 5984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105984; sid: 6105984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime RTSP Content-Type Excessive Length"; content: "SID: 5985 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105985; sid: 6105985; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI GIF Parsing Vulnerability"; content: "SID: 5986 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105986; sid: 6105986; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Products SVG layout vulnerability"; content: "SID: 5987 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105987; sid: 6105987; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MaxDB WebDBM Buffer Overflow"; content: "SID: 5991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105991; sid: 6105991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Instantiation Memory Corruption"; content: "SID: 5993 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105993; sid: 6105993; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ImageMagick SGI Buffer Overflow"; content: "SID: 5994 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105994; sid: 6105994; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eGatherer RunEgatherer Buffer Overflow"; content: "SID: 5997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105997; sid: 6105997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SYS.KUPW-WORKER Package MAIN Procedure SQL Injection Attempt"; content: "SID: 5998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105998; sid: 6105998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Server Reports Command Execution"; content: "SID: 6000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106000; sid: 6106000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Private"; content: "SID: 6003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106003; sid: 6106003; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS HTTP Server Iframe Command Injection"; content: "SID: 6004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106004; sid: 6106004; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unencrypted SSL Traffic"; content: "SID: 6005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106005; sid: 6106005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Management Console Cross-Site Scripting"; content: "SID: 6007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106007; sid: 6106007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] First 4 Internet XCP Uninstallation ActiveX Control"; content: "SID: 6008 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106008; sid: 6106008; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SYN Flood DOS"; content: "SID: 6009 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106009; sid: 6106009; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Command Injection"; content: "SID: 6011 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106011; sid: 6106011; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EIQ License Buffer Overflow"; content: "SID: 6012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106012; sid: 6106012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRCBOT_JK DNS Lookup"; content: "SID: 6013 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106013; sid: 6106013; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Player Improper Memory Access"; content: "SID: 6014 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106014; sid: 6106014; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash ActionDefineFunction Improper Memory Access"; content: "SID: 6015 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106015; sid: 6106015; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIM BlackBerry Enterprise Router DoS"; content: "SID: 6016 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106016; sid: 6106016; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow SAMI Parsing Remote Code Execution"; content: "SID: 6017 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106017; sid: 6106017; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime PictureViewer Buffer Overflow"; content: "SID: 6020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106020; sid: 6106020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebSphere J_Username Buffer Overflow"; content: "SID: 6022 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106022; sid: 6106022; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE JavaScript window() DoS"; content: "SID: 6023 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106023; sid: 6106023; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Information Disclosure"; content: "SID: 6024 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106024; sid: 6106024; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jet DB Engine Buffer Overflow"; content: "SID: 6025 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106025; sid: 6106025; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Gopher Protocol Handling Buffer Overflow"; content: "SID: 6026 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106026; sid: 6106026; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Word Malformed Object Tag"; content: "SID: 6027 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106027; sid: 6106027; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Message Queuing Service Code Execution"; content: "SID: 6030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106030; sid: 6106030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mcafee FreeScan Information Disclosure"; content: "SID: 6031 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106031; sid: 6106031; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DOMNodeRemoved Mutation Memory Corruption"; content: "SID: 6039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106039; sid: 6106039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Scan Engine Authentication Bypass"; content: "SID: 6040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106040; sid: 6106040; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox CSS Letter-Spacing Heap Overflow"; content: "SID: 6041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106041; sid: 6106041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTTP Response Splitting"; content: "SID: 6045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106045; sid: 6106045; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InterNetNews NULL Path Denial of Service"; content: "SID: 6046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106046; sid: 6106046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TrendMicro InterScan Viruswall Directory Traversal"; content: "SID: 6047 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106047; sid: 6106047; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SQL SYS.KUPV Injection"; content: "SID: 6048 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106048; sid: 6106048; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server Login Access Control Bypass Exploit"; content: "SID: 6049 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106049; sid: 6106049; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS HINFO Request"; content: "SID: 6050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106050; sid: 6106050; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Zone Transfer"; content: "SID: 6051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106051; sid: 6106051; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Zone Transfer from High Port"; content: "SID: 6052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106052; sid: 6106052; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Request for All Records"; content: "SID: 6053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106053; sid: 6106053; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Version Request"; content: "SID: 6054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106054; sid: 6106054; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Inverse Query Buffer Overflow"; content: "SID: 6055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106055; sid: 6106055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS NXT Buffer Overflow"; content: "SID: 6056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106056; sid: 6106056; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS SIG Buffer Overflow"; content: "SID: 6057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106057; sid: 6106057; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS SRV DoS"; content: "SID: 6058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106058; sid: 6106058; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS TSIG Overflow"; content: "SID: 6059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106059; sid: 6106059; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Complain Overflow"; content: "SID: 6060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106060; sid: 6106060; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Infoleak"; content: "SID: 6061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106061; sid: 6106061; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Authors Request"; content: "SID: 6062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106062; sid: 6106062; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Incremental Zone Transfer"; content: "SID: 6063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106063; sid: 6106063; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BIND Large OPT Record DoS"; content: "SID: 6064 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106064; sid: 6106064; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Query Name Loop DoS"; content: "SID: 6065 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106065; sid: 6106065; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Tunneling"; content: "SID: 6066 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106066; sid: 6106066; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS TSIG Bugtraq Overflow"; content: "SID: 6067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106067; sid: 6106067; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Wireless Control System Administrative Default Password"; content: "SID: 6068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106068; sid: 6106068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Format Remote Code Execution"; content: "SID: 6069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106069; sid: 6106069; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Format Remote Code Execution"; content: "SID: 6070 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106070; sid: 6106070; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow"; content: "SID: 6071 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106071; sid: 6106071; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic VBP Buffer Overflow"; content: "SID: 6072 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106072; sid: 6106072; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio Crystal Reports RPT File Code Execution"; content: "SID: 6073 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106073; sid: 6106073; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectX RLE Compressed TGA Overflow"; content: "SID: 6074 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106074; sid: 6106074; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla SOAPParameter Integer Overflow"; content: "SID: 6075 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106075; sid: 6106075; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC BIND DNS resolver buffer overflow"; content: "SID: 6076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106076; sid: 6106076; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Malformed GIF File"; content: "SID: 6077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106077; sid: 6106077; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access XSS"; content: "SID: 6078 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106078; sid: 6106078; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ACDSee Products XPM Vulnerability"; content: "SID: 6079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106079; sid: 6106079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Products PNG Parsing"; content: "SID: 6080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106080; sid: 6106080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel BIFF Parsing"; content: "SID: 6081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106081; sid: 6106081; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Column Record Handling"; content: "SID: 6082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106082; sid: 6106082; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel SetFont"; content: "SID: 6083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106083; sid: 6106083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE 7 HTML Object Memory Corruption"; content: "SID: 6084 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106084; sid: 6106084; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Table Column Record Handling"; content: "SID: 6085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106085; sid: 6106085; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Graphics Rendering Engine Buffer Overflow"; content: "SID: 6086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106086; sid: 6106086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec ISAKMP DoS"; content: "SID: 6087 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106087; sid: 6106087; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Compressed Folders Buffer Overflow"; content: "SID: 6088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106088; sid: 6106088; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP memory_limit Vulnerability"; content: "SID: 6089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106089; sid: 6106089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libpng Chunk Length Buffer Overflow"; content: "SID: 6090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106090; sid: 6106090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Acrobat Reader File Extension Buffer Overflow"; content: "SID: 6091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106091; sid: 6106091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Qt BMP Buffer Overflow"; content: "SID: 6092 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106092; sid: 6106092; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft Winamp M3U Remote Buffer Overflow"; content: "SID: 6094 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106094; sid: 6106094; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache apr-util IPv6 URI Parsing Vulnerability"; content: "SID: 6095 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106095; sid: 6106095; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Registration"; content: "SID: 6100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106100; sid: 6106100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Unregistration"; content: "SID: 6101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106101; sid: 6106101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Dump"; content: "SID: 6102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106102; sid: 6106102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Proxied RPC Request"; content: "SID: 6103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106103; sid: 6106103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Reg Spoof"; content: "SID: 6104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106104; sid: 6106104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port UnReg Spoof"; content: "SID: 6105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106105; sid: 6106105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS EAP-TLS Authentication Bypass"; content: "SID: 6106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106106; sid: 6106106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS File Existence Information Disclosure"; content: "SID: 6107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106107; sid: 6106107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeRADIUS Denial of Service"; content: "SID: 6108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106108; sid: 6106108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RSTATD Sweep"; content: "SID: 6110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106110; sid: 6106110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RUSESRD Sweep"; content: "SID: 6111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106111; sid: 6106111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC NFS Sweep"; content: "SID: 6112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106112; sid: 6106112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC MOUNTD Sweep"; content: "SID: 6113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106113; sid: 6106113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC YPASSWDD Sweep"; content: "SID: 6114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106114; sid: 6106114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC SELECTION SVC Sweep"; content: "SID: 6115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106115; sid: 6106115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC REXD Sweep"; content: "SID: 6116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106116; sid: 6106116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC STATUS Sweep"; content: "SID: 6117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106117; sid: 6106117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC TTDB Sweep"; content: "SID: 6118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106118; sid: 6106118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Authentication Vulnerability"; content: "SID: 6119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106119; sid: 6106119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RSTATD Request"; content: "SID: 6120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106120; sid: 6106120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RUSESRD Request"; content: "SID: 6121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106121; sid: 6106121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC NFS Request"; content: "SID: 6122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106122; sid: 6106122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC MOUNTD Request"; content: "SID: 6123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106123; sid: 6106123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC YPASSWDD Request"; content: "SID: 6124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106124; sid: 6106124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC SELECTION SVC Request"; content: "SID: 6125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106125; sid: 6106125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC REXD Request"; content: "SID: 6126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106126; sid: 6106126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC STATUS Request"; content: "SID: 6127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106127; sid: 6106127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC TTDB Request"; content: "SID: 6128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106128; sid: 6106128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Message Queuing Overflow"; content: "SID: 6130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106130; sid: 6106130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Plug and Play Overflow"; content: "SID: 6131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106131; sid: 6106131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mod SSL- Mod Proxy Hook Format String"; content: "SID: 6132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106132; sid: 6106132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Cell Length Buffer Overflow CVE-2004-0846"; content: "SID: 6133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106133; sid: 6106133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ASP.NET Canonicalization"; content: "SID: 6134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106134; sid: 6106134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Solaris in.rwhod Buffer Overflow"; content: "SID: 6135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106135; sid: 6106135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wordpad Default Font Overflow"; content: "SID: 6137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106137; sid: 6106137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-ASCII Hostname"; content: "SID: 6138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106138; sid: 6106138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malicious BMP File"; content: "SID: 6139 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106139; sid: 6106139; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid ASN.1 Header Parsing Denial of Service"; content: "SID: 6140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106140; sid: 6106140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia JRun 4.x Server File Disclosure"; content: "SID: 6141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106141; sid: 6106141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache HTTP Server Mod_Cache Module DoS"; content: "SID: 6142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106142; sid: 6106142; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Borland Interbase Database Service Create-Request Buffer Overflow"; content: "SID: 6143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106143; sid: 6106143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] X.Org X Font Server Buffer Overflow"; content: "SID: 6144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106144; sid: 6106144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect TMregChange Buffer Overflow"; content: "SID: 6145 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106145; sid: 6106145; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid WCCP Message Receive Buffer Overflow"; content: "SID: 6146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106146; sid: 6106146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer RealMedia Security Bypass"; content: "SID: 6147 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106147; sid: 6106147; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL_get_shared_ciphers Off-by-one"; content: "SID: 6148 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106148; sid: 6106148; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Arbitrary Library Injection"; content: "SID: 6149 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106149; sid: 6106149; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypserv Portmap Request"; content: "SID: 6150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106150; sid: 6106150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypbind Portmap Request"; content: "SID: 6151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106151; sid: 6106151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] yppasswdd Portmap Request"; content: "SID: 6152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106152; sid: 6106152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypupdated Portmap Request"; content: "SID: 6153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106153; sid: 6106153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypxfrd Portmap Request"; content: "SID: 6154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106154; sid: 6106154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mountd Portmap Request"; content: "SID: 6155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106155; sid: 6106155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos kadmind RPC Library Unix Authentication"; content: "SID: 6156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106156; sid: 6106156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos Kadmind Remote Code Injection"; content: "SID: 6157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106157; sid: 6106157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos Kadmind Rename Buffer Overflow"; content: "SID: 6158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106158; sid: 6106158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Active Directory Crafted LDAP Request DoS"; content: "SID: 6159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106159; sid: 6106159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Active Directory Crafted LDAP Buffer Overflow"; content: "SID: 6160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106160; sid: 6106160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ingres Database Communications Server Component Buffer Overflow"; content: "SID: 6161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106161; sid: 6106161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ipswitch IMail Server Date String Overflow"; content: "SID: 6162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106162; sid: 6106162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Document Parsing Buffer Overflow"; content: "SID: 6164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106164; sid: 6106164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] nfs-utils TCP Connection Termination Denial of Service"; content: "SID: 6165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106165; sid: 6106165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory HTTP Server Redirection Buffer Overflow"; content: "SID: 6166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106166; sid: 6106166; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Products Message Engine RPC Server Buffer Overflow"; content: "SID: 6168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106168; sid: 6106168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mod_tcl Module Format String Vulnerability"; content: "SID: 6169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106169; sid: 6106169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory evtFilteredMonitorEventsRequest Function Overflow"; content: "SID: 6170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106170; sid: 6106170; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Info Center HPInfoDLL.dll ActiveX Control Remote Code Execution"; content: "SID: 6171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106171; sid: 6106171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory evtFilteredMonitorEventsRequest Function"; content: "SID: 6172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106172; sid: 6106172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Empty DNS Query"; content: "SID: 6173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106173; sid: 6106173; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenLDAP Server BIND Request Denial of Service"; content: "SID: 6174 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106174; sid: 6106174; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rexd Portmap Request"; content: "SID: 6175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106175; sid: 6106175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed SIP Invite Packet"; content: "SID: 6177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106177; sid: 6106177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Message DoS"; content: "SID: 6178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106178; sid: 6106178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed MGCP Packet"; content: "SID: 6179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106179; sid: 6106179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rexd Attempt"; content: "SID: 6180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106180; sid: 6106180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP DoS"; content: "SID: 6181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106181; sid: 6106181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large SIP Message"; content: "SID: 6184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106184; sid: 6106184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIS Data Collector Heap Overflow"; content: "SID: 6186 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106186; sid: 6106186; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CallManager TCP Connection DoS"; content: "SID: 6187 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106187; sid: 6106187; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd dot dot"; content: "SID: 6188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106188; sid: 6106188; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd automount attack"; content: "SID: 6189 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106189; sid: 6106189; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd Buffer Overflow"; content: "SID: 6190 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106190; sid: 6106190; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC.tooltalk Buffer Overflow"; content: "SID: 6191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106191; sid: 6106191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC mountd Buffer Overflow"; content: "SID: 6192 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106192; sid: 6106192; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC CMSD Buffer Overflow"; content: "SID: 6193 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106193; sid: 6106193; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sadmind Buffer Overflow"; content: "SID: 6194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106194; sid: 6106194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sadmind RPC Buffer Overflow"; content: "SID: 6195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106195; sid: 6106195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] snmpXdmid Buffer Overflow"; content: "SID: 6196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106196; sid: 6106196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rpc yppaswdd overflow"; content: "SID: 6197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106197; sid: 6106197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long rwalld Message"; content: "SID: 6198 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106198; sid: 6106198; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cachefsd Overflow"; content: "SID: 6199 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106199; sid: 6106199; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ident Buffer Overflow"; content: "SID: 6200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106200; sid: 6106200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ident Newline"; content: "SID: 6201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106201; sid: 6106201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sadmind directory traversal command exec"; content: "SID: 6203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106203; sid: 6106203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Source Code Disclosure"; content: "SID: 6204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106204; sid: 6106204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Vmd Buffer Overflow"; content: "SID: 6205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106205; sid: 6106205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WorldMail IMAP Directory Traversal"; content: "SID: 6206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106206; sid: 6106206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeBSD nfsd Request Denial of Service"; content: "SID: 6207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106207; sid: 6106207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Volume Manager Buffer Overflow"; content: "SID: 6208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106208; sid: 6106208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Vnetd Buffer Overflow"; content: "SID: 6209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106209; sid: 6106209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LPR Format String Overflow"; content: "SID: 6210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106210; sid: 6106210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LPD NoOp Sled"; content: "SID: 6211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106211; sid: 6106211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Tag Memory Corruption"; content: "SID: 6212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106212; sid: 6106212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Focus Buffer Overflow"; content: "SID: 6213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106213; sid: 6106213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LibTIFF TIFFFetchData Integer Overflow"; content: "SID: 6214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106214; sid: 6106214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Print Services Integer Overflow"; content: "SID: 6215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106215; sid: 6106215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC Retrospect Client Buffer Overflow"; content: "SID: 6216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106216; sid: 6106216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eDirectory iMonitor NDS Server Buffer Overflow"; content: "SID: 6217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106217; sid: 6106217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MediaWiki Script Insertion"; content: "SID: 6218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106218; sid: 6106218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CommuniGate Pro LDAP Server Buffer Overflow"; content: "SID: 6219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106219; sid: 6106219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Retrospect Backup Agent Denial of Service"; content: "SID: 6220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106220; sid: 6106220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Director Agent DoS"; content: "SID: 6221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106221; sid: 6106221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView Client Configuration Manager Radia Notify Daemon Code Execution"; content: "SID: 6222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106222; sid: 6106222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix MetaFrame IMA Authentication Processing Buffer Overflow"; content: "SID: 6223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106223; sid: 6106223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows IGMP Overflow"; content: "SID: 6224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106224; sid: 6106224; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KAME IKE raccoon HASH"; content: "SID: 6225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106225; sid: 6106225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trojan.Srizbi Bot"; content: "SID: 6226 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106226; sid: 6106226; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic Charts Control Memory Corruption"; content: "SID: 6227 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106227; sid: 6106227; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mac OSX Software Update Remote Code Execution"; content: "SID: 6228 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106228; sid: 6106228; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS SQL Server sqldmo.dll Overflow"; content: "SID: 6229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106229; sid: 6106229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] F-Secure Products Web Console Buffer Overflow"; content: "SID: 6230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106230; sid: 6106230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Presentation Server IMA"; content: "SID: 6231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106231; sid: 6106231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Distributed Transaction Coordinator Overflow"; content: "SID: 6232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106232; sid: 6106232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates BrightStor ARCserve Backup Tape Engine Service"; content: "SID: 6233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106233; sid: 6106233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VideoLAN VLC Subtitle Overflow"; content: "SID: 6234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106234; sid: 6106234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime SMIL Overflow"; content: "SID: 6235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106235; sid: 6106235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AMI Pro File Buffer Overflow"; content: "SID: 6236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106236; sid: 6106236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable IMAP Service Login Overflow"; content: "SID: 6237 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106237; sid: 6106237; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GNU RADIUS SQL Accounting Format String Vulnerability"; content: "SID: 6238 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106238; sid: 6106238; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime RTSP Long URL"; content: "SID: 6239 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106239; sid: 6106239; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP LOGIN Negative Value"; content: "SID: 6240 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106240; sid: 6106240; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect eng50.dll Stack Overflow"; content: "SID: 6242 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106242; sid: 6106242; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun JRE Abstract Windowing Toolkit Module Memory Corruption"; content: "SID: 6243 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106243; sid: 6106243; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows SNMP Service Memory Corruption"; content: "SID: 6244 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106244; sid: 6106244; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Storage Manager Initial Sign-on Request Buffer Overflow"; content: "SID: 6245 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106245; sid: 6106245; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gateway Weblaunch Activex Control"; content: "SID: 6246 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106246; sid: 6106246; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Microsystems Java GIF File Handling Memory Corruption"; content: "SID: 6247 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106247; sid: 6106247; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Mercury Loadrunner Agent Command Processing Buffer Overflow"; content: "SID: 6248 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106248; sid: 6106248; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio 6 ActiveX Exploit"; content: "SID: 6249 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106249; sid: 6106249; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Authorization Failure"; content: "SID: 6250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106250; sid: 6106250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Authorization Failure"; content: "SID: 6251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106251; sid: 6106251; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Authorization Failure"; content: "SID: 6252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106252; sid: 6106252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP3 Authorization Failure"; content: "SID: 6253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106253; sid: 6106253; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Authorization Failure"; content: "SID: 6255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106255; sid: 6106255; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Authorization Failure"; content: "SID: 6256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106256; sid: 6106256; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Client DoS"; content: "SID: 6257 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106257; sid: 6106257; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE HTML Rendering Memory Corruption"; content: "SID: 6258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106258; sid: 6106258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Linux Printing And Imaging hpssd Command Injection"; content: "SID: 6259 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106259; sid: 6106259; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VERITAS Storage Foundation Administrator Buffer Overflow"; content: "SID: 6260 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106260; sid: 6106260; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC DHCP Remote DoS"; content: "SID: 6261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106261; sid: 6106261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server CGI Buffer Overflow"; content: "SID: 6262 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106262; sid: 6106262; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XSS in Cisco ACS Server"; content: "SID: 6263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106263; sid: 6106263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed Header"; content: "SID: 6264 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106264; sid: 6106264; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Jet Database Engine Buffer Overflow"; content: "SID: 6265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106265; sid: 6106265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed Header"; content: "SID: 6266 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106266; sid: 6106266; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long FETCH Command"; content: "SID: 6267 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106267; sid: 6106267; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Network Node Manager Buffer Overflow"; content: "SID: 6268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106268; sid: 6106268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Operations Buffer Overflow"; content: "SID: 6269 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106269; sid: 6106269; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView Network Node Manager Integer Overflow"; content: "SID: 6270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106270; sid: 6106270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare ActiveX Arbitrary File Access"; content: "SID: 6271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106271; sid: 6106271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iPrint Client ActiveX Buffer Overflow"; content: "SID: 6272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106272; sid: 6106272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works ActiveX WkImgSrv.dll Insecure Function"; content: "SID: 6273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106273; sid: 6106273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee ePolicy Orchestrator Format String"; content: "SID: 6274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106274; sid: 6106274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SGI fam Attempt"; content: "SID: 6275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106275; sid: 6106275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TooltalkDB overflow"; content: "SID: 6276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106276; sid: 6106276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Show Mount Recon"; content: "SID: 6277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106277; sid: 6106277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Web Components DataSource Vulnerability"; content: "SID: 6278 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106278; sid: 6106278; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Presentation Server Client ActiveX Overflow"; content: "SID: 6279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106279; sid: 6106279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Messenger Information Disclosure Vulnerability"; content: "SID: 6280 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106280; sid: 6106280; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed EPS Filter Vulnerability"; content: "SID: 6281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106281; sid: 6106281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed PICT Filter Vulnerability"; content: "SID: 6282 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106282; sid: 6106282; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BMP Filter Vulnerability"; content: "SID: 6283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106283; sid: 6106283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Openwsman HTTP Basic Authentication Buffer Overflow"; content: "SID: 6284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106284; sid: 6106284; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LANDesk Intel QIP Service Heal Packet Buffer Overflow"; content: "SID: 6295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106295; sid: 6106295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow"; content: "SID: 6296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106296; sid: 6106296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Import Method Buffer Overflow"; content: "SID: 6297 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106297; sid: 6106297; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Creative Software AutoUpdate Engine ActiveX Stack-Overflow"; content: "SID: 6298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106298; sid: 6106298; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Namo ActiveSquare6 ActiveX Vulnerability"; content: "SID: 6299 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106299; sid: 6106299; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Loki ICMP Tunneling"; content: "SID: 6300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106300; sid: 6106300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] General Loki ICMP Tunneling"; content: "SID: 6302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106302; sid: 6106302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PingTunnel ICMP Tunneling"; content: "SID: 6303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106303; sid: 6106303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS-SQL Query Abuse"; content: "SID: 6350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106350; sid: 6106350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba SPOOLSS Notify Options Heap overflow"; content: "SID: 6402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106402; sid: 6106402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Uninitialized Memory Corruption"; content: "SID: 6403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106403; sid: 6106403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow WAV Parsing Remote Code Execution"; content: "SID: 6406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106406; sid: 6106406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE DHTML Memory Corruption"; content: "SID: 6408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106408; sid: 6106408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Invalid Object Memory Corruption"; content: "SID: 6409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106409; sid: 6106409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Unsafe Memory Operation"; content: "SID: 6410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106410; sid: 6106410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BGP Message"; content: "SID: 6412 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106412; sid: 6106412; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee Subscription Manager ActiveX Stack Buffer Overflow"; content: "SID: 6413 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106413; sid: 6106413; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ClamAV UPX File Handling Heap Overflow"; content: "SID: 6414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106414; sid: 6106414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Help HLP File Processing Memory Corruption"; content: "SID: 6416 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106416; sid: 6106416; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JavaScript Navigator Object Memory Corruption"; content: "SID: 6417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106417; sid: 6106417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache HTTP Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow"; content: "SID: 6418 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106418; sid: 6106418; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database dbms_assert Filter Bypass Vulnerability"; content: "SID: 6419 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106419; sid: 6106419; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Malformed GIF File Processing Code Execution"; content: "SID: 6420 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106420; sid: 6106420; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Malformed SELECTION Record Code Execution"; content: "SID: 6421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106421; sid: 6106421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ASP.NET Application Folder Information Disclosure"; content: "SID: 6422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106422; sid: 6106422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Integer Overflow"; content: "SID: 6423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106423; sid: 6106423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint PPT File Parsing Memory Corruption"; content: "SID: 6424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106424; sid: 6106424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Malformed OBJECT Record Code Execution"; content: "SID: 6425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106425; sid: 6106425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word mso.dll LsCreateLine Memory Corruption"; content: "SID: 6426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106426; sid: 6106426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] zlib Denial of Service"; content: "SID: 6427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106427; sid: 6106427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CSS Memory Corruption"; content: "SID: 6430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106430; sid: 6106430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Web Cache Heap Overflow"; content: "SID: 6431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106431; sid: 6106431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Subversion svn Protocol String Parsing Vulnerability"; content: "SID: 6432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106432; sid: 6106432; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Norton Internet Security NBNS Stack Overflow"; content: "SID: 6433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106433; sid: 6106433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Program Neighborhood Agent Buffer Overflow"; content: "SID: 6436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106436; sid: 6106436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks RealPlayer Compressed Skin Buffer Overflow"; content: "SID: 6437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106437; sid: 6106437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail IMAP Fetch Buffer Overflow"; content: "SID: 6443 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106443; sid: 6106443; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iGateway Content-Length Buffer Overflow"; content: "SID: 6444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106444; sid: 6106444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SUSE Remote Manager Heap Overflow"; content: "SID: 6445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106445; sid: 6106445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader eBook plug-in Format String Vulnerability"; content: "SID: 6446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106446; sid: 6106446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Mod_jk Stack Overflow"; content: "SID: 6449 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106449; sid: 6106449; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pcAnywhere Buffer Overflow"; content: "SID: 6450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106450; sid: 6106450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MediaWiki Language Option PHP Code Execution"; content: "SID: 6451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106451; sid: 6106451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Winhlp32 Compressed Phrase Buffer Overflow"; content: "SID: 6454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106454; sid: 6106454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Media Server DoS"; content: "SID: 6456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106456; sid: 6106456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Notes URI Handler Argument Injection"; content: "SID: 6457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106457; sid: 6106457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Media Player File Information Disclosure"; content: "SID: 6458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106458; sid: 6106458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Winhlp32 Compressed Phrase Integer Overflow"; content: "SID: 6459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106459; sid: 6106459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CDF Cross Domain Scripting"; content: "SID: 6462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106462; sid: 6106462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid WCCP Message Parsing Denial of Service"; content: "SID: 6466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106466; sid: 6106466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Click Event Classification Vulnerability"; content: "SID: 6467 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106467; sid: 6106467; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Vendor AV Gateway Virus Detection Bypass"; content: "SID: 6468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106468; sid: 6106468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Web Browsers Window Injection."; content: "SID: 6477 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106477; sid: 6106477; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iManager Tomcat HTTP POST Request Handling Denial of Service"; content: "SID: 6486 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106486; sid: 6106486; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TikiWiki jhot.php Script File Upload Security Bypass"; content: "SID: 6487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106487; sid: 6106487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup Command Chaining"; content: "SID: 6488 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106488; sid: 6106488; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow"; content: "SID: 6489 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106489; sid: 6106489; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Alt-N MDAEMON IMAP Server Heap Overflow"; content: "SID: 6491 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106491; sid: 6106491; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Graphics Rendering Engine Buffer Overflow Vulnerability"; content: "SID: 6493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106493; sid: 6106493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP APPEND Date Buffer Overflow"; content: "SID: 6494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106494; sid: 6106494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer URL Spoofing Vulnerability Details"; content: "SID: 6496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106496; sid: 6106496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RingZero Trojan"; content: "SID: 6500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106500; sid: 6106500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tribe Flood Net Client Request"; content: "SID: 6501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106501; sid: 6106501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tribe Flood Net Server Reply"; content: "SID: 6502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106502; sid: 6106502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Stacheldraht Client Request"; content: "SID: 6503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106503; sid: 6106503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Stacheldraht Server Reply"; content: "SID: 6504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106504; sid: 6106504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo Client Request"; content: "SID: 6505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106505; sid: 6106505; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo Server Reply"; content: "SID: 6506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106506; sid: 6106506; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFN2K Control Traffic"; content: "SID: 6507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106507; sid: 6106507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mstream Control Traffic"; content: "SID: 6508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106508; sid: 6106508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft DXmedia SDK6 ActiveX Control"; content: "SID: 6509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106509; sid: 6106509; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GOM Player ActiveX Control Buffer Overflow"; content: "SID: 6510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106510; sid: 6106510; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macrovision FlexNet isusweb.dll DownloadAndExecute Method"; content: "SID: 6512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106512; sid: 6106512; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macrovision FlexNet DownloadManager Insecure Methods"; content: "SID: 6513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106513; sid: 6106513; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid SIP Response Code"; content: "SID: 6515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106515; sid: 6106515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed Via Header"; content: "SID: 6517 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106517; sid: 6106517; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Long Header Field"; content: "SID: 6518 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106518; sid: 6106518; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long SIP Message"; content: "SID: 6520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106520; sid: 6106520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Call Manager Overflow"; content: "SID: 6521 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106521; sid: 6106521; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Failed HTTP Login HTTP 401"; content: "SID: 6522 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106522; sid: 6106522; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-Printable in SIP Header"; content: "SID: 6523 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106523; sid: 6106523; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution"; content: "SID: 6524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106524; sid: 6106524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lighttpd FastCGI Header Overrun"; content: "SID: 6526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106526; sid: 6106526; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Publisher Invalid Memory Reference RCE"; content: "SID: 6527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106527; sid: 6106527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server 10G EmChartBeam Remote Directory Traversal"; content: "SID: 6528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106528; sid: 6106528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SynCE Command Injection"; content: "SID: 6530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106530; sid: 6106530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perdition IMAP Proxy str_vwrite Format String"; content: "SID: 6532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106532; sid: 6106532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates BrightStor ARCserve Backup Discovery Service"; content: "SID: 6533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106533; sid: 6106533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Backup Exec ActiveX Control"; content: "SID: 6534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106534; sid: 6106534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Facebook Photo Uploader ActiveX Control"; content: "SID: 6535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106535; sid: 6106535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Aurigma ImageUploader ActiveX Control"; content: "SID: 6536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106536; sid: 6106536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kraken Botnet Traffic"; content: "SID: 6537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106537; sid: 6106537; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Malware Protection Engine DoS"; content: "SID: 6539 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106539; sid: 6106539; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM Certificate Trust List Memory Consumption DOS"; content: "SID: 6540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106540; sid: 6106540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Project Malformed File Exploit"; content: "SID: 6541 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106541; sid: 6106541; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTPServer Error Overflow"; content: "SID: 6542 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106542; sid: 6106542; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks Common Services Arbitrary Code Injection"; content: "SID: 6543 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106543; sid: 6106543; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ActiveX Object Memory Corruption Vulnerability"; content: "SID: 6544 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106544; sid: 6106544; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Local Privilege Escalation"; content: "SID: 6545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106545; sid: 6106545; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMPv3 Malformed Authentication Attempt"; content: "SID: 6546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106546; sid: 6106546; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server 7 TDS Denial Of Service"; content: "SID: 6702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106702; sid: 6106702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort SACK TCP Option Handling Denial of Service Details"; content: "SID: 6703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106703; sid: 6106703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Address Bar Spoofing Vulnerability"; content: "SID: 6704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106704; sid: 6106704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Drag And Drop Vulnerability"; content: "SID: 6705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106705; sid: 6106705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol DoS"; content: "SID: 6707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106707; sid: 6106707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Player LoadMovie DoS"; content: "SID: 6710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106710; sid: 6106710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Image Download Spoofing"; content: "SID: 6711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106711; sid: 6106711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Script Engine Stack Exhaustion"; content: "SID: 6712 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106712; sid: 6106712; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Status Bar URL Spoofing"; content: "SID: 6717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106717; sid: 6106717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple AV Vendor Invalid Archive Checksum"; content: "SID: 6718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106718; sid: 6106718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL COM_TABLE_DUMP Function Stack Overflow"; content: "SID: 6719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106719; sid: 6106719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Login Handshake Information Disclosure"; content: "SID: 6720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106720; sid: 6106720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenBSD ISAKMP Message Handling Denial Of Service"; content: "SID: 6721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106721; sid: 6106721; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server 10g emagent.exe Stack Buffer Overflow"; content: "SID: 6722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106722; sid: 6106722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Directory Server LDAP Denial of Service Details"; content: "SID: 6723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106723; sid: 6106723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft Winamp Midi File Header Handling Buffer Overflow"; content: "SID: 6727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106727; sid: 6106727; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows GUID Folder Code Execution"; content: "SID: 6728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106728; sid: 6106728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Storage Manager Express Buffer Overflow"; content: "SID: 6730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106730; sid: 6106730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Username Buffer Overflow"; content: "SID: 6731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106731; sid: 6106731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Password Buffer Overflow"; content: "SID: 6732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106732; sid: 6106732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Arbitrary File Upload"; content: "SID: 6733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106733; sid: 6106733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA ARCserve Backup LGServer Multiple Buffer Overflows"; content: "SID: 6734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106734; sid: 6106734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer HHCtrl.ocx Image Property Heap Corruption"; content: "SID: 6735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106735; sid: 6106735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime FLIC Animation File Buffer Overflow Details"; content: "SID: 6736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106736; sid: 6106736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL_get_shared_ciphers Function Buffer Overflow"; content: "SID: 6737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106737; sid: 6106737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Messenger HTTP POST Request Invalid Memory Access"; content: "SID: 6739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106739; sid: 6106739; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro OfficeScan Atxconsole ActiveX Control Format String"; content: "SID: 6740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106740; sid: 6106740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Discovery XFERWAN Buffer overflow"; content: "SID: 6741 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106741; sid: 6106741; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Malformed Record Code Execution"; content: "SID: 6742 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106742; sid: 6106742; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell ZENworks Asset Mangement Overflow"; content: "SID: 6743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106743; sid: 6106743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla FireFox DomNodeRemoved Memory Corruption"; content: "SID: 6744 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106744; sid: 6106744; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Remote Kernel TCPIP ICMP Vulnerability"; content: "SID: 6755 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106755; sid: 6106755; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Page Update Race Condition"; content: "SID: 6757 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106757; sid: 6106757; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Version Number Code Execution Vulnerability"; content: "SID: 6758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106758; sid: 6106758; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari Regular Expression Overflow"; content: "SID: 6759 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106759; sid: 6106759; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Buffer overflow"; content: "SID: 6760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106760; sid: 6106760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unified Communications Manager CTL Provider Heap Overflow"; content: "SID: 6761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106761; sid: 6106761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco PIX and ASA Time-to-Live DoS"; content: "SID: 6764 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106764; sid: 6106764; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Application Velocity System Default Passwords"; content: "SID: 6765 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106765; sid: 6106765; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Security Zone Bypass and Address Spoofing"; content: "SID: 6766 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106766; sid: 6106766; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows RSH Daemon Stack Overflow"; content: "SID: 6767 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106767; sid: 6106767; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba WINS Remote Code Execution Vulnerability"; content: "SID: 6768 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106768; sid: 6106768; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netware LSASS CIFS.NLM Driver Overflow"; content: "SID: 6769 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106769; sid: 6106769; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenOffice PRTDATA Heap Overflow"; content: "SID: 6770 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106770; sid: 6106770; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows WebDAV Mini Redirector"; content: "SID: 6771 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106771; sid: 6106771; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPerfect X3 Printer Selection Vulnerability"; content: "SID: 6773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106773; sid: 6106773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Works Converter Remote Code Execution"; content: "SID: 6775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106775; sid: 6106775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Converter Input Validation Remote Code Execution"; content: "SID: 6776 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106776; sid: 6106776; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows OLE Automation Remote Code Execution"; content: "SID: 6777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106777; sid: 6106777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Converter Index Table Vulnerability"; content: "SID: 6778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106778; sid: 6106778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Argument Handling Memory Corruption Vulnerability"; content: "SID: 6780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106780; sid: 6106780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Proxy Response Overflow"; content: "SID: 6781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106781; sid: 6106781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP MIME Request Boundary Overflow"; content: "SID: 6782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106782; sid: 6106782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe PDF Code Execution"; content: "SID: 6784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106784; sid: 6106784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Basic VBP File Processing Buffer Overflow"; content: "SID: 6785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106785; sid: 6106785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Memory Corruption Vulnerability"; content: "SID: 6786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106786; sid: 6106786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Cell Parsing Memory Corruption Vulnerability"; content: "SID: 6787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106787; sid: 6106787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SonicWALL SSL VPN Client Remote ActiveX Vulnerability"; content: "SID: 6788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106788; sid: 6106788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp Ultravox Stream Title Stack Overflow"; content: "SID: 6789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106789; sid: 6106789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access Privilege Escalation"; content: "SID: 6790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106790; sid: 6106790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQL Memory Corruption Vulnerability"; content: "SID: 6792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106792; sid: 6106792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows GDI Image Handling"; content: "SID: 6793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106793; sid: 6106793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCserve Backup Listservcntrl ActiveX Overflow"; content: "SID: 6794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106794; sid: 6106794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Panda ActiveScan ActiveX Overflow"; content: "SID: 6795 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106795; sid: 6106795; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP StorageWorks Buffer Overflow"; content: "SID: 6798 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106798; sid: 6106798; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM CTI DoS"; content: "SID: 6799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106799; sid: 6106799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Reply"; content: "SID: 6901 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106901; sid: 6106901; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Request"; content: "SID: 6902 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106902; sid: 6106902; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Any"; content: "SID: 6903 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106903; sid: 6106903; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood UDP"; content: "SID: 6910 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106910; sid: 6106910; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood TCP"; content: "SID: 6920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106920; sid: 6106920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Code Execution"; content: "SID: 6921 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106921; sid: 6106921; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VBScript JScript Remote Code Execution"; content: "SID: 6922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106922; sid: 6106922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Memory Corruption Vulnerability"; content: "SID: 6923 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106923; sid: 6106923; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Publisher Remote Code Execution"; content: "SID: 6924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106924; sid: 6106924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Property Memory Corruption"; content: "SID: 6925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106925; sid: 6106925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS DLSw DoS"; content: "SID: 6926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106926; sid: 6106926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook mailto URI Remote Code Execution"; content: "SID: 6928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106928; sid: 6106928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Memory Corruption"; content: "SID: 6929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106929; sid: 6106929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Web Components URL Parsing Vulnerability"; content: "SID: 6930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106930; sid: 6106930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Virtual-Access Interface Exhaustion DoS"; content: "SID: 6931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106931; sid: 6106931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Objects Uninitialized Memory Corruption Vulnerability"; content: "SID: 6932 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106932; sid: 6106932; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI Buffer Overflow"; content: "SID: 6934 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106934; sid: 6106934; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVE-2008-1086 ActiveX Killbit Update"; content: "SID: 6935 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106935; sid: 6106935; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UCM Disaster Recovery Framework Command Execution"; content: "SID: 6936 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106936; sid: 6106936; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE File Handling Memory Corruption"; content: "SID: 6937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106937; sid: 6106937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE Argument Handling Memory Corruption Exploit"; content: "SID: 6938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106938; sid: 6106938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Project Remote Code Execution"; content: "SID: 6939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106939; sid: 6106939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Remote Code Execution"; content: "SID: 6940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106940; sid: 6106940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo ActiveX Buffer Overflow"; content: "SID: 6942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106942; sid: 6106942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUPS CGI Compile Search Overflow"; content: "SID: 6944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106944; sid: 6106944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView OVAS.EXE Stack Overflow"; content: "SID: 6945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106945; sid: 6106945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web Client Remote Code Execution Vulnerability"; content: "SID: 6946 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106946; sid: 6106946; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Drawing Object Vulnerability"; content: "SID: 6951 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106951; sid: 6106951; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Cascading Style Sheet (CSS) Vulnerability"; content: "SID: 6952 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106952; sid: 6106952; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM SIP Stack DoS"; content: "SID: 6954 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106954; sid: 6106954; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Null Pointer Dereference"; content: "SID: 6959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106959; sid: 6106959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Response Cross-Domain Info Disclosure"; content: "SID: 6960 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106960; sid: 6106960; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Objects Memory Corruption"; content: "SID: 6961 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106961; sid: 6106961; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unity DOS"; content: "SID: 6962 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106962; sid: 6106962; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MJPEG Decoder Vulnerability"; content: "SID: 6963 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106963; sid: 6106963; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asprox Injection Attempt"; content: "SID: 6964 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106964; sid: 6106964; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed Search File Code Execution"; content: "SID: 6966 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106966; sid: 6106966; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Privilege Elevation"; content: "SID: 6967 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106967; sid: 6106967; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Access Snapshot Viewer ActiveX Remote Code Execution"; content: "SID: 6968 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106968; sid: 6106968; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Smart Tag Corruption Exploit"; content: "SID: 6969 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106969; sid: 6106969; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow SAMI Parsing Remote Code Execution"; content: "SID: 6970 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106970; sid: 6106970; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic Exploit Component"; content: "SID: 6971 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106971; sid: 6106971; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rosoft Media Player Overflow"; content: "SID: 6972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106972; sid: 6106972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS FTPd MKD Command Buffer Overflow"; content: "SID: 6973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106973; sid: 6106973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Motorola Timbuktu Pro Arbitrary File Deletion/Creation"; content: "SID: 6974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106974; sid: 6106974; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arbitrary File Upload In CA ARCserve"; content: "SID: 6975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106975; sid: 6106975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Powerpoint 2003 Viewer Buffer Overflow"; content: "SID: 6976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106976; sid: 6106976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wonderware Suitlink Denial Of Service"; content: "SID: 6977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106977; sid: 6106977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PowerPoint Parsing Overflow"; content: "SID: 6978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106978; sid: 6106978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BEA WebLogic Server Apache Connector HTTP Version String BO"; content: "SID: 6979 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106979; sid: 6106979; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Memory Allocation Exploit"; content: "SID: 6981 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106981; sid: 6106981; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PICT Filter Parsing Exploit"; content: "SID: 6983 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106983; sid: 6106983; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Image Color Management System RCE"; content: "SID: 6984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106984; sid: 6106984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office WPG Image File Heap Corruption Exploit"; content: "SID: 6985 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106985; sid: 6106985; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE HTML Objects Memory Corruption Exploit"; content: "SID: 6986 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106986; sid: 6106986; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebEx Meeting Manager ActiveX Overflow"; content: "SID: 6988 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106988; sid: 6106988; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOSFW HTTP Inspection Vulnerability"; content: "SID: 6989 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106989; sid: 6106989; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio Msmask32.ocx ActiveX Buffer Overflow"; content: "SID: 6990 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106990; sid: 6106990; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas Storage Foundation Null Session"; content: "SID: 6991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106991; sid: 6106991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS EAP Overflow"; content: "SID: 6994 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106994; sid: 6106994; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI EMF Memory Corruption Vulnerability"; content: "SID: 6995 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106995; sid: 6106995; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI+ BMP Integer Overflow"; content: "SID: 6996 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106996; sid: 6106996; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OneNote Uniform Resource Locator Validation Error Vulnerability"; content: "SID: 6997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106997; sid: 6106997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI-Plus WMF Buffer Overrun Exploit"; content: "SID: 6998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106998; sid: 6106998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco PIM Multicast Denial of Service Attack"; content: "SID: 6999 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106999; sid: 6106999; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Data Base TNS Connection"; content: "SID: 7000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107000; sid: 6107000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TNS Redirect Request"; content: "SID: 7001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107001; sid: 6107001; rev: 4;)