# Sagan cisco-sdee.rules
# Copyright (c) 2009-2017, Quadrant Information Security <www.quadrantsec.com>
# All rights reserved.
#
# Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list
#
#*************************************************************
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
#  following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#  Note: You will need a program to convert Cisco IPS events (from the SDEE protocol) to syslog.  At Quadrant, 
#  we have developed a program called "qdee" ("Q - Dee").  You'll need something similar.  "qdee" is _not_ 
#  a open source project at this time.  
#
#  Update Notes [2017/05/09] : The Cisco IPS modules are pretty old.  By default, all these rules have been disabled
#  and you probably shouldn't use them.  The software "qdee" is now shipped with Sagan in the "extra" directory.  
#  You can also check out https://github.com/beave/sagan/tree/master/extra/qdee
# 
#  Contact Champ Clark III for more information (cclark@quadrantsec.com)
#
#  Since these are not "standard" rules, we start the ID's at "6100000". 
#
#  See: https://supportforums.cisco.com/discussion/10008061/problems-ips-#alert-reporting
#       http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html
#       http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_ios_ips/configuration/12-4t/sec-data-ios-ips-12-4t-book.pdf


#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPS/IDS License Expiration"; content: "Health Warning"; content: "licenseExpiration"; classtype: system-event; reference: url,wiki.quadrantsec.com/bin/view/Main/6100000; sid: 6100000; rev:1;)

# Based off http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId={Sigature ID}

#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Bad Option List"; content: "SID: 1000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101000; sid: 6101000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Record Packet Route"; content: "SID: 1001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101001; sid: 6101001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Timestamp"; content: "SID: 1002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101002; sid: 6101002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Provide s,c,h,tcc"; content: "SID: 1003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101003; sid: 6101003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Loose Source Route"; content: "SID: 1004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101004; sid: 6101004; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-SATNET ID"; content: "SID: 1005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101005; sid: 6101005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP options-Strict Source Route"; content: "SID: 1006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101006; sid: 6101006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 over IPv4 or IPv6"; content: "SID: 1007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101007; sid: 6101007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lurk Malware Communication"; content: "SID: 1018 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101018; sid: 6101018; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XShellC601 Malware Communication"; content: "SID: 1019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101019; sid: 6101019; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BB Malware Communication"; content: "SID: 1020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101020; sid: 6101020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Murcy Malware Communication"; content: "SID: 1021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101021; sid: 6101021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QDigit Malware Communication"; content: "SID: 1022 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101022; sid: 6101022; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Software Smart Install Denial of Service"; content: "SID: 1027 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101027; sid: 6101027; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BitDefender Internet Security 2009 XSS"; content: "SID: 1028 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101028; sid: 6101028; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iManager Off By One Buffer Overflow"; content: "SID: 1029 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101029; sid: 6101029; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantic IM Manager Administrator Console Code Injection"; content: "SID: 1030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101030; sid: 6101030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows MPEG Layer-3 Audio Decoder Stack Buffer Overflow"; content: "SID: 1032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101032; sid: 6101032; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Slowloris Exploit"; content: "SID: 1034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101034; sid: 6101034; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft DNS server Denial of Service Vulnerability"; content: "SID: 1038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101038; sid: 6101038; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101039; sid: 6101039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNSChanger Malware"; content: "SID: 1040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101040; sid: 6101040; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101044; sid: 6101044; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent HTTP Request Remote Code Execution"; content: "SID: 1051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101051; sid: 6101051; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe PDF Remote Code Execution"; content: "SID: 1052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101052; sid: 6101052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF File Buffer Overflow"; content: "SID: 1055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101055; sid: 6101055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Corehttp Httpd Buffer Overflow"; content: "SID: 1056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101056; sid: 6101056; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101057; sid: 6101057; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Webex WRF File Buffer Overflow"; content: "SID: 1058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101058; sid: 6101058; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Hit-Highlighting Authentication Bypass"; content: "SID: 1059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101059; sid: 6101059; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache auth_ldap Format String"; content: "SID: 1060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101060; sid: 6101060; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Active Directory LDAP Remote Code Execution"; content: "SID: 1062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: 389; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101062; sid: 6101062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BIND 8 TSIG Remote Code Execution"; content: "SID: 1063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101063; sid: 6101063; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor Backup Products Tape Engine Service RPC Request Arbitrary Code Execution Vulnerability"; content: "SID: 1067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101067; sid: 6101067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows PPTP Denial of Service"; content: "SID: 1069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $PPTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101069; sid: 6101069; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Directory Server 6.0 Denial Of Service"; content: "SID: 1076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101076; sid: 6101076; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP File Upload GLOBAL Variable Overwrite"; content: "SID: 1077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101077; sid: 6101077; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix RTSP SETUP Request Denial Of Service"; content: "SID: 1079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101079; sid: 6101079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Informix Long Username Buffer Overflow"; content: "SID: 1080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101080; sid: 6101080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101081; sid: 6101081; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libevent DNS Parsing Denial Of Service"; content: "SID: 1082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101082; sid: 6101082; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Plug and Play Overflow"; content: "SID: 1083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101083; sid: 6101083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS HTTP Server Vulnerability"; content: "SID: 1085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101085; sid: 6101085; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle OPMN daemon Format String Denial Of Service"; content: "SID: 1086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101086; sid: 6101086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle XDB FTP Buffer Overflow"; content: "SID: 1088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $FTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101088; sid: 6101088; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SAP Message Server Group Parameter Remote Buffer Overflow"; content: "SID: 1089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101089; sid: 6101089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NTP MODE_PRIVATE Denial of Service"; content: "SID: 1090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $NTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101090; sid: 6101090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSwan and StrongSwan DPD Packet Remote DoS"; content: "SID: 1091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101091; sid: 6101091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Measuresoft ScadaPro Command Injection"; content: "SID: 1096 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101096; sid: 6101096; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Buffer Overflow"; content: "SID: 1097 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101097; sid: 6101097; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1099 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101099; sid: 6101099; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unknown IP Protocol"; content: "SID: 1101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101101; sid: 6101101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Impossible IP Packet"; content: "SID: 1102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101102; sid: 6101102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Localhost Source Spoof"; content: "SID: 1104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101104; sid: 6101104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Denial of Service"; content: "SID: 1105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101105; sid: 6101105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsys PROMOTIC ActiveX SaveCfg AddTrend Buffer Overflow"; content: "SID: 1106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101106; sid: 6101106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RFC 1918 Addresses Seen"; content: "SID: 1107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101107; sid: 6101107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Packet with Proto 11"; content: "SID: 1108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101108; sid: 6101108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Interface DoS"; content: "SID: 1109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101109; sid: 6101109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Siemens FactoryLink Arbitrary Files Access and Denial of Service"; content: "SID: 1121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101121; sid: 6101121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenOffice Remote Code Execution"; content: "SID: 1122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101122; sid: 6101122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RPC DCOM ISystemActivator Buffer Overflow"; content: "SID: 1124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101124; sid: 6101124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WellinTech Kingview Buffer Overflow"; content: "SID: 1126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101126; sid: 6101126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS ISAKMP Vulnerability"; content: "SID: 1127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101127; sid: 6101127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft RRAS Service Overflow"; content: "SID: 1128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101128; sid: 6101128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Remote Code Execution"; content: "SID: 1129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101129; sid: 6101129; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Malicous Signed Portable Executable File"; content: "SID: 1130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101130; sid: 6101130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101131; sid: 6101131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE OnReadyStateChange Remote Code Execution"; content: "SID: 1132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101132; sid: 6101132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE SelectAll Remote Code Execution"; content: "SID: 1134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101134; sid: 6101134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Parameter Validation Vulnerability"; content: "SID: 1135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101135; sid: 6101135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Remote Code Execution"; content: "SID: 1136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101136; sid: 6101136; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Livemesh Application"; content: "SID: 1137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101137; sid: 6101137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Use After Free"; content: "SID: 1138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101138; sid: 6101138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Marshalling Code Remote Code Execution Vulnerability"; content: "SID: 1140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101140; sid: 6101140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Obfuscation Code Fragment"; content: "SID: 1142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101142; sid: 6101142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectX NULL Byte Overwrite Vulnerability"; content: "SID: 1143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101143; sid: 6101143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Publisher 2007 Remote Code Execution"; content: "SID: 1144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101144; sid: 6101144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office PowerPoint Remote Code Execution Vulnerability"; content: "SID: 1152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101152; sid: 6101152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel 2003 Denial of Service Vulnerability"; content: "SID: 1155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101155; sid: 6101155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Remote Code Execution"; content: "SID: 1157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101157; sid: 6101157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability"; content: "SID: 1166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101166; sid: 6101166; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic Alphanumeric Generated Email Address"; content: "SID: 1169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101169; sid: 6101169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 1173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101173; sid: 6101173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visio Viewer Remote Code Execution"; content: "SID: 1182 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101182; sid: 6101182; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word RTF Heap Overrun"; content: "SID: 1183 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101183; sid: 6101183; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Buffer Overflow"; content: "SID: 1184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101184; sid: 6101184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Serialization Vulnerability"; content: "SID: 1185 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101185; sid: 6101185; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Memory Corruption"; content: "SID: 1186 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101186; sid: 6101186; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Plus Heap Overflow Vulnerability"; content: "SID: 1187 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101187; sid: 6101187; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Vulnerability"; content: "SID: 1188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101188; sid: 6101188; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel MergeCells Record Heap Overflow"; content: "SID: 1189 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101189; sid: 6101189; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Player newfunction Buffer Overflow"; content: "SID: 1190 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101190; sid: 6101190; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Memory Corruption Vulnerability"; content: "SID: 1191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101191; sid: 6101191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution"; content: "SID: 1192 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101192; sid: 6101192; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Remote Code Execution"; content: "SID: 1193 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101193; sid: 6101193; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI Remote Code Execution Vulnerability"; content: "SID: 1194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101194; sid: 6101194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft TrueType Font Parsing Vulnerability"; content: "SID: 1195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101195; sid: 6101195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101196; sid: 6101196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel File Format Memory Corruption Vulnerability"; content: "SID: 1197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101197; sid: 6101197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragmentation Buffer Full"; content: "SID: 1200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101200; sid: 6101200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overlap"; content: "SID: 1201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101201; sid: 6101201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overrun - Datagram Too Long"; content: "SID: 1202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101202; sid: 6101202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Overwrite - Data is Overwritten"; content: "SID: 1203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101203; sid: 6101203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Missing Initial Fragment"; content: "SID: 1204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101204; sid: 6101204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Datagrams"; content: "SID: 1205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101205; sid: 6101205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Small"; content: "SID: 1206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101206; sid: 6101206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Too Many Fragments in a Datagram"; content: "SID: 1207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101207; sid: 6101207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IP Fragment Incomplete Datagram"; content: "SID: 1208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101208; sid: 6101208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Object Packager Remote Code Execution Vulnerability"; content: "SID: 1210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101210; sid: 6101210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Spyeye Trojan Toolkit"; content: "SID: 1212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101212; sid: 6101212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Deflate Encoding Memory Corruption"; content: "SID: 1213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101213; sid: 6101213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption"; content: "SID: 1218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101218; sid: 6101218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jolt2 Fragment Reassembly DoS attack"; content: "SID: 1220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101220; sid: 6101220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server DBMS_CDC_PUBLISH SQL Injection"; content: "SID: 1221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101221; sid: 6101221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragment Flags Invalid"; content: "SID: 1225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101225; sid: 6101225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Packet Bad Length"; content: "SID: 1250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101250; sid: 6101250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flame Malware"; content: "SID: 1256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101256; sid: 6101256; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101258; sid: 6101258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Internet Explorer 9 Use After Free"; content: "SID: 1261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101261; sid: 6101261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Unauthorized Digital Certificates"; content: "SID: 1263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101263; sid: 6101263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Leak"; content: "SID: 1265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101265; sid: 6101265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101268; sid: 6101268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Title Element Change Remote Code Execution"; content: "SID: 1270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101270; sid: 6101270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft insertAdjacentText Remote Code Execution"; content: "SID: 1271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101271; sid: 6101271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Developer Toolbar Vulnerability"; content: "SID: 1272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101272; sid: 6101272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 1273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101273; sid: 6101273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Memory Access Vulnerability"; content: "SID: 1274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101274; sid: 6101274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Dynamics AX Enterprise Portal Elevation of Privilege"; content: "SID: 1275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101275; sid: 6101275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution"; content: "SID: 1276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101276; sid: 6101276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101277; sid: 6101277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer and Lync HTML Sanitization Cross-Site Scripting"; content: "SID: 1279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101279; sid: 6101279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Remote Code Execution"; content: "SID: 1281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101281; sid: 6101281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Heap Overflow"; content: "SID: 1283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101283; sid: 6101283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player WRF File Buffer Overflow"; content: "SID: 1284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101284; sid: 6101284; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Stop Service Code"; content: "SID: 1285 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101285; sid: 6101285; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Reset Service Code"; content: "SID: 1287 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101287; sid: 6101287; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TelePresence Recording Server Media Import Command Injection"; content: "SID: 1288 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101288; sid: 6101288; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix boot code dump"; content: "SID: 1289 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101289; sid: 6101289; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1290 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101290; sid: 6101290; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Firmware Update"; content: "SID: 1291 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101291; sid: 6101291; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1292 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101292; sid: 6101292; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rockwell ControlLogix Denial of Service"; content: "SID: 1293 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101293; sid: 6101293; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Groupwise Messenger Server Information Leakage"; content: "SID: 1295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101295; sid: 6101295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Webex WRF JPEG DHT Chunk Stack Buffer Overflow"; content: "SID: 1296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101296; sid: 6101296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Enumeration Information Disclosure"; content: "SID: 1298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101298; sid: 6101298; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Segment Overwrite"; content: "SID: 1300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $FTP_PORT; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101300; sid: 6101300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Inactivity Timeout"; content: "SID: 1301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101301; sid: 6101301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Embryonic Timeout"; content: "SID: 1302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101302; sid: 6101302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Closing Timeout"; content: "SID: 1303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101303; sid: 6101303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Session Packet Queue Overflow"; content: "SID: 1304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101304; sid: 6101304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP URG flag set"; content: "SID: 1305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101305; sid: 6101305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Option Other"; content: "SID: 1306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101306; sid: 6101306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Window Variation"; content: "SID: 1307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101307; sid: 6101307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TTL evasion"; content: "SID: 1308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101308; sid: 6101308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Reserved flags set"; content: "SID: 1309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101309; sid: 6101309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Retransmit Data Different"; content: "SID: 1310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101310; sid: 6101310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Packet Exceeds MSS"; content: "SID: 1311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101311; sid: 6101311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS below minimum"; content: "SID: 1312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101312; sid: 6101312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSS exceeds maximum"; content: "SID: 1313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101313; sid: 6101313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Packet With Data"; content: "SID: 1314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101314; sid: 6101314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ACK w/o TCP Stream"; content: "SID: 1315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101315; sid: 6101315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FIN or RST w/o TCP Stream"; content: "SID: 1316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101316; sid: 6101316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zero Window Probe"; content: "SID: 1317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101317; sid: 6101317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Reflected List Parameter Vulnerability"; content: "SID: 1326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101326; sid: 6101326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS Stack Exhaustion DoS"; content: "SID: 1328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101328; sid: 6101328; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Cached Object Remote Code Execution"; content: "SID: 1329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101329; sid: 6101329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Drop - Bad Checksum"; content: "SID: 1330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101330; sid: 6101330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101331; sid: 6101331; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Registered Application Handler Vulnerability"; content: "SID: 1333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101333; sid: 6101333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows ADO Heap Overflow"; content: "SID: 1334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101334; sid: 6101334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint Cross Site Scripting Attack"; content: "SID: 1335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101335; sid: 6101335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Telepresence Command Injection Vulnerability"; content: "SID: 1338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101338; sid: 6101338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Joomla 1.5.12 TinyBrowser File Upload Code Execution"; content: "SID: 1341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101341; sid: 6101341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Common Services Framework Help Servlet XSS Vulnerability"; content: "SID: 1343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101343; sid: 6101343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS BGP Malformed Attribute Denial of Service"; content: "SID: 1346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101346; sid: 6101346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Skype Call Activity"; content: "SID: 1347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101347; sid: 6101347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javascript Trojan Iframe.F"; content: "SID: 1349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101349; sid: 6101349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Viewer Code Execution Vulnerability"; content: "SID: 1350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101350; sid: 6101350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Web Gateway Remote Command Execution"; content: "SID: 1353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101353; sid: 6101353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player URL Security Domain Checking Vulnerability"; content: "SID: 1356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101356; sid: 6101356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Buffer Overflow"; content: "SID: 1358 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101358; sid: 6101358; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Domino Server Controller Authentication Bypass"; content: "SID: 1360 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101360; sid: 6101360; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Read Access Violation Vulnerability"; content: "SID: 1364 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101364; sid: 6101364; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle WebCenter ActiveX Control File Creation Vulnerability"; content: "SID: 1366 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101366; sid: 6101366; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1367 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101367; sid: 6101367; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime JPEG2000 Integer Overflow"; content: "SID: 1369 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101369; sid: 6101369; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FFmpeg 4xm Null Pointer Memory Corruption"; content: "SID: 1370 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101370; sid: 6101370; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Integer Overflow Remote Code Execution"; content: "SID: 1371 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101371; sid: 6101371; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Asynchronous NULL Object Access Remote Code Execution"; content: "SID: 1372 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101372; sid: 6101372; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 File Memory Corruption Vulnerability"; content: "SID: 1373 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101373; sid: 6101373; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect EarthAgent RPC Buffer Overflow Vulnerability"; content: "SID: 1374 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101374; sid: 6101374; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit Memory Corruption Vulnerability"; content: "SID: 1376 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101376; sid: 6101376; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use After Free Vulnerability"; content: "SID: 1377 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101377; sid: 6101377; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Memory Corruption"; content: "SID: 1378 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101378; sid: 6101378; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol Vulnerability"; content: "SID: 1379 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101379; sid: 6101379; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSCOMCTL ActiveX Control Remote Code Execution Vulnerability"; content: "SID: 1380 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101380; sid: 6101380; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Networking Vulnerability"; content: "SID: 1381 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101381; sid: 6101381; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Print Spooler Service Format String Vulnerability"; content: "SID: 1382 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101382; sid: 6101382; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Remote Administration Protocol Heap Overflow"; content: "SID: 1384 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101384; sid: 6101384; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows IE Layout Memory Corruption"; content: "SID: 1385 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101385; sid: 6101385; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader Stack Buffer Overflow Vulnerability"; content: "SID: 1386 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101386; sid: 6101386; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Arbitrary Code Execution"; content: "SID: 1387 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101387; sid: 6101387; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL CMS Structure OriginatorInfo Memory Corruption"; content: "SID: 1388 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101388; sid: 6101388; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Database Archiving Software GIOP Parsing Buffer Overflow"; content: "SID: 1389 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101389; sid: 6101389; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Denial of Service"; content: "SID: 1393 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101393; sid: 6101393; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Linksys PlayerPT ActiveX Control Stack Overflow"; content: "SID: 1394 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101394; sid: 6101394; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player MP4 Sequence Parameter Set Parsing Buffer Overflow"; content: "SID: 1395 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101395; sid: 6101395; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Cross Site Scripting (XSS) Vulnerability"; content: "SID: 1396 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101396; sid: 6101396; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Array.reduceRight Integer Overflow Vulnerability"; content: "SID: 1397 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101397; sid: 6101397; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook Web Access Cross Site Request Forgery Vulnerability"; content: "SID: 1398 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101398; sid: 6101398; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA Total Defense Suite Information Disclosure Vulnerability"; content: "SID: 1399 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101399; sid: 6101399; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Over IPv6 Encapsulation"; content: "SID: 1400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101400; sid: 6101400; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPIP Encapsulation"; content: "SID: 1401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101401; sid: 6101401; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MPLS Over IPv6 Encapsulation"; content: "SID: 1402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101402; sid: 6101402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv4 Over IPv6 Encapsulation"; content: "SID: 1403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101403; sid: 6101403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave PAMI Chunk Remote Code Execution"; content: "SID: 1404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101404; sid: 6101404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination IP Address"; content: "SID: 1405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101405; sid: 6101405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Source Port"; content: "SID: 1406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101406; sid: 6101406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Destination Port"; content: "SID: 1407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101407; sid: 6101407; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Teredo Data Packet"; content: "SID: 1408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101408; sid: 6101408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GRE Tunnel Detected"; content: "SID: 1409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101409; sid: 6101409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Over MPLS Tunnel"; content: "SID: 1410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101410; sid: 6101410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Response Storm"; content: "SID: 1414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101414; sid: 6101414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Non-DNP3 Communication on a DNP3 Port"; content: "SID: 1415 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101415; sid: 6101415; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Last Received Was A Broadcast Message"; content: "SID: 1417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101417; sid: 6101417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 7 Applet Remote Code Execution Vulnerability"; content: "SID: 1421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101421; sid: 6101421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Time Synchronization Required"; content: "SID: 1422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101422; sid: 6101422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Under Local Control"; content: "SID: 1423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101423; sid: 6101423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device In Trouble"; content: "SID: 1424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101424; sid: 6101424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Attempt To Use Unsupported Function Code"; content: "SID: 1425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101425; sid: 6101425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Request Object Unknown Or Errors In Application Data"; content: "SID: 1426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101426; sid: 6101426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Parameters Out Of Range"; content: "SID: 1427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101427; sid: 6101427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Event Buffer Overflow"; content: "SID: 1428 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101428; sid: 6101428; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Already Executing Request"; content: "SID: 1429 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101429; sid: 6101429; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Corrupt Configuration Error"; content: "SID: 1430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101430; sid: 6101430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Invalid Reserved IIN Flags Set"; content: "SID: 1431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101431; sid: 6101431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Active Configuration"; content: "SID: 1432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101432; sid: 6101432; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Request"; content: "SID: 1433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101433; sid: 6101433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Reply"; content: "SID: 1434 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101434; sid: 6101434; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Error"; content: "SID: 1435 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101435; sid: 6101435; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Authentication Response Or Authentication Challenge"; content: "SID: 1436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101436; sid: 6101436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Challenge"; content: "SID: 1437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101437; sid: 6101437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Unsolicited Authentication Response Storm"; content: "SID: 1438 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101438; sid: 6101438; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Advanced DNP3 - Device Restarted"; content: "SID: 1439 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101439; sid: 6101439; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Shamoon Malware Activity"; content: "SID: 1441 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101441; sid: 6101441; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Studio Team Web Access XSS Vulnerability"; content: "SID: 1442 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101442; sid: 6101442; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Configuration Manager Reflected XSS"; content: "SID: 1444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101444; sid: 6101444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption"; content: "SID: 1445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101445; sid: 6101445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability"; content: "SID: 1446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101446; sid: 6101446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ganglia Stack Buffer Overflow Vulnerability"; content: "SID: 1447 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101447; sid: 6101447; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Player Player Heap Buffer Overflow Vulnerability"; content: "SID: 1451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101451; sid: 6101451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Memory Corruption Vulnerability"; content: "SID: 1455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101455; sid: 6101455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow"; content: "SID: 1459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101459; sid: 6101459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenLDAP Modrdn Memory Corruption Vulnerability"; content: "SID: 1460 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101460; sid: 6101460; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DATAC Control RealWin SCADA Server Buffer Overflow Vulnerability"; content: "SID: 1461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101461; sid: 6101461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Universal Server Buffer Overflow"; content: "SID: 1462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101462; sid: 6101462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DD-WRT Arbitrary Shell Command Execution Vulnerability"; content: "SID: 1464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101464; sid: 6101464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer execCommand Vulnerability"; content: "SID: 1466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101466; sid: 6101466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Format String Vulnerability"; content: "SID: 1468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101468; sid: 6101468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Object Processing Vulnerability"; content: "SID: 1469 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101469; sid: 6101469; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox and SeaMonkey Remote Cross-Site Scripting Vulnerability"; content: "SID: 1470 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101470; sid: 6101470; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability"; content: "SID: 1471 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101471; sid: 6101471; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Embedded OpenType Font Processing Heap Overflow Vulnerability"; content: "SID: 1472 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101472; sid: 6101472; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XDP Encoded PDF File Transfer"; content: "SID: 1474 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101474; sid: 6101474; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webex Player Heap Overflow"; content: "SID: 1475 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101475; sid: 6101475; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA and FWSM DCERPC Inspection DoS"; content: "SID: 1476 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101476; sid: 6101476; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA PIX Denial of Service"; content: "SID: 1478 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101478; sid: 6101478; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1480 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101480; sid: 6101480; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer cloneNode Remote Code Execution"; content: "SID: 1481 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101481; sid: 6101481; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Document Layout Processing Use-After-Free Vulnerability"; content: "SID: 1482 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101482; sid: 6101482; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer 9 Event Listener Remote Code Execution"; content: "SID: 1483 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101483; sid: 6101483; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Buffer Overflow"; content: "SID: 1487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101487; sid: 6101487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CISCO ASA DCERPC Inspection Denial Of Service"; content: "SID: 1492 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101492; sid: 6101492; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Distributed Denial of Service on Financial Institutions"; content: "SID: 1493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101493; sid: 6101493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx Recording Format Player Overflow"; content: "SID: 1494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101494; sid: 6101494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Remote Code Execution"; content: "SID: 1495 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101495; sid: 6101495; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works 9 Remote Code Execution Vulnerability"; content: "SID: 1496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101496; sid: 6101496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1497 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101497; sid: 6101497; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Report Manager Reflected Cross Site Scripting Vulnerability"; content: "SID: 1498 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101498; sid: 6101498; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word PAPX Section Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101501; sid: 6101501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Response-Splitting Protection Bypass"; content: "SID: 1503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101503; sid: 6101503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WebEx WRF Player Memory Corruption"; content: "SID: 1504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101504; sid: 6101504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow"; content: "SID: 1507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101507; sid: 6101507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ImageMagick ResolutionUnit Tag Invalid Validation Denial of Service Vulnerability"; content: "SID: 1508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101508; sid: 6101508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office TIFF Image Converter Memory Corruption"; content: "SID: 1511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101511; sid: 6101511; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Easy Printer Care HPTicketMgr.dll ActiveX Remote Code Execution"; content: "SID: 1512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101512; sid: 6101512; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101513; sid: 6101513; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101514; sid: 6101514; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Invalid Function Code Is Used"; content: "SID: 1520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101520; sid: 6101520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Reserved Function Code Used"; content: "SID: 1524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101524; sid: 6101524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe SWF Remote Code Execution"; content: "SID: 1528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101528; sid: 6101528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Chrome and Apple Safari Use-After-Free Code Execution"; content: "SID: 1532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101532; sid: 6101532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC NetWorker Buffer Overflow"; content: "SID: 1534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101534; sid: 6101534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exim Mail Transfer Agent Arbitrary Code Execution Vulnerability"; content: "SID: 1535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101535; sid: 6101535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat PDF Font Processing Memory Corruption"; content: "SID: 1536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101536; sid: 6101536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In JPEG 2000 Heap Buffer Overflow"; content: "SID: 1537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101537; sid: 6101537; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unified MeetingPlace Web Conferencing Buffer Overflow"; content: "SID: 1538 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101538; sid: 6101538; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Hyperion Strategic Finance Client Heap Buffer Overflow"; content: "SID: 1540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101540; sid: 6101540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Reader Code Execution"; content: "SID: 1545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101545; sid: 6101545; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H3C and Huawei SNMP Access Control Vulnerability"; content: "SID: 1546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101546; sid: 6101546; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word 2010 Stack Overflow"; content: "SID: 1547 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101547; sid: 6101547; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Picture Manager Memory Corruption"; content: "SID: 1548 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101548; sid: 6101548; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM xdrDecodeString Heap Buffer Overflow"; content: "SID: 1550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101550; sid: 6101550; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox SVGTextElement.getCharNumAtPositio Use-After-Free"; content: "SID: 1555 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101555; sid: 6101555; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Intelligent Management Center Multiple Remote Code Execution"; content: "SID: 1556 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101556; sid: 6101556; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Notes URL Handler Vulnerability"; content: "SID: 1563 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101563; sid: 6101563; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Domain Bypass"; content: "SID: 1564 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101564; sid: 6101564; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell ZENworks Asset Management Web Console Information Disclosure"; content: "SID: 1565 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101565; sid: 6101565; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vista Speech Recognition ActiveX Vulnerabilities"; content: "SID: 1566 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101566; sid: 6101566; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP StorageWorks P4000 Virtual SAN Appliance Command Execution Vulnerability"; content: "SID: 1569 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101569; sid: 6101569; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple iCloud Traffic"; content: "SID: 1570 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101570; sid: 6101570; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell File Reporter Buffer Overflow"; content: "SID: 1571 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101571; sid: 6101571; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Operations Agent for NonStop Server HEALTH Packet Parsing Stack Buffer"; content: "SID: 1572 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101572; sid: 6101572; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Shockwave ActiveX SwDir.dll Stack Buffer Overflow"; content: "SID: 1573 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101573; sid: 6101573; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare ActiveX Remote Code Execution"; content: "SID: 1574 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101574; sid: 6101574; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iPrint Client ActiveX Remote Code Execution"; content: "SID: 1575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101575; sid: 6101575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP Channel Driver Denial of Service"; content: "SID: 1577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101577; sid: 6101577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTPD32 Format String Vulnerability"; content: "SID: 1578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101578; sid: 6101578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk SIP INVITE Denial of Service"; content: "SID: 1579 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101579; sid: 6101579; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Shockwave Player Director Record Parsing Remote Code Execution"; content: "SID: 1580 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101580; sid: 6101580; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1584 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101584; sid: 6101584; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Explorer Code Execution"; content: "SID: 1585 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101585; sid: 6101585; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VLC Media Player Code Execution"; content: "SID: 1586 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101586; sid: 6101586; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows File Enumeration Memory Corruption Vulnerability"; content: "SID: 1587 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101587; sid: 6101587; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Stack Overflow Code Execution"; content: "SID: 1588 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101588; sid: 6101588; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Invalid Length Use After Free"; content: "SID: 1589 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101589; sid: 6101589; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1591 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101591; sid: 6101591; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Remote Code Execution Vulnerability"; content: "SID: 1593 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101593; sid: 6101593; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asterisk Skinny Channel Driver Capabilities_Res_Message Denial of Service"; content: "SID: 1595 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101595; sid: 6101595; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CFormElement Use After Free Vulnerability"; content: "SID: 1596 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101596; sid: 6101596; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Web Proxy Auto-Discovery Arbitrary Code Execution"; content: "SID: 1597 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101597; sid: 6101597; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Business Intelligence Enterprise Edition Cross Site Scripting"; content: "SID: 1598 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101598; sid: 6101598; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 zero length option"; content: "SID: 1600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101600; sid: 6101600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 1 violation"; content: "SID: 1601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101601; sid: 6101601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 2 violation"; content: "SID: 1602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101602; sid: 6101602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 3 violation"; content: "SID: 1603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101603; sid: 6101603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 4 violation"; content: "SID: 1604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101604; sid: 6101604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 option type 5 violation"; content: "SID: 1605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101605; sid: 6101605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 short option data"; content: "SID: 1606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101606; sid: 6101606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 multi-crafted fragments"; content: "SID: 1607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101607; sid: 6101607; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CTreePos Element Use After Free Vulnerability"; content: "SID: 1608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101608; sid: 6101608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Code Access Information Disclosure"; content: "SID: 1609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101609; sid: 6101609; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Request"; content: "SID: 1610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101610; sid: 6101610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Echo Reply"; content: "SID: 1611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101611; sid: 6101611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Destination Unreachable"; content: "SID: 1612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101612; sid: 6101612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big Message"; content: "SID: 1613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101613; sid: 6101613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Time Exceeded Message"; content: "SID: 1614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101614; sid: 6101614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Parameter Problem Message"; content: "SID: 1615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101615; sid: 6101615; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Query"; content: "SID: 1616 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101616; sid: 6101616; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Group Membership Report"; content: "SID: 1617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101617; sid: 6101617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Reduction"; content: "SID: 1618 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101618; sid: 6101618; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Solicitation"; content: "SID: 1619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101619; sid: 6101619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Advertisement"; content: "SID: 1620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101620; sid: 6101620; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Solicitation"; content: "SID: 1621 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101621; sid: 6101621; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Neighbor Advertisement"; content: "SID: 1622 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101622; sid: 6101622; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Redirect"; content: "SID: 1623 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101623; sid: 6101623; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Router Renumbering"; content: "SID: 1624 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101624; sid: 6101624; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Membership Report V2"; content: "SID: 1625 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101625; sid: 6101625; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMPV6 Traffic"; content: "SID: 1626 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101626; sid: 6101626; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMPv6 Traffic"; content: "SID: 1627 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101627; sid: 6101627; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Traffic over IPv4"; content: "SID: 1628 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101628; sid: 6101628; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Traffic over IPv6"; content: "SID: 1629 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101629; sid: 6101629; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMPv6 Packet Too Big"; content: "SID: 1630 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101630; sid: 6101630; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework Reflection Bypass Vulnerability"; content: "SID: 1631 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101631; sid: 6101631; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unix CUPS HTTP GET Denial Of Service"; content: "SID: 1632 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101632; sid: 6101632; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bootpd 2.4.3 Buffer Overflow"; content: "SID: 1635 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101635; sid: 6101635; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox 1.0.7 InstallTrigger.Install Remote Code Execution"; content: "SID: 1636 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101636; sid: 6101636; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Javascript Engine Overflow"; content: "SID: 1637 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101637; sid: 6101637; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox CSS Layout Memory Corruption"; content: "SID: 1638 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101638; sid: 6101638; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Use After Free Vulnerability"; content: "SID: 1641 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101641; sid: 6101641; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Kernel-Mode Driver Remote Code Execution"; content: "SID: 1642 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101642; sid: 6101642; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari Out of Bounds Access Denial of Service"; content: "SID: 1643 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101643; sid: 6101643; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Java Applet Payload Creation"; content: "SID: 1646 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101646; sid: 6101646; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent RRULE Weekday Parsing Buffer Overflow"; content: "SID: 1653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101653; sid: 6101653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PNG Embedded File Type"; content: "SID: 1654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101654; sid: 6101654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player ActionScript callMethod Code Execution"; content: "SID: 1664 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101664; sid: 6101664; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Secure Backup Server Command Execution Vulnerability"; content: "SID: 1671 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101671; sid: 6101671; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Open Type Font Parsing Vulnerability"; content: "SID: 1681 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101681; sid: 6101681; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE Improper Ref Counting Use After Free Vulnerability"; content: "SID: 1683 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101683; sid: 6101683; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GXV-3000 SIP Phone Eavesdropping Exploit"; content: "SID: 1693 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101693; sid: 6101693; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xitami Web Server Buffer Overflow"; content: "SID: 1694 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101694; sid: 6101694; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Root Access"; content: "SID: 1695 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101695; sid: 6101695; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Guest Access"; content: "SID: 1696 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101696; sid: 6101696; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Nobody Access"; content: "SID: 1697 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101697; sid: 6101697; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Hop-by-Hop Options Present"; content: "SID: 1700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101700; sid: 6101700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Present"; content: "SID: 1702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101702; sid: 6101702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragmented Traffic"; content: "SID: 1703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101703; sid: 6101703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Authentication Header Present"; content: "SID: 1704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101704; sid: 6101704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 ESP Header Present"; content: "SID: 1705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101705; sid: 6101705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Traffic Class Field"; content: "SID: 1706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101706; sid: 6101706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Header Flow Label Field"; content: "SID: 1707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101707; sid: 6101707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains An Invalid Address"; content: "SID: 1708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101708; sid: 6101708; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Word RTF Document Processing Arbitrary Code Execution Vulnerability"; content: "SID: 1709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101709; sid: 6101709; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Extensions Headers Out Of Order"; content: "SID: 1710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101710; sid: 6101710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Duplicate IPv6 Extension Headers"; content: "SID: 1711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101711; sid: 6101711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Duplicate Src And Dst Address"; content: "SID: 1712 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101712; sid: 6101712; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Header Contains Multicast Source Address"; content: "SID: 1713 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101713; sid: 6101713; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Address Set To localhost"; content: "SID: 1714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101714; sid: 6101714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Options Padding Too Long"; content: "SID: 1716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101716; sid: 6101716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back To Back Padding Options"; content: "SID: 1717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101717; sid: 6101717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Option Data Too Short"; content: "SID: 1718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101718; sid: 6101718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101719; sid: 6101719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Jumbo Payload Option Set"; content: "SID: 1720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101720; sid: 6101720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101721; sid: 6101721; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101722; sid: 6101722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Packet Contains Unassigned Options"; content: "SID: 1723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101723; sid: 6101723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Endpoint Identification Option Set"; content: "SID: 1724 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101724; sid: 6101724; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Tunnel Encapsulation Limit Option Set"; content: "SID: 1725 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101725; sid: 6101725; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Invalid Option Set"; content: "SID: 1726 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101726; sid: 6101726; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Router Alert Option Set"; content: "SID: 1727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101727; sid: 6101727; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type 0"; content: "SID: 1728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101728; sid: 6101728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Failure Log XSS"; content: "SID: 1729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101729; sid: 6101729; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 1 Routing Header"; content: "SID: 1730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101730; sid: 6101730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Type 2 Routing Header"; content: "SID: 1731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101731; sid: 6101731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Type Unknown Type"; content: "SID: 1732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101732; sid: 6101732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IPv6 Routing Header Length"; content: "SID: 1733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101733; sid: 6101733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Incomplete"; content: "SID: 1734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101734; sid: 6101734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains Invalid IP Address"; content: "SID: 1735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101735; sid: 6101735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Contains A Loop"; content: "SID: 1736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101736; sid: 6101736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Routing Header Reserved Bits Set"; content: "SID: 1737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101737; sid: 6101737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Unnecessary Fragment Header"; content: "SID: 1738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101738; sid: 6101738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Illegal Fragmentation"; content: "SID: 1739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101739; sid: 6101739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Small IPv6 Fragments"; content: "SID: 1740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101740; sid: 6101740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 Fragment Header Reserved Bits Set"; content: "SID: 1741 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101741; sid: 6101741; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPv6 No Next Header Option Present"; content: "SID: 1742 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101742; sid: 6101742; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP phpinfo() Cross-Site Scripting Vulnerability"; content: "SID: 1743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101743; sid: 6101743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Database Privilege Escalation"; content: "SID: 1747 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101747; sid: 6101747; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Peercast Basic Authentication Overflow"; content: "SID: 1749 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101749; sid: 6101749; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP zip URL Wrapper Buffer Overflow (HTTP)"; content: "SID: 1755 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101755; sid: 6101755; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Axigen POP3 Server Remote Format String Attack"; content: "SID: 1756 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101756; sid: 6101756; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VLC HTTPD Format String Bug"; content: "SID: 1758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101758; sid: 6101758; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Solaris RWall Daemon Syslog Format String Vulnerability"; content: "SID: 1760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101760; sid: 6101760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Post File Upload Buffer Overflow"; content: "SID: 1761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101761; sid: 6101761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Value Scan"; content: "SID: 1762 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101762; sid: 6101762; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Synergy Clipboard Integer Overflow"; content: "SID: 1773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101773; sid: 6101773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Web Admin Server Command Injection"; content: "SID: 1774 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101774; sid: 6101774; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netware Client Service Buffer Overflow"; content: "SID: 1775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101775; sid: 6101775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Information Leaking Vulnerability"; content: "SID: 1777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101777; sid: 6101777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS 4.0 Cross Site Scripting Vulnerability"; content: "SID: 1778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101778; sid: 6101778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Server Memory Corruption Vulnerability"; content: "SID: 1780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101780; sid: 6101780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nimda Worm TFTP Request"; content: "SID: 1781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101781; sid: 6101781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Total Defense Suite UNCWS SQL Injection"; content: "SID: 1786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101786; sid: 6101786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Remote Compiler Option Loading"; content: "SID: 1787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101787; sid: 6101787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tom Sawyer GET Extension Factory ActiveX Remote Code Execution"; content: "SID: 1789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101789; sid: 6101789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft System Center Operations Manager Privilege Escalation"; content: "SID: 1790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101790; sid: 6101790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HeapLib Instantiation"; content: "SID: 1791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101791; sid: 6101791; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CButton User After Free"; content: "SID: 1792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101792; sid: 6101792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET Framework OData Services Denial of Service"; content: "SID: 1793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101793; sid: 6101793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Vulnerability"; content: "SID: 1794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101794; sid: 6101794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Streamprocess Buffer Overflow"; content: "SID: 1799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101799; sid: 6101799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks RealPlayer URL Parsing Stack Buffer Overflow"; content: "SID: 1801 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101801; sid: 6101801; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby on Rails Remote Code Execution Vulnerability"; content: "SID: 1802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101802; sid: 6101802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange iCal DoS"; content: "SID: 1803 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101803; sid: 6101803; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java 1.7 Update 10 Remote Code Execution"; content: "SID: 1804 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101804; sid: 6101804; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ASA 1000v Cloud Firewall H.323 Inspection Denial of Service"; content: "SID: 1807 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101807; sid: 6101807; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Java Applet Rhino Script Engine Policy Bypass"; content: "SID: 1813 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101813; sid: 6101813; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate NULL Byte Name Insertion"; content: "SID: 1814 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101814; sid: 6101814; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] x.509 Certificate Integer Overflow"; content: "SID: 1815 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101815; sid: 6101815; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS IPSLA DoS"; content: "SID: 1819 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101819; sid: 6101819; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quest Software Big Brother Arbitrary File Deletion and Overwriting"; content: "SID: 1820 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101820; sid: 6101820; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Gopher Parsing Overflow"; content: "SID: 1822 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101822; sid: 6101822; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUPS GIF Parsing Heap Overflow"; content: "SID: 1823 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101823; sid: 6101823; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft .NET XML Signature Syntax and Processing Vulnerability"; content: "SID: 1831 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101831; sid: 6101831; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix XenApp And XenDesktop XML Buffer Overflow"; content: "SID: 1833 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101833; sid: 6101833; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sunway ForceControl SNMP NetDBServer Buffer Overflow"; content: "SID: 1835 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101835; sid: 6101835; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP JetDirect PJL Interface Universal Path Traversal"; content: "SID: 1836 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101836; sid: 6101836; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML5 Heap Spray"; content: "SID: 1837 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101837; sid: 6101837; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wibu-Systems WibuKey Runtime for Windows ActiveX Control Buffer Overflow"; content: "SID: 1838 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101838; sid: 6101838; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory LDAP Null Search Parameter Overflow"; content: "SID: 1850 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101850; sid: 6101850; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Portable SDK for UPnP Devices Buffer Overflow Vulnerabilities"; content: "SID: 1851 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101851; sid: 6101851; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ruby On Rails Remote Code Execution"; content: "SID: 1853 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101853; sid: 6101853; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Netware XNFS.NLM Remote Code Execution"; content: "SID: 1855 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101855; sid: 6101855; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1857 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101857; sid: 6101857; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OmniInet.exe Buffer Overflow Vulnerability"; content: "SID: 1858 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101858; sid: 6101858; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1862 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101862; sid: 6101862; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability"; content: "SID: 1863 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101863; sid: 6101863; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1864 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101864; sid: 6101864; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Internet Agent Buffer Overflow Vulnerability"; content: "SID: 1865 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101865; sid: 6101865; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox DOM Insertions Memory Corruption"; content: "SID: 1866 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101866; sid: 6101866; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1867 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101867; sid: 6101867; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Vector Markup Language Remote Code Execution"; content: "SID: 1868 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101868; sid: 6101868; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ATA 187 Remote Access Vulnerability"; content: "SID: 1873 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101873; sid: 6101873; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VoipNow Professional Nsextt Parameter XSS Vulnerability"; content: "SID: 1874 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101874; sid: 6101874; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebERP Local File Include Vulnerability"; content: "SID: 1877 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101877; sid: 6101877; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Web Console Format String Vulnerability"; content: "SID: 1878 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101878; sid: 6101878; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Elefant CMS ID Parameter Cross Site Scripting Vulnerability"; content: "SID: 1880 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101880; sid: 6101880; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DSL-2640B Redpass.Cgi Cross Site Request Forgery Vulnerability"; content: "SID: 1881 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101881; sid: 6101881; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Cross Site Scripting Vulnerability"; content: "SID: 1882 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101882; sid: 6101882; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Logo.Link Parameter Cross Site Scripting Vulnerability"; content: "SID: 1883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101883; sid: 6101883; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Count Per Day Plugin Datemin Parameter XSS Vulnerability"; content: "SID: 1885 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101885; sid: 6101885; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Wp-ImageZoom File Parameter Remote File Disclosure Vulnerability"; content: "SID: 1886 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101886; sid: 6101886; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InduSoft Web Studio Unauthenticated Insecure Remote Operations"; content: "SID: 1892 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101892; sid: 6101892; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bitweaver Highlight Parameter Cross Site Scripting Vulnerability"; content: "SID: 1894 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101894; sid: 6101894; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1895 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101895; sid: 6101895; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XAMPP Cds.Php Cross Site Scripting Vulnerability"; content: "SID: 1896 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101896; sid: 6101896; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nagios XI VisApi.Php Div Parameter XSS Vulnerability"; content: "SID: 1898 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101898; sid: 6101898; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MGB Guestbook Index.Php Cross Site Scripting Vulnerability"; content: "SID: 1899 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101899; sid: 6101899; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Church_Admin Id Parameter XSS Vulnerability"; content: "SID: 1900 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101900; sid: 6101900; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JW Player Playerready Cross Site Scripting Vulnerability"; content: "SID: 1904 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101904; sid: 6101904; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sophos E-Mail Security Virtual Appliance Remote Code Execution Vulnerability"; content: "SID: 1908 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101908; sid: 6101908; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KindEditor Name Parameter Cross Site Scripting Vulnerability"; content: "SID: 1909 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101909; sid: 6101909; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability"; content: "SID: 1911 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101911; sid: 6101911; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zenoss ViewDaemonLog Daemon Arbitrary Log File Access Vulnerability"; content: "SID: 1914 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101914; sid: 6101914; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Application Lifecycle Management XGO.ocx Remote Code Execution"; content: "SID: 1920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101920; sid: 6101920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ManageEngine Support Center Plus Cross Site Scripting Vulnerability"; content: "SID: 1922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101922; sid: 6101922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SilverStripe BackURL Parameter URI Redirection Vulnerability"; content: "SID: 1924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101924; sid: 6101924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symphony CMS BluePRINTs URI SQL Injection"; content: "SID: 1925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101925; sid: 6101925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress ABC Test Plugin Id Parameter XSS Vulnerability"; content: "SID: 1926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101926; sid: 6101926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Crayon Syntax Highlighter Wp_load Remote File Include"; content: "SID: 1927 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101927; sid: 6101927; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lattice Semiconductor Diamond Programmer Buffer Overflow"; content: "SID: 1928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101928; sid: 6101928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mcrypt Check File Head Stack Based Buffer Overflow"; content: "SID: 1929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101929; sid: 6101929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Cross Site Request Forgery Vulnerability"; content: "SID: 1930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101930; sid: 6101930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Newsletter Preview.php File Disclosure Vulnerability"; content: "SID: 1931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101931; sid: 6101931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DocXP Fid Parameter Directory Traversal Vulnerability"; content: "SID: 1933 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101933; sid: 6101933; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101937; sid: 6101937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101938; sid: 6101938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 1939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101939; sid: 6101939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explore Remote Code Execution"; content: "SID: 1940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101940; sid: 6101940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1941 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101941; sid: 6101941; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Cross Site Scripting"; content: "SID: 1942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101942; sid: 6101942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow"; content: "SID: 1944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101944; sid: 6101944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro Control Manager Cross Site Request Forgery"; content: "SID: 1945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101945; sid: 6101945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit SVG Memory Corruption"; content: "SID: 1946 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101946; sid: 6101946; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Buffer Overflow Vulnerability"; content: "SID: 1947 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101947; sid: 6101947; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Cloned DOM Object Code Execution"; content: "SID: 1949 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101949; sid: 6101949; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Remote Code Execution"; content: "SID: 1950 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101950; sid: 6101950; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache DoS"; content: "SID: 1958 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101958; sid: 6101958; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari WebKit innerHTML Double Free Memory Corruption"; content: "SID: 1959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101959; sid: 6101959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Service Failed Response Vulnerability"; content: "SID: 1969 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101969; sid: 6101969; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hewlett-Packard OpenView Network Node Manager Remote Code Execution"; content: "SID: 1972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101972; sid: 6101972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101973; sid: 6101973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise HTTP Interfaces Arbitrary File Retrieval"; content: "SID: 1974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101974; sid: 6101974; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] APT1 SSL Certificate"; content: "SID: 1975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101975; sid: 6101975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Zone-based Firewall SIP Denial of Service"; content: "SID: 1976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101976; sid: 6101976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Player Memory Corruption"; content: "SID: 1977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101977; sid: 6101977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 1978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101978; sid: 6101978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Visio Viewer VSD File Type Confusion"; content: "SID: 1981 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101981; sid: 6101981; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101984; sid: 6101984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Sharepoint XSS"; content: "SID: 1990 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101990; sid: 6101990; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution Vulnerability"; content: "SID: 1993 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101993; sid: 6101993; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft WKSSVC NetpManageIPCConnect Remote Code Execution"; content: "SID: 1997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101997; sid: 6101997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Remote Code Execution"; content: "SID: 1998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6101998; sid: 6101998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Reply"; content: "SID: 2000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102000; sid: 6102000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Host Unreachable"; content: "SID: 2001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102001; sid: 6102001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Source Quench"; content: "SID: 2002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102002; sid: 6102002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Redirect"; content: "SID: 2003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102003; sid: 6102003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Echo Request"; content: "SID: 2004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102004; sid: 6102004; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Time Exceeded for a Datagram"; content: "SID: 2005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102005; sid: 6102005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Parameter Problem on Datagram"; content: "SID: 2006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102006; sid: 6102006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Request"; content: "SID: 2007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102007; sid: 6102007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Timestamp Reply"; content: "SID: 2008 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102008; sid: 6102008; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Request"; content: "SID: 2009 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102009; sid: 6102009; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Information Reply"; content: "SID: 2010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102010; sid: 6102010; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Address Mask Reply"; content: "SID: 2012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102012; sid: 6102012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] 7T IGSS Buffer Overflow"; content: "SID: 2019 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102019; sid: 6102019; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability"; content: "SID: 2021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102021; sid: 6102021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Schneider Electric Accutech Manager HTTP Request Processing Buffer Overflow"; content: "SID: 2023 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102023; sid: 6102023; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption Vulnerability"; content: "SID: 2024 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102024; sid: 6102024; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CCaret Use-After-Free Vulnerability"; content: "SID: 2030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102030; sid: 6102030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft OneNote Information Disclosure"; content: "SID: 2034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102034; sid: 6102034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SharePoint Elevation of Privilege"; content: "SID: 2036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102036; sid: 6102036; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Memory Corruption"; content: "SID: 2038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102038; sid: 6102038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer 8 Memory Corruption Vulnerability"; content: "SID: 2039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102039; sid: 6102039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep With Echo"; content: "SID: 2100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102100; sid: 6102100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Timestamp"; content: "SID: 2101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102101; sid: 6102101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Network Sweep w/Address Mask"; content: "SID: 2102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102102; sid: 6102102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented ICMP Traffic"; content: "SID: 2150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102150; sid: 6102150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large ICMP Traffic"; content: "SID: 2151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102151; sid: 6102151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Flood"; content: "SID: 2152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102152; sid: 6102152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Smurf Attack"; content: "SID: 2153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102153; sid: 6102153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ping of Death Attack"; content: "SID: 2154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102154; sid: 6102154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modem DoS"; content: "SID: 2155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102155; sid: 6102155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102156; sid: 6102156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Hard Error DoS"; content: "SID: 2157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102157; sid: 6102157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nachi Worm ICMP Echo Request"; content: "SID: 2158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102158; sid: 6102158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICMP Destination Unreachable Protocol Unreachable"; content: "SID: 2159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102159; sid: 6102159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid IGMP Header DoS"; content: "SID: 2200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102200; sid: 6102200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP over fragmented IP"; content: "SID: 2201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102201; sid: 6102201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IGMP Invalid Packet DoS"; content: "SID: 2202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6102202; sid: 6102202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Port Sweep"; content: "SID: 3001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103001; sid: 6103001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Port Sweep"; content: "SID: 3002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103002; sid: 6103002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN Port Sweep"; content: "SID: 3003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103003; sid: 6103003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Port Sweep"; content: "SID: 3005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103005; sid: 6103005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN Port Sweep"; content: "SID: 3006 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103006; sid: 6103006; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP High Port Sweep"; content: "SID: 3010 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103010; sid: 6103010; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN High Port Sweep"; content: "SID: 3011 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103011; sid: 6103011; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag FIN High Port Sweep"; content: "SID: 3012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp;  reference: url,wiki.quadrantsec.com/bin/view/Main/6103012; sid: 6103012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Null Port Sweep"; content: "SID: 3015 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103015; sid: 6103015; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag Null Port Sweep"; content: "SID: 3016 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103016; sid: 6103016; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Port Sweep"; content: "SID: 3020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103020; sid: 6103020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Frag SYN FIN Port Sweep"; content: "SID: 3021 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103021; sid: 6103021; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN Host Sweep"; content: "SID: 3030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103030; sid: 6103030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN Host Sweep"; content: "SID: 3031 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103031; sid: 6103031; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FIN Host Sweep"; content: "SID: 3032 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103032; sid: 6103032; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG FIN Host Sweep"; content: "SID: 3033 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103033; sid: 6103033; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Host Sweep"; content: "SID: 3034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103034; sid: 6103034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG NULL Host Sweep"; content: "SID: 3035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103035; sid: 6103035; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN FIN Host Sweep"; content: "SID: 3036 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103036; sid: 6103036; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP FRAG SYN FIN Host Sweep"; content: "SID: 3037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103037; sid: 6103037; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented NULL TCP Packet"; content: "SID: 3038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103038; sid: 6103038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented Orphaned FIN packet"; content: "SID: 3039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103039; sid: 6103039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP NULL Packet"; content: "SID: 3040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103040; sid: 6103040; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP SYN/FIN Packet"; content: "SID: 3041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103041; sid: 6103041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Orphaned Fin Packet"; content: "SID: 3042 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103042; sid: 6103042; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Fragmented SYN/FIN Packet"; content: "SID: 3043 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103043; sid: 6103043; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Queso Sweep"; content: "SID: 3045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103045; sid: 6103045; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NMAP OS Fingerprint"; content: "SID: 3046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103046; sid: 6103046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Half-open SYN Attack"; content: "SID: 3050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103050; sid: 6103050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Connection Window Size RST DoS"; content: "SID: 3051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103051; sid: 6103051; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPNP Service Host Sweep"; content: "SID: 3052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103052; sid: 6103052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP RCPT TO: Bounce"; content: "SID: 3100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103100; sid: 6103100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Recipient"; content: "SID: 3101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103101; sid: 6103101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Invalid Sender"; content: "SID: 3102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103102; sid: 6103102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Reconnaissance"; content: "SID: 3103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103103; sid: 6103103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Archaic Sendmail Attacks"; content: "SID: 3104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103104; sid: 6103104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Decode Alias"; content: "SID: 3105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103105; sid: 6103105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mail Spam"; content: "SID: 3106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103106; sid: 6103106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Majordomo Execute Attack"; content: "SID: 3107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103107; sid: 6103107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP MIME Content Overflow"; content: "SID: 3108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103108; sid: 6103108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long SMTP Command"; content: "SID: 3109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103109; sid: 6103109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Suspicious Mail Attachment"; content: "SID: 3110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103110; sid: 6103110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] W32 Sircam Malicious Code"; content: "SID: 3111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103111; sid: 6103111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino Mail Loop DoS"; content: "SID: 3112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103112; sid: 6103112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Email Attachment with Malicious Payload"; content: "SID: 3113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103113; sid: 6103113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FetchMail Arbitrary Code Execution"; content: "SID: 3114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103114; sid: 6103114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail Data Header Overflow"; content: "SID: 3115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103115; sid: 6103115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbus"; content: "SID: 3116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103116; sid: 6103116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KLEZ Worm"; content: "SID: 3117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103117; sid: 6103117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rwhoisd format string"; content: "SID: 3118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103118; sid: 6103118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP STAT Overflow"; content: "SID: 3119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103119; sid: 6103119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ANTS Virus"; content: "SID: 3120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103120; sid: 6103120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vintra MailServer EXPN DoS"; content: "SID: 3121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103121; sid: 6103121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP EXPN root Recon"; content: "SID: 3122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103122; sid: 6103122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBus Pro Traffic"; content: "SID: 3123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103123; sid: 6103123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sendmail prescan Memory Corruption"; content: "SID: 3124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103124; sid: 6103124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix 1.1.12 envelope address DoS"; content: "SID: 3125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103125; sid: 6103125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Postfix bounce scan"; content: "SID: 3126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103126; sid: 6103126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP AUTH Brute Force Attempt"; content: "SID: 3127 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103127; sid: 6103127; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange xexch50 overflow"; content: "SID: 3128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103128; sid: 6103128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus C Variant File Attachment"; content: "SID: 3129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103129; sid: 6103129; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus I Variant File Attachment"; content: "SID: 3130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103130; sid: 6103130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mimail Virus L Variant File Attachment"; content: "SID: 3131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103131; sid: 6103131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment"; content: "SID: 3132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103132; sid: 6103132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novarg / Mydoom Virus Mail Attachment Variant B"; content: "SID: 3133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103133; sid: 6103133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoomJuice Worm network probe"; content: "SID: 3134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103134; sid: 6103134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MyDoom Virus Activity"; content: "SID: 3135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103135; sid: 6103135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netsky Virus Activity"; content: "SID: 3136 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103136; sid: 6103136; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sober Virus Activity"; content: "SID: 3137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103137; sid: 6103137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.C Virus Email Attachment"; content: "SID: 3138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103138; sid: 6103138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle.E Virus Email Attachment"; content: "SID: 3139 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103139; sid: 6103139; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bagle Virus Activity"; content: "SID: 3140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103140; sid: 6103140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lovgate Worm Activity"; content: "SID: 3141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103141; sid: 6103141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sasser Worm Activity"; content: "SID: 3142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103142; sid: 6103142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BERBEW Trojan Activity"; content: "SID: 3143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103143; sid: 6103143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ratos Worm Activity"; content: "SID: 3144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103144; sid: 6103144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZAFI Worm Activity"; content: "SID: 3145 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103145; sid: 6103145; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bropia Worm Activity"; content: "SID: 3146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103146; sid: 6103146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Remote Command Execution"; content: "SID: 3150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103150; sid: 6103150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SYST Command Attempt"; content: "SID: 3151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103151; sid: 6103151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP CWD ~root"; content: "SID: 3152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103152; sid: 6103152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Address Specified"; content: "SID: 3153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103153; sid: 6103153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Improper Port Specified"; content: "SID: 3154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103154; sid: 6103154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP RETR Pipe Filename Command Execution"; content: "SID: 3155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103155; sid: 6103155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP STOR Pipe Filename Command Execution"; content: "SID: 3156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103156; sid: 6103156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASV Port Spoof"; content: "SID: 3157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103157; sid: 6103157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Format String"; content: "SID: 3158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103158; sid: 6103158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP PASS Suspicious Length"; content: "SID: 3159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103159; sid: 6103159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cesar FTP Buffer Overflow"; content: "SID: 3160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103160; sid: 6103160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP realpath Buffer Overflow"; content: "SID: 3161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103161; sid: 6103161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] glFtpD LIST DoS"; content: "SID: 3162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103162; sid: 6103162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WU-FTPD Heap Corruption"; content: "SID: 3163 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103163; sid: 6103163; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Instant Server Mini Portal Directory Traversal"; content: "SID: 3164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103164; sid: 6103164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC"; content: "SID: 3165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103165; sid: 6103165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP USER Suspicious Length"; content: "SID: 3166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103166; sid: 6103166; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Format String in FTP username"; content: "SID: 3167 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103167; sid: 6103167; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC Directory Traversal"; content: "SID: 3168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103168; sid: 6103168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP SITE EXEC tar"; content: "SID: 3169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103169; sid: 6103169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WS_FTP SITE CPWD Buffer Overflow"; content: "SID: 3170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103170; sid: 6103170; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Priviledged Login"; content: "SID: 3171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103171; sid: 6103171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ftp Cwd Overflow"; content: "SID: 3172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103172; sid: 6103172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long FTP Command"; content: "SID: 3173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103173; sid: 6103173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ProFTPD STAT DoS"; content: "SID: 3175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103175; sid: 6103175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long MDTM Command"; content: "SID: 3177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103177; sid: 6103177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Denial Of Service in Microsoft SMS Client"; content: "SID: 3178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103178; sid: 6103178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ftpdchk DOS"; content: "SID: 3179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103179; sid: 6103179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BakBone NetVault Remote Heap Overflow"; content: "SID: 3180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103180; sid: 6103180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] dSMTP Mail Server Format String Overflow"; content: "SID: 3181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103181; sid: 6103181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Phf Attack"; content: "SID: 3200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103200; sid: 6103200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .url File Requested"; content: "SID: 3202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103202; sid: 6103202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .lnk File Requested"; content: "SID: 3203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103203; sid: 6103203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW .bat File Requested"; content: "SID: 3204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103204; sid: 6103204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .url Link"; content: "SID: 3205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103205; sid: 6103205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .lnk Link"; content: "SID: 3206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103206; sid: 6103206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML File Has .bat Link"; content: "SID: 3207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103207; sid: 6103207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Campas Attack"; content: "SID: 3208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103208; sid: 6103208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Glimpse Server Attack"; content: "SID: 3209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103209; sid: 6103209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS View Source Attack"; content: "SID: 3210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103210; sid: 6103210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Hex View Source Attack"; content: "SID: 3211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103211; sid: 6103211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW NPH-TEST-CGI Attack"; content: "SID: 3212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103212; sid: 6103212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW TEST-CGI Attack"; content: "SID: 3213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103213; sid: 6103213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT VIEW Attack"; content: "SID: 3214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103214; sid: 6103214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS DOT DOT EXECUTE Attack"; content: "SID: 3215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103215; sid: 6103215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Directory Traversal ../.."; content: "SID: 3216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103216; sid: 6103216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW php View File Attack"; content: "SID: 3217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103217; sid: 6103217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI Wrap Attack"; content: "SID: 3218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103218; sid: 6103218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Buffer Overflow"; content: "SID: 3219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103219; sid: 6103219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Long URL Attack"; content: "SID: 3220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103220; sid: 6103220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI-Viewsource Attack"; content: "SID: 3221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103221; sid: 6103221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP Log Scripts Read Attack"; content: "SID: 3222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103222; sid: 6103222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IRIX cgi-handler Attack"; content: "SID: 3223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103223; sid: 6103223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP WebGais"; content: "SID: 3224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103224; sid: 6103224; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW websendmail File Access"; content: "SID: 3225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103225; sid: 6103225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webdist Bug"; content: "SID: 3226 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103226; sid: 6103226; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Htmlscript Bug"; content: "SID: 3227 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103227; sid: 6103227; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Performer Attack"; content: "SID: 3228 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103228; sid: 6103228; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Win-C-Sample Buffer Overflow"; content: "SID: 3229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103229; sid: 6103229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Website Uploader"; content: "SID: 3230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103230; sid: 6103230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Convert Attack"; content: "SID: 3231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103231; sid: 6103231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 3232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103232; sid: 6103232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW count-cgi Overflow"; content: "SID: 3233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103233; sid: 6103233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Local Trusted Resource Execution"; content: "SID: 3234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103234; sid: 6103234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] showHelp CHM File Execution Weakness"; content: "SID: 3235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103235; sid: 6103235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Path Disclosure"; content: "SID: 3236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103236; sid: 6103236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack"; content: "SID: 3250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103250; sid: 6103250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP Hijack Simplex Mode"; content: "SID: 3251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103251; sid: 6103251; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Agent ActiveX Control"; content: "SID: 3252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103252; sid: 6103252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Request Smuggling"; content: "SID: 3253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103253; sid: 6103253; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XML-RPC PHP Command Execution"; content: "SID: 3254 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103254; sid: 6103254; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Long HTTP Header DoS"; content: "SID: 3255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103255; sid: 6103255; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS OOB Data"; content: "SID: 3300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103300; sid: 6103300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NETBIOS Stat"; content: "SID: 3301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103301; sid: 6103301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBios Session Service Failed Login"; content: "SID: 3302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103302; sid: 6103302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Login successful with Guest Privileges"; content: "SID: 3303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103303; sid: 6103303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NULL login attempt"; content: "SID: 3304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103304; sid: 6103304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB 95 98 Password File Access"; content: "SID: 3305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103305; sid: 6103305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Registry Access Attempt"; content: "SID: 3306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103306; sid: 6103306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Red Button"; content: "SID: 3307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103307; sid: 6103307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Lsarpc Service Access Attempt"; content: "SID: 3308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103308; sid: 6103308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Srvsvc Service Access Attempt"; content: "SID: 3309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103309; sid: 6103309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netbios Enum Share DoS"; content: "SID: 3310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103310; sid: 6103310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote SAM Service Access Attempt"; content: "SID: 3311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103311; sid: 6103311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB .eml email file remote access"; content: "SID: 3312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103312; sid: 6103312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Suspicious Password Usage"; content: "SID: 3313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103313; sid: 6103313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Locator Service Overflow"; content: "SID: 3314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103314; sid: 6103314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows 9x NetBIOS NULL Name Vulnerability"; content: "SID: 3315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103315; sid: 6103315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Project1 DOS"; content: "SID: 3316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103316; sid: 6103316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LSASS DCE RPC Request"; content: "SID: 3317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103317; sid: 6103317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DsRolerUpgradeDownlevelServer Request"; content: "SID: 3318 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103318; sid: 6103318; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCE RPC Request"; content: "SID: 3319 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103319; sid: 6103319; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB ADMIN Hidden Share Access Attempt"; content: "SID: 3320 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103320; sid: 6103320; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB User Enumeration"; content: "SID: 3321 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103321; sid: 6103321; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Windows Share Enumeration"; content: "SID: 3322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103322; sid: 6103322; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB: RFPoison Attack"; content: "SID: 3323 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103323; sid: 6103323; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NIMDA Infected File Transfer"; content: "SID: 3324 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103324; sid: 6103324; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba call_trans2open Overflow"; content: "SID: 3325 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103325; sid: 6103325; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Startup Folder Remote Access"; content: "SID: 3326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103326; sid: 6103326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC DCOM Overflow"; content: "SID: 3327 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103327; sid: 6103327; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMB RPC NoOp Sled"; content: "SID: 3328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103328; sid: 6103328; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow"; content: "SID: 3329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103329; sid: 6103329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPCSS Overflow 2"; content: "SID: 3330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103330; sid: 6103330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP MSRPC Messenger Overflow"; content: "SID: 3331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103331; sid: 6103331; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TCP MSRPC Messenger Overflow"; content: "SID: 3332 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103332; sid: 6103332; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB MSRPC Messenger Overflow"; content: "SID: 3333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103333; sid: 6103333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Workstation Service Overflow"; content: "SID: 3334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103334; sid: 6103334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Anig Worm File Transfer"; content: "SID: 3335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103335; sid: 6103335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Bit String NTLMv2 Integer Overflow"; content: "SID: 3336 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103336; sid: 6103336; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows RPC Race Condition Exploitation"; content: "SID: 3337 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103337; sid: 6103337; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows LSASS RPC Overflow"; content: "SID: 3338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103338; sid: 6103338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows System32 Directory File Creation"; content: "SID: 3339 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103339; sid: 6103339; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Shell External Handler"; content: "SID: 3340 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103340; sid: 6103340; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Activity"; content: "SID: 3341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103341; sid: 6103341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows NetDDE Overflow"; content: "SID: 3342 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103342; sid: 6103342; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Account Locked"; content: "SID: 3343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103343; sid: 6103343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows 2000 TCP RPC DoS"; content: "SID: 3344 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103344; sid: 6103344; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC WinNuke"; content: "SID: 3345 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103345; sid: 6103345; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows TSShutdn.exe Attempt"; content: "SID: 3346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103346; sid: 6103346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Library Bit String Heap Corruption"; content: "SID: 3347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103347; sid: 6103347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Disk Enumerations"; content: "SID: 3348 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103348; sid: 6103348; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Date And Time Enumerations"; content: "SID: 3349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103349; sid: 6103349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Transport Enumerations"; content: "SID: 3350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103350; sid: 6103350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS User Session Enumerations"; content: "SID: 3351 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103351; sid: 6103351; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba Fragment Reassembly Overflow"; content: "SID: 3352 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103352; sid: 6103352; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Request Overflow"; content: "SID: 3353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103353; sid: 6103353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Remote Registry Request DoS"; content: "SID: 3356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103356; sid: 6103356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid Netbios Name"; content: "SID: 3357 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103357; sid: 6103357; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Kill Telnet DoS"; content: "SID: 3400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103400; sid: 6103400; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet-IFS Match"; content: "SID: 3401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103401; sid: 6103401; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BSD Telnet Daemon Buffer Overflow"; content: "SID: 3402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103402; sid: 6103402; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Excessive Environment Options"; content: "SID: 3403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103403; sid: 6103403; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SysV /bin/login Overflow"; content: "SID: 3404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103404; sid: 6103404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avirt Gateway Proxy Buffer Overflow"; content: "SID: 3405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103405; sid: 6103405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris TTYPROMPT Overflow"; content: "SID: 3406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103406; sid: 6103406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Client NEW ENVIRON Option Overflow"; content: "SID: 3407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103407; sid: 6103407; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Client LINEMODE SLC Option Overflow"; content: "SID: 3408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103408; sid: 6103408; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET $TELNET_PORT (msg: "[CISCO-SDEE] Telnet Over Non-standard Ports"; content: "SID: 3409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103409; sid: 6103409; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Bomb"; content: "SID: 3450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: 79; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103450; sid: 6103450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BearShare Directory Traversal"; content: "SID: 3451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103451; sid: 6103451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gopherd Halidate Overflow"; content: "SID: 3452 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103452; sid: 6103452; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS NetMeeting RDS DoS"; content: "SID: 3453 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103453; sid: 6103453; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Check Point Firewall Information Leak"; content: "SID: 3454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103454; sid: 6103454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java Web Server Cmd Exec"; content: "SID: 3455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103455; sid: 6103455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris in.fingerd Information Leak"; content: "SID: 3456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103456; sid: 6103456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root shell"; content: "SID: 3457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103457; sid: 6103457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM game invite overflow"; content: "SID: 3458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103458; sid: 6103458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ValiCert Forms.exe Overflow"; content: "SID: 3459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103459; sid: 6103459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger probe"; content: "SID: 3461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103461; sid: 6103461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Redirect"; content: "SID: 3462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103462; sid: 6103462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger root"; content: "SID: 3463 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103463; sid: 6103463; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] File access in finger"; content: "SID: 3464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103464; sid: 6103464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger Activity"; content: "SID: 3465 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103465; sid: 6103465; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RAS/PPTP Malformed Control Packet DOS"; content: "SID: 3466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103466; sid: 6103466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin -froot Attack"; content: "SID: 3500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103500; sid: 6103500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Long TERM Variable"; content: "SID: 3501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103501; sid: 6103501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rlogin Activity"; content: "SID: 3502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103502; sid: 6103502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Authenticate Buffer Overflow"; content: "SID: 3525 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103525; sid: 6103525; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Imap Login Buffer Overflow"; content: "SID: 3526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103526; sid: 6103526; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UW imapd Overflows"; content: "SID: 3527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103527; sid: 6103527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IPSwitch IMail DELETE Command Overflow"; content: "SID: 3528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103528; sid: 6103528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long EXAMINE Command"; content: "SID: 3529 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103529; sid: 6103529; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Oversized TACACS+ Attack"; content: "SID: 3530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103530; sid: 6103530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Telnet DoS"; content: "SID: 3531 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103531; sid: 6103531; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BGP Open Message"; content: "SID: 3532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103532; sid: 6103532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Misformed BGP Packet DoS"; content: "SID: 3533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103533; sid: 6103533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long AUTHENTICATE Command"; content: "SID: 3534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103534; sid: 6103534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable HTTP Authorization Buffer Overflow"; content: "SID: 3537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103537; sid: 6103537; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS CSAdmin Attack"; content: "SID: 3540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103540; sid: 6103540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP Buffer Overflow"; content: "SID: 3550 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103550; sid: 6103550; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP User Root"; content: "SID: 3551 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103551; sid: 6103551; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Buffer Overflow"; content: "SID: 3575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103575; sid: 6103575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INN Control Message Exploit"; content: "SID: 3576 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103576; sid: 6103576; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP LOGIN Command Invalid Username"; content: "SID: 3577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103577; sid: 6103577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Format String"; content: "SID: 3578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103578; sid: 6103578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Telnet Buffer Overflow"; content: "SID: 3600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103600; sid: 6103600; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Command History Exploit"; content: "SID: 3601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103601; sid: 6103601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Cisco Identification"; content: "SID: 3602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103602; sid: 6103602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Enable Bypass"; content: "SID: 3603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103603; sid: 6103603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Catalyst CR DoS"; content: "SID: 3604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103604; sid: 6103604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH RSAREF2 Buffer Overflow"; content: "SID: 3650 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103650; sid: 6103650; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH CRC32 Overflow"; content: "SID: 3651 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103651; sid: 6103651; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles"; content: "SID: 3652 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103652; sid: 6103652; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Rapid SSH Connections"; content: "SID: 3653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103653; sid: 6103653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH Gobbles Exploit"; content: "SID: 3654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103654; sid: 6103654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CDE dtspcd Overflow"; content: "SID: 3700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103700; sid: 6103700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9iAS Web Cache Buffer Overflow"; content: "SID: 3701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103701; sid: 6103701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Default sa account access"; content: "SID: 3702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103702; sid: 6103702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid FTP URL Buffer Overflow"; content: "SID: 3703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103703; sid: 6103703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS FTP STAT Denial of Service"; content: "SID: 3704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103704; sid: 6103704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli Storage Manager Client Acceptor Overflow"; content: "SID: 3705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103705; sid: 6103705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT PGP Public Key Server Overflow"; content: "SID: 3706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103706; sid: 6103706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perl fingerd Command Exec"; content: "SID: 3707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103707; sid: 6103707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnalogX Proxy Socks4a DNS Overflow"; content: "SID: 3708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103708; sid: 6103708; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnalogX Proxy Web Proxy Overflow"; content: "SID: 3709 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103709; sid: 6103709; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS Directory Traversal"; content: "SID: 3710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103710; sid: 6103710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Informer FW1 Auth Replay DoS"; content: "SID: 3711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103711; sid: 6103711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS 'Service_Name' Overflow"; content: "SID: 3714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103714; sid: 6103714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI+ JPEG Buffer Overflow"; content: "SID: 3716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103716; sid: 6103716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows .ANI File DoS"; content: "SID: 3718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103718; sid: 6103718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger PNG Overflow"; content: "SID: 3719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103719; sid: 6103719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL sa Account Brute Force"; content: "SID: 3720 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103720; sid: 6103720; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TNS Brute Force"; content: "SID: 3721 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103721; sid: 6103721; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop username"; content: "SID: 3728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103728; sid: 6103728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long pop password"; content: "SID: 3729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103729; sid: 6103729; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (TCP)"; content: "SID: 3730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103730; sid: 6103730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail HTTP Get Buffer Overflow"; content: "SID: 3731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103731; sid: 6103731; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL xp_cmdshell Usage"; content: "SID: 3732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103732; sid: 6103732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Real Server Format Overflow"; content: "SID: 3733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103733; sid: 6103733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Overflow"; content: "SID: 3734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103734; sid: 6103734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Flag Insertion Overflow"; content: "SID: 3735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103735; sid: 6103735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Subversion get-dated-rev overflow"; content: "SID: 3736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103736; sid: 6103736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Proxy NTLM Authenticate Overflow"; content: "SID: 3737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103737; sid: 6103737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS Argumentx Vulnerability"; content: "SID: 3738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103738; sid: 6103738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft SHOUTcast Format String Attack"; content: "SID: 3739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103739; sid: 6103739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail LDAP Service Buffer Overflow"; content: "SID: 3740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103740; sid: 6103740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mIRC DCC Send Buffer Overflow"; content: "SID: 3782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103782; sid: 6103782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Backup Discovery UDP Probe Overflow"; content: "SID: 3783 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103783; sid: 6103783; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Discovery Service SERVICEPC Overflow"; content: "SID: 3784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103784; sid: 6103784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP UNLOCK Buffer Overflow"; content: "SID: 3785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103785; sid: 6103785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle 9i XDB FTP PASS Buffer Overflow"; content: "SID: 3786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103786; sid: 6103786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRIX Printing System Remote Command Execution"; content: "SID: 3787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103787; sid: 6103787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris LPD Remote Command Execution"; content: "SID: 3788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103788; sid: 6103788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DistCC Daemon Command Execution"; content: "SID: 3789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103789; sid: 6103789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Omniback II Command Execution"; content: "SID: 3790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103790; sid: 6103790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris Printd Unlink File Deletion"; content: "SID: 3791 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103791; sid: 6103791; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long Telnet Username"; content: "SID: 3792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103792; sid: 6103792; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZENworks 6.5 Authentication Overflow"; content: "SID: 3793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103793; sid: 6103793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle iSQL*PLus Overflow"; content: "SID: 3802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103802; sid: 6103802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_proxy Buffer Overflow"; content: "SID: 3883 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103883; sid: 6103883; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cfengine Authentication Heap Based Buffer Overflow"; content: "SID: 3884 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103884; sid: 6103884; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice BO2K TCP Stealth 1"; content: "SID: 3991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6103991; sid: 6103991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Port Sweep"; content: "SID: 4001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104001; sid: 6104001; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Host Flood"; content: "SID: 4002 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104002; sid: 6104002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nmap UDP Port Sweep"; content: "SID: 4003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104003; sid: 6104003; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Flood Attack"; content: "SID: 4004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104004; sid: 6104004; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UDP Bomb"; content: "SID: 4050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104050; sid: 6104050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOrifice-Original-UDP"; content: "SID: 4053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104053; sid: 6104053; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIP Trace"; content: "SID: 4054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104054; sid: 6104054; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NTPd readvar overflow"; content: "SID: 4056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104056; sid: 6104056; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPnP LOCATION Overflow"; content: "SID: 4058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104058; sid: 6104058; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Orifice Ping"; content: "SID: 4060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104060; sid: 6104060; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Chargen Echo DoS"; content: "SID: 4061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104061; sid: 6104061; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CSS 11000 Malformed UDP DoS"; content: "SID: 4062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104062; sid: 6104062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unreal Engine secure Overflow"; content: "SID: 4063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104063; sid: 6104063; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed IKE Packet DoS"; content: "SID: 4067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104067; sid: 6104067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS NBT Stream"; content: "SID: 4068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104068; sid: 6104068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tftp Passwd File"; content: "SID: 4100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104100; sid: 6104100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTPD Directory Traversal"; content: "SID: 4101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104101; sid: 6104101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ascend Denial of Service"; content: "SID: 4150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104150; sid: 6104150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BOBAX Virus Activity"; content: "SID: 4151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104151; sid: 6104151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic File Transfer Signatures"; content: "SID: 4322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104322; sid: 6104322; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Embedded SNMP Community Names"; content: "SID: 4500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104500; sid: 6104500; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVCO/4K Remote Username / Password Retrieve"; content: "SID: 4501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104501; sid: 6104501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community Name Brute Force Attempt"; content: "SID: 4502 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104502; sid: 6104502; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows NT SNMP System Info Retrieve"; content: "SID: 4503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104503; sid: 6104503; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP IOS Configuration Retrieval"; content: "SID: 4504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104504; sid: 6104504; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP IOS VACM MIB Access"; content: "SID: 4505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104505; sid: 6104505; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link Wireless SNMP Plain Text Password"; content: "SID: 4506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104506; sid: 6104506; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Protocol Violation"; content: "SID: 4507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104507; sid: 6104507; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non SNMP Traffic"; content: "SID: 4508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104508; sid: 6104508; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview SNMP Hidden Community Name"; content: "SID: 4509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104509; sid: 6104509; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris SNMP Hidden Community Name"; content: "SID: 4510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104510; sid: 6104510; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avaya SNMP Hidden Community Name"; content: "SID: 4511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104511; sid: 6104511; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104512; sid: 6104512; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco SNMP Message Processing DoS"; content: "SID: 4513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104513; sid: 6104513; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 4514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104514; sid: 6104514; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP/VC Embedded Community Names"; content: "SID: 4515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104515; sid: 6104515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Printer Query DoS"; content: "SID: 4516 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104516; sid: 6104516; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS UDP Bomb"; content: "SID: 4600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104600; sid: 6104600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CheckPoint Firewall RDP ByPass"; content: "SID: 4601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104601; sid: 6104601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle (Bagle) Virus DNS Lookup"; content: "SID: 4602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104602; sid: 6104602; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Discover"; content: "SID: 4603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104603; sid: 6104603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Request"; content: "SID: 4604 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104604; sid: 6104604; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Offer"; content: "SID: 4605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104605; sid: 6104605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTP Long Filename Buffer Overflow"; content: "SID: 4606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104606; sid: 6104606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Deep Throat Response"; content: "SID: 4607 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104607; sid: 6104607; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo (UDP)"; content: "SID: 4608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104608; sid: 6104608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Orinoco SNMP Info Leak"; content: "SID: 4609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104609; sid: 6104609; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerberos 4 User Recon"; content: "SID: 4610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104610; sid: 6104610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] D-Link DWL-900AP+ TFTP Config Retrieve"; content: "SID: 4611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104611; sid: 6104611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP Phone TFTP Config Retrieve"; content: "SID: 4612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104612; sid: 6104612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Filename Buffer Overflow"; content: "SID: 4613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104613; sid: 6104613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTP Overflow"; content: "SID: 4614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104614; sid: 6104614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle.B (Bagle.B) Virus DNS Lookup"; content: "SID: 4615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104615; sid: 6104615; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PoPToP PPtP Short Length Overflow"; content: "SID: 4617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104617; sid: 6104617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid DHCP Packet"; content: "SID: 4619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104619; sid: 6104619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Limited Broadcast Query"; content: "SID: 4620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104620; sid: 6104620; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104701; sid: 6104701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104702; sid: 6104702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Stack Overflow"; content: "SID: 4703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104703; sid: 6104703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Heap Overflow"; content: "SID: 4704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6104704; sid: 6104704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS newdsn attack"; content: "SID: 5034 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105034; sid: 6105034; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP cgi HylaFAX Faxsurvey"; content: "SID: 5035 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105035; sid: 6105035; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SGI MachineInfo Attack"; content: "SID: 5037 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105037; sid: 6105037; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW wwwsql file read Bug"; content: "SID: 5038 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105038; sid: 6105038; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW finger attempt"; content: "SID: 5039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105039; sid: 6105039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW anyform attack"; content: "SID: 5041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105041; sid: 6105041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Webcom.se Guestbook attack"; content: "SID: 5044 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105044; sid: 6105044; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW xterm display attack"; content: "SID: 5045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105045; sid: 6105045; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW dumpenv.pl recon"; content: "SID: 5046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105046; sid: 6105046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Server Side Include POST attack"; content: "SID: 5047 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105047; sid: 6105047; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS BAT EXE attack"; content: "SID: 5048 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105048; sid: 6105048; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS showcode.asp access"; content: "SID: 5049 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105049; sid: 6105049; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS .htr Overflow Attack"; content: "SID: 5050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105050; sid: 6105050; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Double Byte Code Page"; content: "SID: 5051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105051; sid: 6105051; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage Extensions PWD Open Attempt"; content: "SID: 5052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105052; sid: 6105052; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage _vti_bin Directory List Attempt"; content: "SID: 5053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105053; sid: 6105053; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWWBoard Password"; content: "SID: 5054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105054; sid: 6105054; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Basic Authentication Overflow"; content: "SID: 5055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105055; sid: 6105055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Cisco IOS %% DoS"; content: "SID: 5056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105056; sid: 6105056; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sambar Samples"; content: "SID: 5057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105057; sid: 6105057; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW info2www Attack"; content: "SID: 5058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105058; sid: 6105058; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Alibaba Attack"; content: "SID: 5059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105059; sid: 6105059; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Excite AT-generate.cgi Access"; content: "SID: 5060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105060; sid: 6105060; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW catalog_type.asp Access"; content: "SID: 5061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105061; sid: 6105061; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW classifieds.cgi Attack"; content: "SID: 5062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105062; sid: 6105062; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW imagemap.cgi Attack"; content: "SID: 5064 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105064; sid: 6105064; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IRIX infosrch.cgi Attack"; content: "SID: 5065 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105065; sid: 6105065; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW man.sh Access"; content: "SID: 5066 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105066; sid: 6105066; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW plusmail Attack"; content: "SID: 5067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105067; sid: 6105067; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW formmail.pl Access"; content: "SID: 5068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105068; sid: 6105068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW whois_raw.cgi Attack"; content: "SID: 5069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105069; sid: 6105069; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW msadcs.dll Access"; content: "SID: 5070 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105070; sid: 6105070; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW msacds.dll Attack"; content: "SID: 5071 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105071; sid: 6105071; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW bizdb1-search.cgi Attack"; content: "SID: 5072 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105072; sid: 6105072; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW EZshopper loadpage.cgi Attack"; content: "SID: 5073 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105073; sid: 6105073; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW EZshopper search.cgi Attack"; content: "SID: 5074 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105074; sid: 6105074; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Virtualized UNC Bug"; content: "SID: 5075 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105075; sid: 6105075; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW webplus bug"; content: "SID: 5076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105076; sid: 6105076; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Excite AT-admin.cgi Access"; content: "SID: 5077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105077; sid: 6105077; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Piranha passwd attack"; content: "SID: 5078 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105078; sid: 6105078; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PCCS MySQL Admin Access"; content: "SID: 5079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105079; sid: 6105079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IBM WebSphere Access"; content: "SID: 5080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105080; sid: 6105080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW WinNT cmd.exe Access"; content: "SID: 5081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105081; sid: 6105081; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Objects Memory Corruption"; content: "SID: 5082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105082; sid: 6105082; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Virtual Vision FTP Browser Access"; content: "SID: 5083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105083; sid: 6105083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Alibaba Attack 2"; content: "SID: 5084 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105084; sid: 6105084; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Source Fragment Access"; content: "SID: 5085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105085; sid: 6105085; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW WEBactive Logfile Access"; content: "SID: 5086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105086; sid: 6105086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sun Java Server Access"; content: "SID: 5087 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105087; sid: 6105087; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Akopia MiniVend Access"; content: "SID: 5088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105088; sid: 6105088; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Big Brother Directory Access"; content: "SID: 5089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105089; sid: 6105089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW FrontPage htimage.exe Access"; content: "SID: 5090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105090; sid: 6105090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Cart32 Remote Admin Access"; content: "SID: 5091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105091; sid: 6105091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI-World Poll It Access"; content: "SID: 5092 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105092; sid: 6105092; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW PHP-Nuke admin.php3 Access"; content: "SID: 5093 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105093; sid: 6105093; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Script Center Account Manager Attack"; content: "SID: 5095 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105095; sid: 6105095; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Script Center Subscribe Me Attack"; content: "SID: 5096 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105096; sid: 6105096; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW FrontPage MS-DOS Device Attack"; content: "SID: 5097 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105097; sid: 6105097; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW GWScripts News Publisher Access"; content: "SID: 5099 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105099; sid: 6105099; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Center Auction Weaver File Access"; content: "SID: 5100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105100; sid: 6105100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CGI Center Auction Weaver Attack"; content: "SID: 5101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105101; sid: 6105101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW phpPhotoAlbum explorer.php Access"; content: "SID: 5102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105102; sid: 6105102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SuSE Apache CGI Source Access"; content: "SID: 5103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105103; sid: 6105103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW YaBB File Access"; content: "SID: 5104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105104; sid: 6105104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Ranson Johnson mailto.cgi Attack"; content: "SID: 5105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105105; sid: 6105105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Ranson Johnson mailform.pl Access"; content: "SID: 5106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105106; sid: 6105106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Mandrake Linux /perl Access"; content: "SID: 5107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105107; sid: 6105107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Netegrity Site Minder Access"; content: "SID: 5108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105108; sid: 6105108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Sambar Beta search.dll Access"; content: "SID: 5109 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105109; sid: 6105109; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SuSE Installed Packages Access"; content: "SID: 5110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105110; sid: 6105110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Solaris Answerbook 2 Access"; content: "SID: 5111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105111; sid: 6105111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Solaris Answerbook 2 Attack"; content: "SID: 5112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105112; sid: 6105112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW CommuniGate Pro Access"; content: "SID: 5113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105113; sid: 6105113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Unicode Attack"; content: "SID: 5114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105114; sid: 6105114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Enterprise Server with ?wp Tags"; content: "SID: 5115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105115; sid: 6105115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Endymion MailMan Remote Command Execution"; content: "SID: 5116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105116; sid: 6105116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpGroupWare Remote Command Exec"; content: "SID: 5117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105117; sid: 6105117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eWave ServletExec 3.0C File Upload"; content: "SID: 5118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105118; sid: 6105118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CGI Script Center News Update Admin Passwd Change"; content: "SID: 5119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105119; sid: 6105119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Server Suite Buffer Overflow"; content: "SID: 5120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105120; sid: 6105120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet .shtml Buffer Overflow"; content: "SID: 5121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105121; sid: 6105121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nokia IP440 Denial of Service"; content: "SID: 5122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105122; sid: 6105122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS Internet Printing Overflow"; content: "SID: 5123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105123; sid: 6105123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS CGI Double Decode"; content: "SID: 5124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105124; sid: 6105124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PerlCal Directory Traversal"; content: "SID: 5125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105125; sid: 6105125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW IIS .ida Indexing Service Overflow"; content: "SID: 5126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105126; sid: 6105126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW viewsrc.cgi Directory Traversal"; content: "SID: 5127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105127; sid: 6105127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW nph-maillist.pl Cmd Exec"; content: "SID: 5128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105128; sid: 6105128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS HTTP Unauth Command Execution"; content: "SID: 5129 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105129; sid: 6105129; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Privileged Information Disclosure"; content: "SID: 5130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105130; sid: 6105130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] talkback.cgi Directory Traversal"; content: "SID: 5131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105131; sid: 6105131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VirusWall catinfo Buffer Overflow"; content: "SID: 5132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105132; sid: 6105132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net.Commerce Macro Path Disclosure"; content: "SID: 5133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105133; sid: 6105133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MacOS PWS DoS"; content: "SID: 5134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105134; sid: 6105134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server Shared Library Overflow"; content: "SID: 5138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105138; sid: 6105138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net.Commerce Macro Denial of Service"; content: "SID: 5140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105140; sid: 6105140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NCM Content.pl SQL Query Vulnerability"; content: "SID: 5141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105141; sid: 6105141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCShop File Disclosure"; content: "SID: 5142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105142; sid: 6105142; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS-DOS Device Name DoS"; content: "SID: 5146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105146; sid: 6105146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arcadia Internet Store Directory Traversal Attempt"; content: "SID: 5147 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105147; sid: 6105147; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perception LiteServe Web Server CGI Source Code Disclosure"; content: "SID: 5148 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105148; sid: 6105148; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro Interscan Viruswall Configuration Modification"; content: "SID: 5149 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105149; sid: 6105149; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InterScan VirusWall RegGo.dll Buffer Overflow"; content: "SID: 5150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105150; sid: 6105150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebStore Admin Bypass"; content: "SID: 5151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105151; sid: 6105151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebStore Command Exec"; content: "SID: 5152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105152; sid: 6105152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW uDirectory Directory Traversal"; content: "SID: 5154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105154; sid: 6105154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW SiteWare Editor Directory Traversal"; content: "SID: 5155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105155; sid: 6105155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WWW Microsoft fp30reg.dll Overflow"; content: "SID: 5156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105156; sid: 6105156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tarantella TTAWebTop.CGI Directory Traversal Bug"; content: "SID: 5157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105157; sid: 6105157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Proprietary Method Overflow"; content: "SID: 5158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105158; sid: 6105158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin Cmd Exec"; content: "SID: 5159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105159; sid: 6105159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache ? indexing file disclosure bug"; content: "SID: 5160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105160; sid: 6105160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail Command Exec"; content: "SID: 5161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105161; sid: 6105161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Classifieds Command Exec"; content: "SID: 5162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105162; sid: 6105162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mambo Site Server Administrative Password ByPass"; content: "SID: 5163 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105163; sid: 6105163; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPBB Remote SQL Query Manipulation"; content: "SID: 5164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105164; sid: 6105164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] php-nuke article.php sql query"; content: "SID: 5165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105165; sid: 6105165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] php-nuke modules.php DoS"; content: "SID: 5166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105166; sid: 6105166; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin Cmd Exec 2"; content: "SID: 5167 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105167; sid: 6105167; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snapstream PVS Directory Traversal Vulnerability"; content: "SID: 5168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105168; sid: 6105168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SnapStream PVS Plaintext Password Vulnerability"; content: "SID: 5169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105169; sid: 6105169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Null Byte In HTTP Request"; content: "SID: 5170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105170; sid: 6105170; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NC-Book book.cgi Cmd Exec"; content: "SID: 5171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105171; sid: 6105171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinWrapper Admin Server Directory Traversal"; content: "SID: 5172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105172; sid: 6105172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Directory Manager Cmd Exec"; content: "SID: 5173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105173; sid: 6105173; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpmyexplorer directory traversal"; content: "SID: 5174 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105174; sid: 6105174; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hassan Shopping Cart Command Exec"; content: "SID: 5175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105175; sid: 6105175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Address List Disclosure"; content: "SID: 5176 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105176; sid: 6105176; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS Arnudp"; content: "SID: 5177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105177; sid: 6105177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Index Server File/Path Recon"; content: "SID: 5178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105178; sid: 6105178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke File Upload"; content: "SID: 5179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105179; sid: 6105179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sgiMerchant Directory Traversal"; content: "SID: 5180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105180; sid: 6105180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MacOS Apache File Disclosure"; content: "SID: 5181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105181; sid: 6105181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebDiscount's eShop Arbitrary Command Exec"; content: "SID: 5182 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105182; sid: 6105182; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP File Inclusion Remote Exec"; content: "SID: 5183 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105183; sid: 6105183; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Authentication Module ByPass"; content: "SID: 5184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105184; sid: 6105184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Tunneling"; content: "SID: 5188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105188; sid: 6105188; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Perl PerlIS.dll Buffer Overflow"; content: "SID: 5191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105191; sid: 6105191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Server .ht File Access"; content: "SID: 5194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105194; sid: 6105194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AS/400 '/' attack"; content: "SID: 5195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105195; sid: 6105195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Red Hat Stronghold Recon attack"; content: "SID: 5196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105196; sid: 6105196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Query Tool command Exec"; content: "SID: 5197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105197; sid: 6105197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] W3Mail Command Exec"; content: "SID: 5199 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105199; sid: 6105199; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Data Stream Source Disclosure"; content: "SID: 5200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105200; sid: 6105200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke Cross Site Scripting"; content: "SID: 5201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105201; sid: 6105201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP-Nuke File Copy / Delete"; content: "SID: 5202 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105202; sid: 6105202; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hosting Controller File Access and Upload"; content: "SID: 5203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105203; sid: 6105203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AspUpload Sample Scripts"; content: "SID: 5204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105204; sid: 6105204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache php.exe File Disclosure"; content: "SID: 5205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105205; sid: 6105205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Horde IMP Session Hijack"; content: "SID: 5206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105206; sid: 6105206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Entrust GetAccess directory traversal"; content: "SID: 5207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105207; sid: 6105207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Tools shell metacharacters"; content: "SID: 5208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105208; sid: 6105208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Agora.cgi Cross Site Scripting"; content: "SID: 5209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105209; sid: 6105209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FAQManager.cgi directory traversal"; content: "SID: 5210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105210; sid: 6105210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] zml.cgi File Disclosure"; content: "SID: 5211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105211; sid: 6105211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Admin Authorization Bypass"; content: "SID: 5212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105212; sid: 6105212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bugzilla Command Exec"; content: "SID: 5213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105213; sid: 6105213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FAQManager.cgi null bytes"; content: "SID: 5214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105214; sid: 6105214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] lastlines.cgi cmd exec/traversal"; content: "SID: 5215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105215; sid: 6105215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Rocket Directory Traversal"; content: "SID: 5216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105216; sid: 6105216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webmin Directory Traversal"; content: "SID: 5217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105217; sid: 6105217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Boozt Buffer Overflow"; content: "SID: 5218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105218; sid: 6105218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino database DoS"; content: "SID: 5219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105219; sid: 6105219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CSVForm Remote Command Exec"; content: "SID: 5220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105220; sid: 6105220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Hosting Controller Directory Traversal"; content: "SID: 5221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105221; sid: 6105221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DoS Beer"; content: "SID: 5222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105222; sid: 6105222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Pi3Web Buffer Overflow"; content: "SID: 5223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105223; sid: 6105223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail SquirrelSpell Command Exec"; content: "SID: 5224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105224; sid: 6105224; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCP Portal Root Path Disclosure"; content: "SID: 5229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105229; sid: 6105229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Domino Authentication Bypass"; content: "SID: 5230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105230; sid: 6105230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MRTG Directory Traversal"; content: "SID: 5231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105231; sid: 6105231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] URL with XSS"; content: "SID: 5232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105232; sid: 6105232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP fileupload Buffer Overflow"; content: "SID: 5233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105233; sid: 6105233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pforum sql-injection"; content: "SID: 5234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105234; sid: 6105234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mac OS X URI Handler Arbitrary Code Execution"; content: "SID: 5235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105235; sid: 6105235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xoops sql-injection"; content: "SID: 5236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105236; sid: 6105236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP CONNECT Tunnel"; content: "SID: 5237 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105237; sid: 6105237; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EZNET Ezboard Buffer Overflow"; content: "SID: 5238 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105238; sid: 6105238; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sambar cgitest.exe Buffer Overflow"; content: "SID: 5239 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105239; sid: 6105239; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Marcus Xenakis Shell Command Exec"; content: "SID: 5240 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105240; sid: 6105240; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avenger System Command Exec"; content: "SID: 5241 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105241; sid: 6105241; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CS .cgi Script Cmd Exec"; content: "SID: 5243 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105243; sid: 6105243; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PhpSmsSend Command Exec"; content: "SID: 5244 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105244; sid: 6105244; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP 1.1 Chunked Encoding Transfer"; content: "SID: 5245 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105245; sid: 6105245; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ISAPI Filter Buffer Overflow"; content: "SID: 5246 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105246; sid: 6105246; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ASP SSI Buffer Overflow"; content: "SID: 5247 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105247; sid: 6105247; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS HTR ISAPI Buffer Overflow"; content: "SID: 5248 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105248; sid: 6105248; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Allaire JRun // Directory Disclosure"; content: "SID: 5251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105251; sid: 6105251; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Allaire JRun Session ID Recon"; content: "SID: 5252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105252; sid: 6105252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Axis StorPoint CD Authentication Bypass"; content: "SID: 5253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105253; sid: 6105253; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Linux Directory traceroute / nslookup Command Exec"; content: "SID: 5255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105255; sid: 6105255; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dot Dot Slash in URI"; content: "SID: 5256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105256; sid: 6105256; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPNetToolpack traceroute Command Exec"; content: "SID: 5257 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105257; sid: 6105257; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script source disclosure with CodeBrws.asp"; content: "SID: 5258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105258; sid: 6105258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snitz Forums SQL injection"; content: "SID: 5259 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105259; sid: 6105259; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xpede sprc.asp SQL Injection"; content: "SID: 5260 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105260; sid: 6105260; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BackOffice Server Web Administration Access"; content: "SID: 5261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105261; sid: 6105261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large number of Slashes URL"; content: "SID: 5262 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105262; sid: 6105262; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ecware.exe Access"; content: "SID: 5263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105263; sid: 6105263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RedHat cachemgr.cgi Access"; content: "SID: 5265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105265; sid: 6105265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iCat Carbo Server File Disclosure"; content: "SID: 5266 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105266; sid: 6105266; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Catalyst Remote Command Execution"; content: "SID: 5268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105268; sid: 6105268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ColdFusion CFDOCS Directory Access"; content: "SID: 5269 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105269; sid: 6105269; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EZ-Mall order.log File Access"; content: "SID: 5270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105270; sid: 6105270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] search.cgi Directory Traversal"; content: "SID: 5271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105271; sid: 6105271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] count.cgi GIF File Disclosure"; content: "SID: 5272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105272; sid: 6105272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bannermatic Sensitive File Access"; content: "SID: 5273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105273; sid: 6105273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netpad.cgi Directory Traversal/Cmd Exec"; content: "SID: 5274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105274; sid: 6105274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Phorum Remote Cmd Exec"; content: "SID: 5275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105275; sid: 6105275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dansie cart.cgi Vulnerability"; content: "SID: 5276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105276; sid: 6105276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] dfire.cgi Command Exec"; content: "SID: 5277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105277; sid: 6105277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VP-ASP shoptest.asp access"; content: "SID: 5278 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105278; sid: 6105278; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JJ Cgi Cmd Exec"; content: "SID: 5279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105279; sid: 6105279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS idq.dll Directory Traversal"; content: "SID: 5280 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105280; sid: 6105280; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Carello add.exe Access"; content: "SID: 5281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105281; sid: 6105281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ExAir advsearch.asp Access"; content: "SID: 5282 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105282; sid: 6105282; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] info2www CGI Directory Traversal"; content: "SID: 5283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105283; sid: 6105283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS webhits.dll Directory Traversal"; content: "SID: 5284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105284; sid: 6105284; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPEventCalendar Cmd Exec"; content: "SID: 5285 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105285; sid: 6105285; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebScripts WebBBS Cmd Exec"; content: "SID: 5286 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105286; sid: 6105286; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SiteServer AdSamples SITE.CSC File Access"; content: "SID: 5287 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105287; sid: 6105287; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Verity search97 Directory Traversal"; content: "SID: 5288 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105288; sid: 6105288; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQLXML ISAPI Buffer Overflow"; content: "SID: 5289 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105289; sid: 6105289; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat DefaultServlet File Disclosure"; content: "SID: 5290 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105290; sid: 6105290; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WEB-INF Dot File Disclosure"; content: "SID: 5291 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105291; sid: 6105291; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SalesCart shop.mdb File Access"; content: "SID: 5292 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105292; sid: 6105292; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] robots.txt File Access"; content: "SID: 5293 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105293; sid: 6105293; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BearShare File Disclosure"; content: "SID: 5294 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105294; sid: 6105294; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] finger CGI Recon"; content: "SID: 5295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105295; sid: 6105295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape Server PageServices Directory Access"; content: "SID: 5296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105296; sid: 6105296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] order_log.dat File Access"; content: "SID: 5297 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105297; sid: 6105297; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] shopper.conf File Access"; content: "SID: 5298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105298; sid: 6105298; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] quikstore.cfg File Access"; content: "SID: 5299 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105299; sid: 6105299; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] reg_echo.cgi Recon"; content: "SID: 5300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105300; sid: 6105300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] /consolehelp/ CGI File Access"; content: "SID: 5301 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105301; sid: 6105301; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] /file/ WebLogic File Access"; content: "SID: 5302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105302; sid: 6105302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pfdispaly.cgi Command Execution"; content: "SID: 5303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105303; sid: 6105303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] files.pl File Access"; content: "SID: 5304 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105304; sid: 6105304; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] .bash_history File Access"; content: "SID: 5305 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105305; sid: 6105305; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SoftCart storemgr.pw File Access"; content: "SID: 5306 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105306; sid: 6105306; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mercantec Softcart Overflow"; content: "SID: 5307 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105307; sid: 6105307; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rpc-nlog.pl Command Execution"; content: "SID: 5308 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105308; sid: 6105308; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Handler CGI Command Execution"; content: "SID: 5309 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105309; sid: 6105309; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] INDEX / directory access"; content: "SID: 5310 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105310; sid: 6105310; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] 8.3 file name access"; content: "SID: 5311 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105311; sid: 6105311; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] *.jsp/*.jhtml Java Execution"; content: "SID: 5312 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105312; sid: 6105312; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] order.log File Access"; content: "SID: 5313 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105313; sid: 6105313; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] windmail.exe Command Execution"; content: "SID: 5314 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105314; sid: 6105314; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] changedisplay.pl WWWthreads Privilege Elevation"; content: "SID: 5315 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105315; sid: 6105315; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue Admin Command Exec"; content: "SID: 5316 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105316; sid: 6105316; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli Endpoint Buffer Overflow"; content: "SID: 5317 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105317; sid: 6105317; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tivoli ManagedNode Buffer Overflow"; content: "SID: 5318 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105318; sid: 6105318; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SoftCart orders Directory Access"; content: "SID: 5319 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105319; sid: 6105319; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ColdFusion administrator Directory Access"; content: "SID: 5320 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105320; sid: 6105320; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Guest Book CGI access"; content: "SID: 5321 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105321; sid: 6105321; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Request"; content: "SID: 5322 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105322; sid: 6105322; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] midicart.mdb File Access"; content: "SID: 5323 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105323; sid: 6105323; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Query (?/)"; content: "SID: 5324 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105324; sid: 6105324; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Contivity cgiproc DoS"; content: "SID: 5325 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105325; sid: 6105325; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Root.exe access"; content: "SID: 5326 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105326; sid: 6105326; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tilde in URI"; content: "SID: 5327 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105327; sid: 6105327; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP phone DoS"; content: "SID: 5328 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105328; sid: 6105328; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache/mod_ssl Worm Probe"; content: "SID: 5329 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105329; sid: 6105329; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache/mod_ssl Worm Buffer Overflow"; content: "SID: 5330 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105330; sid: 6105330; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Image Javascript insertion"; content: "SID: 5331 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105331; sid: 6105331; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wordtrans-web Command Exec"; content: "SID: 5332 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105332; sid: 6105332; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FUDForum File Disclosure"; content: "SID: 5333 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105333; sid: 6105333; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB4Web File Disclosure"; content: "SID: 5334 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105334; sid: 6105334; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB4WEB Proxy Scan"; content: "SID: 5335 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105335; sid: 6105335; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Abyss Web Server File Disclosure"; content: "SID: 5336 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105336; sid: 6105336; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Dot Dot Slash in HTTP Arguments"; content: "SID: 5337 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105337; sid: 6105337; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Front Page Admin password retrival"; content: "SID: 5338 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105338; sid: 6105338; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SunONE Directory Traversal"; content: "SID: 5339 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105339; sid: 6105339; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Killer Protection Credential File Access"; content: "SID: 5340 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105340; sid: 6105340; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Procurve 4000M Switch DoS"; content: "SID: 5341 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105341; sid: 6105341; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invision Board phpinfo.php Recon"; content: "SID: 5342 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105342; sid: 6105342; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Host Header Cross Site Scripting"; content: "SID: 5343 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105343; sid: 6105343; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS MDAC RDS Buffer Overflow"; content: "SID: 5344 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105344; sid: 6105344; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTPBench Information Disclosure"; content: "SID: 5345 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT: classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105345; sid: 6105345; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue Information Disclosure"; content: "SID: 5346 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105346; sid: 6105346; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xoops WebChat SQL Injection"; content: "SID: 5347 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105347; sid: 6105347; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cobalt RaQ Server overflow.cgi Cmd Exec"; content: "SID: 5348 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105348; sid: 6105348; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Polycom ViewStation Admin Password"; content: "SID: 5349 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105349; sid: 6105349; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHPnuke email attachment access"; content: "SID: 5350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105350; sid: 6105350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS IE Help Overflow"; content: "SID: 5351 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105351; sid: 6105351; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell Buffer Overflow"; content: "SID: 5352 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105352; sid: 6105352; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell 'mode' URI exec"; content: "SID: 5353 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105353; sid: 6105353; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] H-Sphere Webshell 'zipfile' URI exec"; content: "SID: 5354 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105354; sid: 6105354; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DotBr exec.php3 exec"; content: "SID: 5355 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105355; sid: 6105355; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DotBr system.php3 exec"; content: "SID: 5356 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105356; sid: 6105356; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMP SQL Injection"; content: "SID: 5357 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105357; sid: 6105357; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Psunami.CGI Remote Command Execution"; content: "SID: 5358 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105358; sid: 6105358; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Scan CGI Scripts Access"; content: "SID: 5359 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105359; sid: 6105359; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage htimage.exe Buffer Overflow"; content: "SID: 5360 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105360; sid: 6105360; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage dvwssr.dll Buffer Overflow"; content: "SID: 5362 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105362; sid: 6105362; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage imagemap.exe Buffer Overflow"; content: "SID: 5363 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105363; sid: 6105363; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS WebDAV Overflow"; content: "SID: 5364 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105364; sid: 6105364; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long WebDAV Request"; content: "SID: 5365 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105365; sid: 6105365; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Shell Code in HTTP URL / Args"; content: "SID: 5366 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105366; sid: 6105366; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache CR LF DoS"; content: "SID: 5367 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105367; sid: 6105367; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ACS Windows CSAdmin Overflow"; content: "SID: 5368 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105368; sid: 6105368; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Win32 Apache Batch File CmdExec"; content: "SID: 5369 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105369; sid: 6105369; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTDig File Disclosure"; content: "SID: 5370 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105370; sid: 6105370; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] bdir.htr Access"; content: "SID: 5371 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105371; sid: 6105371; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP %20 source disclosure"; content: "SID: 5372 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105372; sid: 6105372; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS 5 Translate: f Source Disclosure"; content: "SID: 5373 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105373; sid: 6105373; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Executable File Command Exec"; content: "SID: 5374 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105374; sid: 6105374; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_dav Overflow"; content: "SID: 5375 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105375; sid: 6105375; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iisPROTECT Admin SQL Injection"; content: "SID: 5376 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105376; sid: 6105376; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP args to xp_cmdshell in HTTP Request"; content: "SID: 5377 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105377; sid: 6105377; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vignette TCL Injection Command Exec"; content: "SID: 5378 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105378; sid: 6105378; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Services Logging ISAPI Overflow"; content: "SID: 5379 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105379; sid: 6105379; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB SQL injection"; content: "SID: 5380 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105380; sid: 6105380; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPASP SQL injection"; content: "SID: 5381 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105381; sid: 6105381; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Xpressions SQL Admin Bypass"; content: "SID: 5382 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105382; sid: 6105382; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cyberstrong eShop SQL Injection"; content: "SID: 5383 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105383; sid: 6105383; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks User Priviledge Modification"; content: "SID: 5385 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105385; sid: 6105385; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks Command Exec"; content: "SID: 5386 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105386; sid: 6105386; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerio MailServer Webmail multiple overflows"; content: "SID: 5388 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105388; sid: 6105388; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebAdmin Long User Name Logon Buffer Overflow"; content: "SID: 5389 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105389; sid: 6105389; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Swen Worm HTTP Counter Update Attempt"; content: "SID: 5390 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105390; sid: 6105390; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FrontPage Server Extensions Buffer Overflow"; content: "SID: 5391 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105391; sid: 6105391; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer XML Object Overflow Type 1"; content: "SID: 5392 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105392; sid: 6105392; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer XML Object Overflow Type 2"; content: "SID: 5393 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105393; sid: 6105393; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache mod_gzip Overflow"; content: "SID: 5394 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105394; sid: 6105394; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ACNS Authentication Library Buffer Overflow"; content: "SID: 5395 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105395; sid: 6105395; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SiteInteractive Subscribe Me setup.pl Command Exec"; content: "SID: 5397 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105397; sid: 6105397; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ALT-N MDaemon form2raw.cgi Buffer Overflow"; content: "SID: 5399 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105399; sid: 6105399; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Beagle.B (Bagle.B) Web Beacon"; content: "SID: 5400 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105400; sid: 6105400; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook mailto Quote Malformed URI"; content: "SID: 5401 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105401; sid: 6105401; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer URL Spoofing"; content: "SID: 5402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105402; sid: 6105402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL OR TLS Malformed Handshake DoS"; content: "SID: 5403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105403; sid: 6105403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Uninitialized Memory Corruption"; content: "SID: 5404 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105404; sid: 6105404; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS nsiislog.dll long argument overflow"; content: "SID: 5405 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105405; sid: 6105405; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Illegal MHTML URL"; content: "SID: 5406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105406; sid: 6105406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS PCT Overflow"; content: "SID: 5407 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105407; sid: 6105407; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows HCP URI Parsing Script Exec"; content: "SID: 5408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105408; sid: 6105408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft HCP Remote Code Execution"; content: "SID: 5409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105409; sid: 6105409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] APSIS Pound Remote Format String Overflow"; content: "SID: 5410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105410; sid: 6105410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Linksys Http DoS"; content: "SID: 5411 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105411; sid: 6105411; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Goaway Message Overflow"; content: "SID: 5412 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105412; sid: 6105412; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WhatsUp Gold Buffer Overflow Vulnerability"; content: "SID: 5413 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105413; sid: 6105413; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft NNTP Heap Overflow Vulnerability"; content: "SID: 5414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105414; sid: 6105414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE object data remote execution"; content: "SID: 5416 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105416; sid: 6105416; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Object Tag Overflow"; content: "SID: 5417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105417; sid: 6105417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Cross Site Scripting .htw"; content: "SID: 5418 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105418; sid: 6105418; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Frontpage Path Disclosure"; content: "SID: 5419 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105419; sid: 6105419; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS TRACK Requests"; content: "SID: 5420 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105420; sid: 6105420; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS UNC Disclosure"; content: "SID: 5421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105421; sid: 6105421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ISAPI Extension Enumeration"; content: "SID: 5422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105422; sid: 6105422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS ism.dll Access"; content: "SID: 5423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105423; sid: 6105423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HRAlign Buffer Overflow"; content: "SID: 5424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105424; sid: 6105424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer IFRAME Tag Overflow"; content: "SID: 5425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105425; sid: 6105425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netscape NSS SSLv2 Hello Message Overflow"; content: "SID: 5426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105426; sid: 6105426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Space Character DoS"; content: "SID: 5427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105427; sid: 6105427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CNS Registrar DoS"; content: "SID: 5428 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105428; sid: 6105428; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Replication Protocol Buffer Overflow"; content: "SID: 5429 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105429; sid: 6105429; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Darwin Streaming Server DoS"; content: "SID: 5430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105430; sid: 6105430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS W3Who Vulnerabilties"; content: "SID: 5431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105431; sid: 6105431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script Embedded in HTTP Header"; content: "SID: 5432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105432; sid: 6105432; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jabberd Username Overflow"; content: "SID: 5433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105433; sid: 6105433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Registration Request Overflow"; content: "SID: 5434 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105434; sid: 6105434; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Crystal Reports Remote Code Execution"; content: "SID: 5435 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105435; sid: 6105435; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RXBot Activity"; content: "SID: 5436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105436; sid: 6105436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB highlight parameter"; content: "SID: 5437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105437; sid: 6105437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS Call Processing Solutions DoS"; content: "SID: 5438 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105438; sid: 6105438; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Loadimage API Overflow"; content: "SID: 5439 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105439; sid: 6105439; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRC Bot Activity"; content: "SID: 5440 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105440; sid: 6105440; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Help File Overflow Vulnerability"; content: "SID: 5441 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105441; sid: 6105441; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cursor/Icon File Format Buffer Overflow"; content: "SID: 5442 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105442; sid: 6105442; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ActiveX Help Control"; content: "SID: 5443 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105443; sid: 6105443; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebAgent logon Buffer Overflow"; content: "SID: 5444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105444; sid: 6105444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats configdir Command Exec"; content: "SID: 5445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105445; sid: 6105445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Install Engine Overflow"; content: "SID: 5446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105446; sid: 6105446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VB.aw Trojan/Back Door"; content: "SID: 5447 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105447; sid: 6105447; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Blaster Worm"; content: "SID: 5448 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105448; sid: 6105448; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Massacre Virus Attachment"; content: "SID: 5449 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105449; sid: 6105449; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Love Letter Worm Attachment"; content: "SID: 5450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105450; sid: 6105450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS WebDAV DoS"; content: "SID: 5451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105451; sid: 6105451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office XP URL Processing Buffer Overflow"; content: "SID: 5452 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105452; sid: 6105452; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats Plugin Command Exec"; content: "SID: 5453 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105453; sid: 6105453; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exim SPA Authentication Buffer Overflow"; content: "SID: 5454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105454; sid: 6105454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arkeia Type 77 Request Buffer Overflow"; content: "SID: 5455 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105455; sid: 6105455; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer 5 ie5filex Exploit"; content: "SID: 5456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105456; sid: 6105456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WU-FTPD DoS"; content: "SID: 5457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105457; sid: 6105457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebConnect MS-DOS Device Name DoS"; content: "SID: 5458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105458; sid: 6105458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebConnect Directory Traversal Vulnerability"; content: "SID: 5459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105459; sid: 6105459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpMyAdmin phpmyadmin.css.php File Disclosure"; content: "SID: 5460 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105460; sid: 6105460; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BadBlue MFCISAPICommand Buffer Overflow"; content: "SID: 5461 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105461; sid: 6105461; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] phpBB Authentication Bypass"; content: "SID: 5462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105462; sid: 6105462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Software GETCONFIG Buffer Overflow"; content: "SID: 5463 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105463; sid: 6105463; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Network Buffer Overflow"; content: "SID: 5464 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105464; sid: 6105464; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Checksum Buffer Overflow"; content: "SID: 5465 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105465; sid: 6105465; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite PUTOLF Buffer Overflow"; content: "SID: 5466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105466; sid: 6105466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite PUTOLF Directory Traversal"; content: "SID: 5467 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105467; sid: 6105467; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates License Suite Invalid Command Overflow"; content: "SID: 5468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105468; sid: 6105468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TrackerCam PHP Argument Overflow"; content: "SID: 5469 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105469; sid: 6105469; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SafeNet Sentinel Buffer Overflow"; content: "SID: 5471 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105471; sid: 6105471; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Sysimage Handler Local Executable Reference"; content: "SID: 5472 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105472; sid: 6105472; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Java JNLP File Command Injection"; content: "SID: 5473 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105473; sid: 6105473; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQL Query in HTTP Request"; content: "SID: 5474 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105474; sid: 6105474; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor ARCserve Backup Universal Agent Overflow"; content: "SID: 5475 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105475; sid: 6105475; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Application Execution"; content: "SID: 5476 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105476; sid: 6105476; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Possible Heap Payload Construction"; content: "SID: 5477 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105477; sid: 6105477; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange SMTP Overflow"; content: "SID: 5478 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105478; sid: 6105478; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDAV Lock-Token Overflow"; content: "SID: 5479 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105479; sid: 6105479; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDAV If Header Overflow"; content: "SID: 5480 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105480; sid: 6105480; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL MaxDB WebDBM Overflow"; content: "SID: 5481 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105481; sid: 6105481; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Login Overflow"; content: "SID: 5482 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105482; sid: 6105482; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Content Advisor Buffer Overflow"; content: "SID: 5483 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105483; sid: 6105483; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sambar Server Search Overflow"; content: "SID: 5484 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105484; sid: 6105484; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISS PAM.dll ICQ Parser Buffer Overflow"; content: "SID: 5485 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105485; sid: 6105485; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple File Service LoginExt Overflow"; content: "SID: 5486 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105486; sid: 6105486; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IA WebMail Buffer Overflow"; content: "SID: 5487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105487; sid: 6105487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Icecast Server HTTP Header Buffer Overflow"; content: "SID: 5488 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105488; sid: 6105488; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MyTOB Virus Activity"; content: "SID: 5489 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105489; sid: 6105489; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript IFRAME Exploitation"; content: "SID: 5490 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105490; sid: 6105490; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Install Trigger Function"; content: "SID: 5491 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105491; sid: 6105491; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wurmark Virus Activity"; content: "SID: 5492 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105492; sid: 6105492; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Llsrpc Bind"; content: "SID: 5493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105493; sid: 6105493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webview Script Injection"; content: "SID: 5494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105494; sid: 6105494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LDAP Active Directory Stack Overflow"; content: "SID: 5495 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105495; sid: 6105495; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] License Logging Service Overflow"; content: "SID: 5496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105496; sid: 6105496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMTP BDAT Vulnerability"; content: "SID: 5497 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105497; sid: 6105497; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Media Player IE Zone Bypass"; content: "SID: 5498 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105498; sid: 6105498; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Link in Object Tag in IE"; content: "SID: 5499 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105499; sid: 6105499; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE .asp File Execution"; content: "SID: 5500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105500; sid: 6105500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE ActiveX ADODB Stream"; content: "SID: 5501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105501; sid: 6105501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Llssrv RPC Activity"; content: "SID: 5502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105502; sid: 6105502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Object Creation In IE Local Zone"; content: "SID: 5503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105503; sid: 6105503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor Backup Discovery UDP Probe Overflow"; content: "SID: 5504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105504; sid: 6105504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIP Trace"; content: "SID: 5505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105505; sid: 6105505; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Orifice Ping"; content: "SID: 5506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105506; sid: 6105506; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unreal Engine /secure/ Overflow"; content: "SID: 5507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105507; sid: 6105507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed IKE Packet DoS"; content: "SID: 5508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105508; sid: 6105508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tftp Passwd File"; content: "SID: 5509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105509; sid: 6105509; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco TFTPD Directory Traversal"; content: "SID: 5510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105510; sid: 6105510; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ascend Denial of Service"; content: "SID: 5511 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105511; sid: 6105511; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco SNMP Message Processing DoS"; content: "SID: 5512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105512; sid: 6105512; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Public"; content: "SID: 5513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105513; sid: 6105513; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP VC Embedded Community Names"; content: "SID: 5514 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105514; sid: 6105514; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE DHTML Edit Control"; content: "SID: 5515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105515; sid: 6105515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Wildcard DoS"; content: "SID: 5516 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105516; sid: 6105516; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AnswerBook2 Format String"; content: "SID: 5517 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105517; sid: 6105517; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quake Server Connect DoS"; content: "SID: 5518 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105518; sid: 6105518; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Popup Blocker Bypass"; content: "SID: 5519 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105519; sid: 6105519; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XEXCH50 Command Usage"; content: "SID: 5520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105520; sid: 6105520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nested Array Sort Loop DoS"; content: "SID: 5521 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105521; sid: 6105521; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jet Database Engine Shell Command Injection"; content: "SID: 5523 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105523; sid: 6105523; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Font Tag Split"; content: "SID: 5524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105524; sid: 6105524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Express Overflow"; content: "SID: 5525 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105525; sid: 6105525; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Environment Option Information Disclosure"; content: "SID: 5526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105526; sid: 6105526; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Index HTW Cross Site Scripting"; content: "SID: 5527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105527; sid: 6105527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS5 SEARCH overflow"; content: "SID: 5528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105528; sid: 6105528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CheckPoint Firewall RDP ByPass"; content: "SID: 5529 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105529; sid: 6105529; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Discover"; content: "SID: 5530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105530; sid: 6105530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Status Bar Spoof"; content: "SID: 5531 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105531; sid: 6105531; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Deltasource"; content: "SID: 5532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105532; sid: 6105532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Remote Boot Tool"; content: "SID: 5533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105533; sid: 6105533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KaZaA UDP Client Probe"; content: "SID: 5534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105534; sid: 6105534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Overnet Client Scan"; content: "SID: 5535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105535; sid: 6105535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gnutella File Search"; content: "SID: 5536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105536; sid: 6105536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICQ Client DNS Request"; content: "SID: 5537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105537; sid: 6105537; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Client DNS request"; content: "SID: 5538 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105538; sid: 6105538; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo Messenger Client DNS Request"; content: "SID: 5539 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105539; sid: 6105539; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger Client DNS Request"; content: "SID: 5540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105540; sid: 6105540; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modem DoS"; content: "SID: 5541 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105541; sid: 6105541; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PingTunnel ICMP Tunneling"; content: "SID: 5543 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105543; sid: 6105543; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Back Door Blaaaaa"; content: "SID: 5544 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105544; sid: 6105544; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Request Smuggling Attempt"; content: "SID: 5545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105545; sid: 6105545; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Key Exchange DoS"; content: "SID: 5546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105546; sid: 6105546; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB File Name Overflow"; content: "SID: 5547 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105547; sid: 6105547; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Windows Remote Agent Password Overflow"; content: "SID: 5548 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105548; sid: 6105548; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Evolution Message Size Overflow"; content: "SID: 5549 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105549; sid: 6105549; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access Cross Site Scripting Vulnerability"; content: "SID: 5551 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105551; sid: 6105551; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player Skin File Code Execution Vulnerability"; content: "SID: 5552 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105552; sid: 6105552; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finger and cFinger Double Star User List Search"; content: "SID: 5553 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105553; sid: 6105553; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Object Tag Overflow Runtime Script Exploit"; content: "SID: 5554 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105554; sid: 6105554; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco ONS Telnet DOS"; content: "SID: 5555 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105555; sid: 6105555; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Javaprxy.dll Heap Overflow"; content: "SID: 5556 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105556; sid: 6105556; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ICC Color Management Module Vulnerability"; content: "SID: 5557 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105557; sid: 6105557; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Webcart Command Injection"; content: "SID: 5558 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105558; sid: 6105558; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Format String"; content: "SID: 5559 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105559; sid: 6105559; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable IMAP Overflow"; content: "SID: 5560 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105560; sid: 6105560; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMTP Overflow"; content: "SID: 5561 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105561; sid: 6105561; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Qpopper Overflow"; content: "SID: 5562 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105562; sid: 6105562; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ARCserve Backup MS-SQL Overflow"; content: "SID: 5564 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105564; sid: 6105564; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Print Spooler Service Overflow"; content: "SID: 5565 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105565; sid: 6105565; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Potential IE Cross Frame Scripting"; content: "SID: 5566 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105566; sid: 6105566; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Remote Registry Access"; content: "SID: 5567 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105567; sid: 6105567; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Veritas Backup Exec Agent Remote File Access"; content: "SID: 5568 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105568; sid: 6105568; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MDaemon Imap Authentication Overflow"; content: "SID: 5569 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105569; sid: 6105569; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ZOTOB Worm Activity"; content: "SID: 5570 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105570; sid: 6105570; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RBOT.CBQ Worm Activity"; content: "SID: 5571 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105571; sid: 6105571; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Design Tools Diagram Surface ActiveX Control"; content: "SID: 5572 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105572; sid: 6105572; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory Server iMonitor Buffer Overflow"; content: "SID: 5573 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105573; sid: 6105573; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenView Network Node Manager Command Injection"; content: "SID: 5574 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105574; sid: 6105574; rev: 4;)
##alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBIOS Session Service Failed Login"; content: "SID: 5575 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105575; sid: 6105575; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NBT NetBIOS Session Failed Login - Brute Force [5/3]"; content: "SID: 5575 ,"; xbits: set,brute_force,21600; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; after: track by_src, count 5, seconds 300; threshold: type limit, track by_src, count 3, seconds 300; fwsam: src, 1 day; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107002; sid: 6107002; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Login successful with Guest Privileges"; content: "SID: 5576 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105576; sid: 6105576; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NULL login attempt"; content: "SID: 5577 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105577; sid: 6105577; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB 95 98 Password File Access"; content: "SID: 5578 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105578; sid: 6105578; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Registry Access Attempt"; content: "SID: 5579 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105579; sid: 6105579; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Lsarpc Service Access Attempt"; content: "SID: 5580 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105580; sid: 6105580; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote Srvsvc Service Access Attempt"; content: "SID: 5581 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105581; sid: 6105581; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBIOS Enum Share DoS"; content: "SID: 5582 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105582; sid: 6105582; rev: 6;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Remote SAM Service Access Attempt"; content: "SID: 5583 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105583; sid: 6105583; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB .eml email file remote access"; content: "SID: 5584 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105584; sid: 6105584; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Suspicious Password Usage"; content: "SID: 5585 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105585; sid: 6105585; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Locator Service Overflow"; content: "SID: 5586 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105586; sid: 6105586; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows 9x NetBIOS NULL Name Vulnerability"; content: "SID: 5587 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105587; sid: 6105587; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows DCOM Overflow"; content: "SID: 5588 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105588; sid: 6105588; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB ADMIN Hidden Share Access Attempt"; content: "SID: 5589 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105589; sid: 6105589; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB User Enumeration"; content: "SID: 5590 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105590; sid: 6105590; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Windows Share Enumeration"; content: "SID: 5591 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105591; sid: 6105591; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB RFPoison Attack"; content: "SID: 5592 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105592; sid: 6105592; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB NIMDA Infected File Transfer"; content: "SID: 5593 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105593; sid: 6105593; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba call_trans2open Overflow"; content: "SID: 5594 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105594; sid: 6105594; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Startup Folder Remote Access"; content: "SID: 5595 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105595; sid: 6105595; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows SMB/RPC NoOp Sled"; content: "SID: 5596 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105596; sid: 6105596; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB MSRPC Messenger Overflow"; content: "SID: 5597 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105597; sid: 6105597; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Workstation Service Overflow"; content: "SID: 5598 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105598; sid: 6105598; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Anig Worm File Transfer"; content: "SID: 5599 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105599; sid: 6105599; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ASN.1 Bit String NTLMv2 Integer Overflow"; content: "SID: 5600 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105600; sid: 6105600; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows LSASS RPC Overflow"; content: "SID: 5601 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105601; sid: 6105601; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows System32 Directory File Access"; content: "SID: 5602 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105602; sid: 6105602; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSRPC Protocol violation"; content: "SID: 5603 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105603; sid: 6105603; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Account Locked"; content: "SID: 5605 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105605; sid: 6105605; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Authorization Failure"; content: "SID: 5606 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105606; sid: 6105606; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Network Supervisor Directory Traversal Vulnerability"; content: "SID: 5608 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105608; sid: 6105608; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Memory Corruption Vulnerability"; content: "SID: 5609 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105609; sid: 6105609; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cacti Graph_Image.PHP Remote Command Execution Vulnerability"; content: "SID: 5610 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105610; sid: 6105610; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPress Cookie cache_lastpostdate Overflow"; content: "SID: 5611 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105611; sid: 6105611; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Unsolicited Response Storm"; content: "SID: 5612 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105612; sid: 6105612; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Cold Restart Request"; content: "SID: 5613 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105613; sid: 6105613; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Disable Unsolicited Responses"; content: "SID: 5614 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105614; sid: 6105614; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Read Request to a PLC"; content: "SID: 5615 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105615; sid: 6105615; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Stop Application"; content: "SID: 5616 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105616; sid: 6105616; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Warm Restart"; content: "SID: 5617 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105617; sid: 6105617; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Broadcast Request"; content: "SID: 5618 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105618; sid: 6105618; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-DNP3 Communication on a DNP3 Port"; content: "SID: 5619 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105619; sid: 6105619; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Write Request to a PLC"; content: "SID: 5620 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105620; sid: 6105620; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNP3 - Miscellaneous Request to a PLC"; content: "SID: 5621 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105621; sid: 6105621; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Force Listen Only Mode"; content: "SID: 5622 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105622; sid: 6105622; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Restart Communications Option"; content: "SID: 5623 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105623; sid: 6105623; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Clear Counters and Diagnostic Registers"; content: "SID: 5624 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105624; sid: 6105624; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Read Device Identification"; content: "SID: 5625 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105625; sid: 6105625; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Report Server Information"; content: "SID: 5626 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105626; sid: 6105626; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Illegal Packet Size"; content: "SID: 5627 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105627; sid: 6105627; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus Slave Device Busy Exception Code Delay"; content: "SID: 5628 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105628; sid: 6105628; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus Acknowledge Exception Code Delay"; content: "SID: 5629 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105629; sid: 6105629; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Read Request to a PLC"; content: "SID: 5630 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105630; sid: 6105630; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Write Request to a PLC"; content: "SID: 5631 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105631; sid: 6105631; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Modbus TCP - Non-Modbus Communication"; content: "SID: 5632 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105632; sid: 6105632; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] .HTR Source View"; content: "SID: 5633 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105633; sid: 6105633; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Barracuda Spam Firewall Command Execution"; content: "SID: 5634 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105634; sid: 6105634; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Plug and Play Overflow"; content: "SID: 5635 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105635; sid: 6105635; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] vBulletin Template PHP Code Injection Vulnerability"; content: "SID: 5636 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105636; sid: 6105636; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Download Path Traversal"; content: "SID: 5637 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105637; sid: 6105637; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP Command Injection"; content: "SID: 5638 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105638; sid: 6105638; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web View Script Injection Vulnerability"; content: "SID: 5639 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105639; sid: 6105639; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XML Race Condition in Internet Explorer"; content: "SID: 5640 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105640; sid: 6105640; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS DTC DoS"; content: "SID: 5641 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105641; sid: 6105641; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow Overflow"; content: "SID: 5642 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105642; sid: 6105642; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sox WAV File Overflow"; content: "SID: 5643 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105643; sid: 6105643; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Client Service for NetWare Overflow"; content: "SID: 5644 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105644; sid: 6105644; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SSH URI Handler"; content: "SID: 5645 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105645; sid: 6105645; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gatekeeper Overflow"; content: "SID: 5646 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105646; sid: 6105646; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Savant Webserver Request Overflow"; content: "SID: 5647 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105647; sid: 6105647; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tomcat Denial of Service Attack"; content: "SID: 5648 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105648; sid: 6105648; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ESignal Remote Buffer Overflow"; content: "SID: 5649 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105649; sid: 6105649; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Finjan SurfinGate FHTTP Restart Command Execution"; content: "SID: 5650 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105650; sid: 6105650; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Server DoS"; content: "SID: 5651 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105651; sid: 6105651; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Directory Traversal"; content: "SID: 5652 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105652; sid: 6105652; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco WLSE/HSE Default Username"; content: "SID: 5653 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105653; sid: 6105653; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Root Drive Access Attempt"; content: "SID: 5654 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105654; sid: 6105654; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cobalt RaQ Cross Site Scripting Vulnerability"; content: "SID: 5655 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105655; sid: 6105655; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS Listener DoS"; content: "SID: 5656 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105656; sid: 6105656; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AMLServer Local Path Disclosure"; content: "SID: 5657 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105657; sid: 6105657; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat JSP Engine DoS"; content: "SID: 5658 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105658; sid: 6105658; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare GSX Server Authentication Server Overflow"; content: "SID: 5659 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105659; sid: 6105659; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SquirrelMail Email Header Script Injection"; content: "SID: 5660 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105660; sid: 6105660; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Request"; content: "SID: 5661 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105661; sid: 6105661; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP POST Content-Type Overflow"; content: "SID: 5662 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105662; sid: 6105662; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NoOp Sled On HTTPS Port"; content: "SID: 5663 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTPS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105663; sid: 6105663; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Null Byte File Disclosure"; content: "SID: 5664 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105664; sid: 6105664; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultimate PHP Board Code Execution "; content: "SID: 5665 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105665; sid: 6105665; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unix chetcpasswd.cgi File Disclosure Vulnerability"; content: "SID: 5666 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105666; sid: 6105666; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Site Searcher Arbitrary Code Execution"; content: "SID: 5667 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105667; sid: 6105667; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unauthenticated FTP Connection"; content: "SID: 5668 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105668; sid: 6105668; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arkeia Type 74 Request Overflow"; content: "SID: 5669 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105669; sid: 6105669; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Select Excessive Length"; content: "SID: 5671 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105671; sid: 6105671; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Message Queuing Buffer Overflow"; content: "SID: 5672 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105672; sid: 6105672; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Format String"; content: "SID: 5673 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105673; sid: 6105673; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort Back Orifice Preprocessor Overflow"; content: "SID: 5674 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105674; sid: 6105674; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP-UX LPD Command Execution"; content: "SID: 5675 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105675; sid: 6105675; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] News Manager Lite Authentication Bypass"; content: "SID: 5676 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105676; sid: 6105676; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Universal Server Overflow"; content: "SID: 5677 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105677; sid: 6105677; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AWStats Plugin Log Access"; content: "SID: 5678 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105678; sid: 6105678; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle TNS Listener Denial Of Service"; content: "SID: 5679 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105679; sid: 6105679; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Line Feed DoS"; content: "SID: 5680 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105680; sid: 6105680; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC DHCP Daemon Buffer Overflow"; content: "SID: 5681 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105681; sid: 6105681; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Vista Feed Headlines Gadget Remote Code Execution"; content: "SID: 5683 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105683; sid: 6105683; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed SIP Packet"; content: "SID: 5684 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105684; sid: 6105684; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebBBS Command Execution Vulnerability"; content: "SID: 5685 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105685; sid: 6105685; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long POPPASSWD String Overflow"; content: "SID: 5686 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105686; sid: 6105686; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Frame Cross Zone Scripting"; content: "SID: 5687 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105687; sid: 6105687; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RSA WebAgent Redirect Overflow"; content: "SID: 5688 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105688; sid: 6105688; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSSQL Resolution Service Keep-Alive DoS"; content: "SID: 5689 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105689; sid: 6105689; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Overflow"; content: "SID: 5692 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105692; sid: 6105692; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metafile Buffer Overflow"; content: "SID: 5693 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105693; sid: 6105693; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Enhanced Metafile Buffer Overflow"; content: "SID: 5694 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105694; sid: 6105694; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Enhanced Metafile DoS"; content: "SID: 5695 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105695; sid: 6105695; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Midi Decoder Overflow"; content: "SID: 5696 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105696; sid: 6105696; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Script in Email Body"; content: "SID: 5697 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105697; sid: 6105697; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LanMan DoS"; content: "SID: 5698 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105698; sid: 6105698; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SalesLogix File Upload Vulnerability"; content: "SID: 5699 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105699; sid: 6105699; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP cURL Arbitrary File Access"; content: "SID: 5700 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105700; sid: 6105700; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Soap Request"; content: "SID: 5701 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105701; sid: 6105701; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Video Surveillance IP Gateway Encoder/Decoder Telnet Authentication Vulnerability"; content: "SID: 5703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105703; sid: 6105703; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iPlanet Web Server Remote Root Command Execution"; content: "SID: 5705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105705; sid: 6105705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Persistent Content in a Dynamic Webpage"; content: "SID: 5706 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105706; sid: 6105706; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SWAT Pre-Authentication Buffer Overflow"; content: "SID: 5708 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105708; sid: 6105708; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Eicar Standard Anti-Virus Test File"; content: "SID: 5710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105710; sid: 6105710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed URL"; content: "SID: 5711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105711; sid: 6105711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Zip File Name Overflow"; content: "SID: 5713 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105713; sid: 6105713; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GKrellM Buffer Overflow"; content: "SID: 5714 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105714; sid: 6105714; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SAP Internet Transaction Server Information Disclosure"; content: "SID: 5715 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105715; sid: 6105715; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Stack Group Bidding Protocol DoS"; content: "SID: 5716 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105716; sid: 6105716; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ipswitch SMTP Format String"; content: "SID: 5717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105717; sid: 6105717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VERITAS NetBackup Volume Manager Daemon Buffer Overflow"; content: "SID: 5718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105718; sid: 6105718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lyris ListManager SQL Command Injection"; content: "SID: 5720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105720; sid: 6105720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Appliance ProxyStyleSheet Command Execution"; content: "SID: 5722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105722; sid: 6105722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IIS .dll DoS"; content: "SID: 5723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105723; sid: 6105723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nikto Scan"; content: "SID: 5724 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105724; sid: 6105724; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell NMAP Agent Buffer Overflow"; content: "SID: 5725 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105725; sid: 6105725; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Directory Failed Login"; content: "SID: 5726 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105726; sid: 6105726; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco VPN 3000 Concentrator HTTP Attack Vulnerability"; content: "SID: 5727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105727; sid: 6105727; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows IGMP DoS"; content: "SID: 5728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105728; sid: 6105728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player Browser Plug-in Overflow"; content: "SID: 5729 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105729; sid: 6105729; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp Playlist File Handling Buffer Overflow"; content: "SID: 5730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105730; sid: 6105730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player BMP Processing Vulnerability"; content: "SID: 5731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105731; sid: 6105731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web Client Remote Code Execution Vulnerability"; content: "SID: 5732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105732; sid: 6105732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long HTTP Header Hostname"; content: "SID: 5733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105733; sid: 6105733; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE isComponentInstalled() Overflow"; content: "SID: 5734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105734; sid: 6105734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Player ActionDefineFunction Code Execution"; content: "SID: 5735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105735; sid: 6105735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinVNC Client Buffer Overflow"; content: "SID: 5736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105736; sid: 6105736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Action Handlers Overflow"; content: "SID: 5737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105737; sid: 6105737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows ACS Registry Access"; content: "SID: 5738 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105738; sid: 6105738; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Active Directory Failed Login"; content: "SID: 5739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105739; sid: 6105739; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerio Personal Firewall Remote Authentication Buffer Overflow"; content: "SID: 5740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105740; sid: 6105740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PeerCast Buffer Overflow"; content: "SID: 5743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105743; sid: 6105743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Login DoS"; content: "SID: 5744 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105744; sid: 6105744; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP REST command"; content: "SID: 5745 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105745; sid: 6105745; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP ALLO command"; content: "SID: 5746 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105746; sid: 6105746; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MDAC Function Remote Code Execution"; content: "SID: 5747 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105747; sid: 6105747; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-SMTP Session Start"; content: "SID: 5748 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105748; sid: 6105748; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Double Byte Character Parsing"; content: "SID: 5749 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105749; sid: 6105749; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WLSE Cross Site Scripting"; content: "SID: 5750 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105750; sid: 6105750; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultr@VNC Client Overflow"; content: "SID: 5751 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105751; sid: 6105751; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sybase EAServer Overflow"; content: "SID: 5752 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105752; sid: 6105752; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Mailto Handler Vulnerability"; content: "SID: 5753 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105753; sid: 6105753; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PAJAX Remote Code Execution Vulnerability"; content: "SID: 5754 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105754; sid: 6105754; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Embedded TCP Connection Relay"; content: "SID: 5756 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105756; sid: 6105756; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Exchange Server Cross-Site Scripting"; content: "SID: 5757 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105757; sid: 6105757; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Bomberclone Buffer Overflow"; content: "SID: 5758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105758; sid: 6105758; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VNC Authentication Bypass"; content: "SID: 5759 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105759; sid: 6105759; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Messenger Accept-Language Value Overflow"; content: "SID: 5760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105760; sid: 6105760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ultr@VNC Server Overflow"; content: "SID: 5761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105761; sid: 6105761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wireless Control System Cross Server Site Scripting"; content: "SID: 5763 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105763; sid: 6105763; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ShixxNOTE Font Buffer Overflow"; content: "SID: 5764 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105764; sid: 6105764; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Horde Help Viewer Remote Code Execution"; content: "SID: 5765 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105765; sid: 6105765; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Resolution Response Code Execution"; content: "SID: 5766 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105766; sid: 6105766; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeSSHd Key Exchange Overflow"; content: "SID: 5767 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105767; sid: 6105767; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Warez Activity"; content: "SID: 5768 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105768; sid: 6105768; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed HTTP Request"; content: "SID: 5769 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105769; sid: 6105769; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS XSS"; content: "SID: 5770 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105770; sid: 6105770; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winny Activity"; content: "SID: 5771 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105771; sid: 6105771; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP.NET Information Disclosure Vulnerability"; content: "SID: 5772 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105772; sid: 6105772; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Simple PHP Blog Unauthorized File Access"; content: "SID: 5773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105773; sid: 6105773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Player PNG Processing Remote Code Execution"; content: "SID: 5774 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105774; sid: 6105774; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTML Redirection"; content: "SID: 5775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105775; sid: 6105775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Routing and Remote Access Service Code Execution"; content: "SID: 5776 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105776; sid: 6105776; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Favicon Code Execution"; content: "SID: 5777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105777; sid: 6105777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Uplddrvinfo.htm File Deletion Vulnerability"; content: "SID: 5778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105778; sid: 6105778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Connection Request"; content: "SID: 5779 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105779; sid: 6105779; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Connection Established"; content: "SID: 5780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105780; sid: 6105780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Client Association"; content: "SID: 5781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105781; sid: 6105781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP MMS Write Request Attempt"; content: "SID: 5782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105782; sid: 6105782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP MMS Write Request Succeeded"; content: "SID: 5783 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105783; sid: 6105783; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Address Unknown Disconnect"; content: "SID: 5784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105784; sid: 6105784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP COTP Protocol Error Disconnect"; content: "SID: 5785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105785; sid: 6105785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid OSI SSEL"; content: "SID: 5786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105786; sid: 6105786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid OSI PSEL"; content: "SID: 5787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105787; sid: 6105787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ICCP Invalid TPKT Protocol"; content: "SID: 5788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105788; sid: 6105788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Tunnel Client Activity"; content: "SID: 5789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105789; sid: 6105789; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CS-MARS JBoss Vulnerability"; content: "SID: 5790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105790; sid: 6105790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Hyperlink Object Library Buffer Overflow"; content: "SID: 5792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105792; sid: 6105792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Server Driver Remote Execution"; content: "SID: 5793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105793; sid: 6105793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Routing and Remote Access Service RASMAN Registry Stack Overflow"; content: "SID: 5794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105794; sid: 6105794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Option Overflow Code Execution"; content: "SID: 5795 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105795; sid: 6105795; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS HTTP Unauthorized Command Execution"; content: "SID: 5796 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105796; sid: 6105796; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Calendar DoS"; content: "SID: 5797 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105797; sid: 6105797; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mambo PHP sbp File Inclusion Vulnerability"; content: "SID: 5798 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105798; sid: 6105798; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Server Service Code Execution"; content: "SID: 5799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105799; sid: 6105799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Large Content-Type"; content: "SID: 5800 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105800; sid: 6105800; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime JPEG Code Execution Overflow"; content: "SID: 5801 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105801; sid: 6105801; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTML URI Buffer Overflow"; content: "SID: 5802 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105802; sid: 6105802; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sygate Login Servlet SQL Injection"; content: "SID: 5803 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105803; sid: 6105803; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPN3000 Concentrator Unauthenticated FTP Access"; content: "SID: 5804 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105804; sid: 6105804; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VPN3000 Concentrator FTP RMD Execution"; content: "SID: 5805 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105805; sid: 6105805; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winny P2P Connection Activity"; content: "SID: 5806 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105806; sid: 6105806; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Indexing Service Cross Site Scripting Vulnerability"; content: "SID: 5807 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105807; sid: 6105807; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DCERPC Authentication DoS"; content: "SID: 5809 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105809; sid: 6105809; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SecureCRT SSH1 Buffer Overflow"; content: "SID: 5810 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105810; sid: 6105810; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IPS SSL DOS Vulnerability"; content: "SID: 5812 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105812; sid: 6105812; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Vector Markup Language Vulnerability"; content: "SID: 5813 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105813; sid: 6105813; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Step-by-Step Interactive Training Remote Code Execution"; content: "SID: 5814 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105814; sid: 6105814; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebViewFolderIcon setSlice() Overflow"; content: "SID: 5815 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105815; sid: 6105815; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TOR Client Activity"; content: "SID: 5816 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105816; sid: 6105816; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ASP .NET Cross Site Scripting"; content: "SID: 5817 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105817; sid: 6105817; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Metasploit Shellcode Encoder"; content: "SID: 5818 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105818; sid: 6105818; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long FTP XCRC XSHA1 XMD5 Command"; content: "SID: 5819 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105819; sid: 6105819; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec AntiVirus and Client Security Buffer Overflow"; content: "SID: 5820 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105820; sid: 6105820; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectAnimation ActiveX Memory Corruption"; content: "SID: 5821 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105821; sid: 6105821; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Workstation Service Memory Corruption Vulnerability"; content: "SID: 5822 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105822; sid: 6105822; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee Epolicy Overflow"; content: "SID: 5823 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105823; sid: 6105823; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Header DoS"; content: "SID: 5824 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105824; sid: 6105824; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Malformed Invite Packet"; content: "SID: 5825 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105825; sid: 6105825; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EIQ ESA Topology Delete Device Overflow"; content: "SID: 5826 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105826; sid: 6105826; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer ActiveX Control Arbitrary Code Execution"; content: "SID: 5827 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105827; sid: 6105827; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Server Side Cross Site Scripting"; content: "SID: 5828 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105828; sid: 6105828; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid SSL Packet"; content: "SID: 5829 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105829; sid: 6105829; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server HTTP Request Overflow"; content: "SID: 5830 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105830; sid: 6105830; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server RADIUS Accounting Request Vulnerability"; content: "SID: 5831 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105831; sid: 6105831; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS Crafted IP Option Vulnerability"; content: "SID: 5832 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105832; sid: 6105832; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime RTSP URL Vulnerability"; content: "SID: 5833 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105833; sid: 6105833; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS SIP DoS Vulnerability"; content: "SID: 5835 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105835; sid: 6105835; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed TCP packet"; content: "SID: 5837 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105837; sid: 6105837; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS NAM SNMP Traffic"; content: "SID: 5838 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105838; sid: 6105838; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Server Response Code Execution"; content: "SID: 5839 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105839; sid: 6105839; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CLSID Code Execution"; content: "SID: 5840 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105840; sid: 6105840; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CatOS NAM SNMP Traffic"; content: "SID: 5841 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105841; sid: 6105841; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Solaris Telnet Authentication Bypass"; content: "SID: 5842 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105842; sid: 6105842; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor Tape Engine Overflow"; content: "SID: 5843 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105843; sid: 6105843; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Memory Corruption Exploit"; content: "SID: 5845 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105845; sid: 6105845; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP 230 Reply Code"; content: "SID: 5846 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105846; sid: 6105846; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Successful Privileged Login"; content: "SID: 5847 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105847; sid: 6105847; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Content Management Service Cross-site Scripting"; content: "SID: 5848 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105848; sid: 6105848; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Content Management Server Vulnerability"; content: "SID: 5849 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105849; sid: 6105849; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort DCE/RPC Preprocessor Vulnerability"; content: "SID: 5850 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105850; sid: 6105850; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WCS Administrative Directory Access"; content: "SID: 5851 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105851; sid: 6105851; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Malformed String Vulnerability"; content: "SID: 5852 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105852; sid: 6105852; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Invite DoS"; content: "SID: 5853 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105853; sid: 6105853; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CUCM/CUPS Denial of Service Vulnerability"; content: "SID: 5854 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105854; sid: 6105854; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Helix Remote Code Execution"; content: "SID: 5855 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105855; sid: 6105855; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Agent URL Parsing Remote Code Execution"; content: "SID: 5856 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105856; sid: 6105856; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UPnP Memory Corruption Vulnerability"; content: "SID: 5857 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105857; sid: 6105857; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Server RPC Interface Buffer Overflow"; content: "SID: 5858 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105858; sid: 6105858; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] uTorrent File Handling Buffer Overflow"; content: "SID: 5859 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105859; sid: 6105859; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS FTPd Successful Login"; content: "SID: 5860 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105860; sid: 6105860; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco CNS Netflow Collection Engine Default Password"; content: "SID: 5861 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105861; sid: 6105861; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access UTF Character Script Execution"; content: "SID: 5862 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105862; sid: 6105862; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CAPICOM.Certificates Remote Code Execution"; content: "SID: 5863 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105863; sid: 6105863; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Exchange Server IMAP Literal Processing Vulnerability"; content: "SID: 5864 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105864; sid: 6105864; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft WMS Arbitrary File Rewrite Vulnerability"; content: "SID: 5865 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105865; sid: 6105865; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Domino IMAP CRAM-MD5 Overflow"; content: "SID: 5866 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105866; sid: 6105866; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Navigation Cancel Page Spoofing Vulnerability"; content: "SID: 5868 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105868; sid: 6105868; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer CSS Tag Memory Corruption"; content: "SID: 5869 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105869; sid: 6105869; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Win32 API Vulnerability"; content: "SID: 5870 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105870; sid: 6105870; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Urlmon.dll COM Object Instantiation"; content: "SID: 5871 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105871; sid: 6105871; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API 4 ActiveX Overflow"; content: "SID: 5873 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105873; sid: 6105873; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API 4 ActiveX Overflow"; content: "SID: 5874 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105874; sid: 6105874; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WinZip ActiveX Control Instantiation"; content: "SID: 5876 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105876; sid: 6105876; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Protocol Handler Command Execution"; content: "SID: 5877 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105877; sid: 6105877; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VBE Object ID Buffer Overflow"; content: "SID: 5878 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105878; sid: 6105878; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime Java QTPointer Vulnerability"; content: "SID: 5879 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105879; sid: 6105879; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Web Start JNLP File Stack Overflow"; content: "SID: 5880 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105880; sid: 6105880; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS NHRP Buffer Overflow"; content: "SID: 5884 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105884; sid: 6105884; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EnjoySAP kweditcontrol.kwedit Stack Overflow"; content: "SID: 5885 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105885; sid: 6105885; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Java Socks Proxy Overflow"; content: "SID: 5886 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105886; sid: 6105886; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PDWizard ActiveX Overflow"; content: "SID: 5887 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105887; sid: 6105887; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TLBINF32.DLL COM Object Instantiation"; content: "SID: 5888 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105888; sid: 6105888; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NeoTrace ActiveX Buffer Overflow"; content: "SID: 5889 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105889; sid: 6105889; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long IMAP SUBSCRIBE Command"; content: "SID: 5890 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105890; sid: 6105890; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Motive Communications ActiveUtils Buffer Overflow"; content: "SID: 5892 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105892; sid: 6105892; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IP Phone Remote Denial of Service"; content: "SID: 5893 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105893; sid: 6105893; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Storm Worm"; content: "SID: 5894 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105894; sid: 6105894; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Agent HTTP Code Execution"; content: "SID: 5898 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105898; sid: 6105898; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MSN Messenger Webcam Buffer Overflow"; content: "SID: 5899 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105899; sid: 6105899; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AIM Message HTML Injection"; content: "SID: 5902 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105902; sid: 6105902; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS SharePoint XSS"; content: "SID: 5903 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105903; sid: 6105903; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Address Bar Spoof"; content: "SID: 5905 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105905; sid: 6105905; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Malformed Word Document Code Execution"; content: "SID: 5906 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105906; sid: 6105906; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NNTP Overflow"; content: "SID: 5908 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105908; sid: 6105908; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Browser Address Bar Spoofing Attack"; content: "SID: 5909 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105909; sid: 6105909; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM Centralized TFTP File Locator Service Buffer Overflow"; content: "SID: 5910 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105910; sid: 6105910; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM SIP INVITE UDP Denial of Service"; content: "SID: 5912 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105912; sid: 6105912; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PIX/ASA/FWSM MGCP DoS"; content: "SID: 5913 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105913; sid: 6105913; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft FoxPro ActiveX Vulnerability"; content: "SID: 5915 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105915; sid: 6105915; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] URL Handler Vulnerability"; content: "SID: 5916 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105916; sid: 6105916; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AskJeeves Toolbar ActiveX Buffer Overflow"; content: "SID: 5918 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105918; sid: 6105918; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Kodak Image Viewer Overflow"; content: "SID: 5919 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105919; sid: 6105919; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime VRPanoSampleAtom Heap Overflow"; content: "SID: 5920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105920; sid: 6105920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime Color Table Overflow"; content: "SID: 5921 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105921; sid: 6105921; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BEA WebLogic Admin Console Cross Site Scripting"; content: "SID: 5922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105922; sid: 6105922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer FTP Client Directory Traversal issue"; content: "SID: 5923 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105923; sid: 6105923; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Browsers JavaScript Argument Passing Code Execution Vulnerability"; content: "SID: 5924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105924; sid: 6105924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer HTML Object Memory Corruption"; content: "SID: 5925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105925; sid: 6105925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle ctxsys.driload Access Violation Vulnerability"; content: "SID: 5926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105926; sid: 6105926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise WebAccess Overflow"; content: "SID: 5927 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105927; sid: 6105927; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CSA for Windows System Driver Remote Buffer Overflow Vulnerability"; content: "SID: 5928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105928; sid: 6105928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee VirusScan File Name Overflow"; content: "SID: 5929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105929; sid: 6105929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic SQL Injection"; content: "SID: 5930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105930; sid: 6105930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Google Ratproxy"; content: "SID: 5931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105931; sid: 6105931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database DBMS_Scheduler Privilege Escalation"; content: "SID: 5933 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105933; sid: 6105933; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp MP4 Memory Corruption"; content: "SID: 5934 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105934; sid: 6105934; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime FlipFileTypeAtom_BtoN Underflow"; content: "SID: 5935 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105935; sid: 6105935; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime MOV Heap Overflow"; content: "SID: 5936 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105936; sid: 6105936; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection"; content: "SID: 5937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105937; sid: 6105937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database sys.pbsde.init Procedure Buffer Overflow"; content: "SID: 5938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105938; sid: 6105938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Text Box Memory Curruption"; content: "SID: 5939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105939; sid: 6105939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Objects Memory Corruption Vulnerability"; content: "SID: 5940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105940; sid: 6105940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows CSRSS Message Box Memory Corruption"; content: "SID: 5941 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105941; sid: 6105941; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo Messenger AudioConf ActiveX Overflow"; content: "SID: 5942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105942; sid: 6105942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SQL Query Directory Traversal"; content: "SID: 5943 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105943; sid: 6105943; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eTrust IDS Encryption Key DoS"; content: "SID: 5944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105944; sid: 6105944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS IE Cross Frame Scripting Restriction Bypass"; content: "SID: 5945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105945; sid: 6105945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ingres Database uuid_from_char() Stack Overflow"; content: "SID: 5948 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105948; sid: 6105948; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple HP Web Jetadmin Vulnerabilities"; content: "SID: 5949 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105949; sid: 6105949; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed String Code Execution"; content: "SID: 5950 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105950; sid: 6105950; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BrightStor ARCserve Backup MSRPC Memory Corruption"; content: "SID: 5951 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105951; sid: 6105951; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPerfect Importer/Exporter Heap Overflow"; content: "SID: 5952 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105952; sid: 6105952; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Directory Traversal"; content: "SID: 5953 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105953; sid: 6105953; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ePolicy Orchestrator SiteManager ActiveX Buffer Overflow"; content: "SID: 5954 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105954; sid: 6105954; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime udta Buffer Overflow"; content: "SID: 5955 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105955; sid: 6105955; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Vendor SOAP DoS"; content: "SID: 5956 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105956; sid: 6105956; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime Heap Corruption"; content: "SID: 5957 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105957; sid: 6105957; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix ICA Client ActiveX Control Buffer Overflow Vulnerability"; content: "SID: 5959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105959; sid: 6105959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Regular Expressions Heap Corruption"; content: "SID: 5960 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105960; sid: 6105960; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server MD2 package SDO_CODE_SIZE procedure Buffer Overflow"; content: "SID: 5961 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105961; sid: 6105961; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kerberos V5 Principal Name Buffer Overflow"; content: "SID: 5963 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105963; sid: 6105963; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup Server bpcd Long Request Buffer Overflow"; content: "SID: 5966 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105966; sid: 6105966; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup CONNECT_OPTIONS Request Buffer Overflow"; content: "SID: 5967 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105967; sid: 6105967; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE daxctle.ocx KeyFrame Memory Curruption"; content: "SID: 5971 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105971; sid: 6105971; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime Movie Buffer Overflow"; content: "SID: 5972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105972; sid: 6105972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Publisher Font Overflow"; content: "SID: 5973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105973; sid: 6105973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SDO_CS.TRANSFORM_LAYER Buffer Overflow"; content: "SID: 5974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105974; sid: 6105974; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Media Player ASX Playlist Parsing Buffer Overflow"; content: "SID: 5975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105975; sid: 6105975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Avast! Remote LHA Buffer Overflow"; content: "SID: 5976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105976; sid: 6105976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DB2 Handshake DoS"; content: "SID: 5977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105977; sid: 6105977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable SMTP Service SPF Lookup Buffer Overflow"; content: "SID: 5978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105978; sid: 6105978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer COM Object Instantiation Memory Corruption"; content: "SID: 5979 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105979; sid: 6105979; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Speech API Buffer Overflow"; content: "SID: 5980 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105980; sid: 6105980; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic for Applications SDK Overflow"; content: "SID: 5982 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105982; sid: 6105982; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer VML Buffer Overrun"; content: "SID: 5983 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105983; sid: 6105983; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Code Execution"; content: "SID: 5984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105984; sid: 6105984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Quicktime RTSP Content-Type Excessive Length"; content: "SID: 5985 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105985; sid: 6105985; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI GIF Parsing Vulnerability"; content: "SID: 5986 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105986; sid: 6105986; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Products SVG layout vulnerability"; content: "SID: 5987 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105987; sid: 6105987; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MaxDB WebDBM Buffer Overflow"; content: "SID: 5991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105991; sid: 6105991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE COM Object Instantiation Memory Corruption"; content: "SID: 5993 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105993; sid: 6105993; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ImageMagick SGI Buffer Overflow"; content: "SID: 5994 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105994; sid: 6105994; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eGatherer RunEgatherer Buffer Overflow"; content: "SID: 5997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105997; sid: 6105997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SYS.KUPW-WORKER Package MAIN Procedure SQL Injection Attempt"; content: "SID: 5998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6105998; sid: 6105998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Server Reports Command Execution"; content: "SID: 6000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106000; sid: 6106000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMP Community String Private"; content: "SID: 6003 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106003; sid: 6106003; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS HTTP Server Iframe Command Injection"; content: "SID: 6004 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106004; sid: 6106004; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Unencrypted SSL Traffic"; content: "SID: 6005 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106005; sid: 6106005; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Management Console Cross-Site Scripting"; content: "SID: 6007 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106007; sid: 6106007; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] First 4 Internet XCP Uninstallation ActiveX Control"; content: "SID: 6008 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106008; sid: 6106008; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SYN Flood DOS"; content: "SID: 6009 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106009; sid: 6106009; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer FTP Command Injection"; content: "SID: 6011 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106011; sid: 6106011; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EIQ License Buffer Overflow"; content: "SID: 6012 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106012; sid: 6106012; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IRCBOT_JK DNS Lookup"; content: "SID: 6013 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106013; sid: 6106013; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Player Improper Memory Access"; content: "SID: 6014 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106014; sid: 6106014; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash ActionDefineFunction Improper Memory Access"; content: "SID: 6015 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106015; sid: 6106015; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIM BlackBerry Enterprise Router DoS"; content: "SID: 6016 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106016; sid: 6106016; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow SAMI Parsing Remote Code Execution"; content: "SID: 6017 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106017; sid: 6106017; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] QuickTime PictureViewer Buffer Overflow"; content: "SID: 6020 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106020; sid: 6106020; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebSphere J_Username Buffer Overflow"; content: "SID: 6022 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106022; sid: 6106022; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE JavaScript window() DoS"; content: "SID: 6023 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106023; sid: 6106023; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Information Disclosure"; content: "SID: 6024 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106024; sid: 6106024; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Jet DB Engine Buffer Overflow"; content: "SID: 6025 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106025; sid: 6106025; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid Gopher Protocol Handling Buffer Overflow"; content: "SID: 6026 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106026; sid: 6106026; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Word Malformed Object Tag"; content: "SID: 6027 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106027; sid: 6106027; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Message Queuing Service Code Execution"; content: "SID: 6030 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106030; sid: 6106030; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mcafee FreeScan Information Disclosure"; content: "SID: 6031 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106031; sid: 6106031; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DOMNodeRemoved Mutation Memory Corruption"; content: "SID: 6039 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106039; sid: 6106039; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Scan Engine Authentication Bypass"; content: "SID: 6040 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106040; sid: 6106040; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox CSS Letter-Spacing Heap Overflow"; content: "SID: 6041 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106041; sid: 6106041; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MHTTP Response Splitting"; content: "SID: 6045 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106045; sid: 6106045; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] InterNetNews NULL Path Denial of Service"; content: "SID: 6046 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106046; sid: 6106046; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TrendMicro InterScan Viruswall Directory Traversal"; content: "SID: 6047 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106047; sid: 6106047; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server SQL SYS.KUPV Injection"; content: "SID: 6048 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106048; sid: 6106048; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server Login Access Control Bypass Exploit"; content: "SID: 6049 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106049; sid: 6106049; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS HINFO Request"; content: "SID: 6050 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106050; sid: 6106050; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Zone Transfer"; content: "SID: 6051 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106051; sid: 6106051; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Zone Transfer from High Port"; content: "SID: 6052 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106052; sid: 6106052; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Request for All Records"; content: "SID: 6053 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106053; sid: 6106053; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Version Request"; content: "SID: 6054 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106054; sid: 6106054; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Inverse Query Buffer Overflow"; content: "SID: 6055 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106055; sid: 6106055; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS NXT Buffer Overflow"; content: "SID: 6056 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106056; sid: 6106056; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS SIG Buffer Overflow"; content: "SID: 6057 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106057; sid: 6106057; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS SRV DoS"; content: "SID: 6058 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106058; sid: 6106058; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS TSIG Overflow"; content: "SID: 6059 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106059; sid: 6106059; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Complain Overflow"; content: "SID: 6060 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106060; sid: 6106060; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Infoleak"; content: "SID: 6061 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106061; sid: 6106061; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Authors Request"; content: "SID: 6062 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106062; sid: 6106062; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Incremental Zone Transfer"; content: "SID: 6063 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106063; sid: 6106063; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BIND Large OPT Record DoS"; content: "SID: 6064 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106064; sid: 6106064; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Query Name Loop DoS"; content: "SID: 6065 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106065; sid: 6106065; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS Tunneling"; content: "SID: 6066 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106066; sid: 6106066; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DNS TSIG Bugtraq Overflow"; content: "SID: 6067 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106067; sid: 6106067; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Wireless Control System Administrative Default Password"; content: "SID: 6068 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106068; sid: 6106068; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Format Remote Code Execution"; content: "SID: 6069 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106069; sid: 6106069; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Media Format Remote Code Execution"; content: "SID: 6070 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106070; sid: 6106070; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow"; content: "SID: 6071 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106071; sid: 6106071; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic VBP Buffer Overflow"; content: "SID: 6072 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106072; sid: 6106072; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio Crystal Reports RPT File Code Execution"; content: "SID: 6073 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106073; sid: 6106073; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectX RLE Compressed TGA Overflow"; content: "SID: 6074 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106074; sid: 6106074; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla SOAPParameter Integer Overflow"; content: "SID: 6075 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106075; sid: 6106075; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC BIND DNS resolver buffer overflow"; content: "SID: 6076 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106076; sid: 6106076; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Malformed GIF File"; content: "SID: 6077 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106077; sid: 6106077; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access XSS"; content: "SID: 6078 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106078; sid: 6106078; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ACDSee Products XPM Vulnerability"; content: "SID: 6079 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106079; sid: 6106079; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Products PNG Parsing"; content: "SID: 6080 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106080; sid: 6106080; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel BIFF Parsing"; content: "SID: 6081 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106081; sid: 6106081; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Column Record Handling"; content: "SID: 6082 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106082; sid: 6106082; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel SetFont"; content: "SID: 6083 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106083; sid: 6106083; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE 7 HTML Object Memory Corruption"; content: "SID: 6084 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106084; sid: 6106084; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Table Column Record Handling"; content: "SID: 6085 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106085; sid: 6106085; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Graphics Rendering Engine Buffer Overflow"; content: "SID: 6086 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106086; sid: 6106086; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec ISAKMP DoS"; content: "SID: 6087 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106087; sid: 6106087; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Compressed Folders Buffer Overflow"; content: "SID: 6088 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106088; sid: 6106088; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PHP memory_limit Vulnerability"; content: "SID: 6089 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106089; sid: 6106089; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Libpng Chunk Length Buffer Overflow"; content: "SID: 6090 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106090; sid: 6106090; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Acrobat Reader File Extension Buffer Overflow"; content: "SID: 6091 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106091; sid: 6106091; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Qt BMP Buffer Overflow"; content: "SID: 6092 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106092; sid: 6106092; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft Winamp M3U Remote Buffer Overflow"; content: "SID: 6094 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106094; sid: 6106094; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache apr-util IPv6 URI Parsing Vulnerability"; content: "SID: 6095 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106095; sid: 6106095; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Registration"; content: "SID: 6100 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106100; sid: 6106100; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Unregistration"; content: "SID: 6101 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106101; sid: 6106101; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Dump"; content: "SID: 6102 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106102; sid: 6106102; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Proxied RPC Request"; content: "SID: 6103 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106103; sid: 6106103; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port Reg Spoof"; content: "SID: 6104 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106104; sid: 6106104; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC Port UnReg Spoof"; content: "SID: 6105 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106105; sid: 6106105; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS EAP-TLS Authentication Bypass"; content: "SID: 6106 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106106; sid: 6106106; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVS File Existence Information Disclosure"; content: "SID: 6107 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106107; sid: 6106107; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeRADIUS Denial of Service"; content: "SID: 6108 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106108; sid: 6106108; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RSTATD Sweep"; content: "SID: 6110 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106110; sid: 6106110; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RUSESRD Sweep"; content: "SID: 6111 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106111; sid: 6106111; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC NFS Sweep"; content: "SID: 6112 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106112; sid: 6106112; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC MOUNTD Sweep"; content: "SID: 6113 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106113; sid: 6106113; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC YPASSWDD Sweep"; content: "SID: 6114 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106114; sid: 6106114; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC SELECTION SVC Sweep"; content: "SID: 6115 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106115; sid: 6106115; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC REXD Sweep"; content: "SID: 6116 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106116; sid: 6106116; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC STATUS Sweep"; content: "SID: 6117 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106117; sid: 6106117; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC TTDB Sweep"; content: "SID: 6118 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106118; sid: 6106118; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Authentication Vulnerability"; content: "SID: 6119 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106119; sid: 6106119; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RSTATD Request"; content: "SID: 6120 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106120; sid: 6106120; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC RUSESRD Request"; content: "SID: 6121 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106121; sid: 6106121; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC NFS Request"; content: "SID: 6122 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106122; sid: 6106122; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC MOUNTD Request"; content: "SID: 6123 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106123; sid: 6106123; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC YPASSWDD Request"; content: "SID: 6124 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106124; sid: 6106124; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC SELECTION SVC Request"; content: "SID: 6125 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106125; sid: 6106125; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC REXD Request"; content: "SID: 6126 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106126; sid: 6106126; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC STATUS Request"; content: "SID: 6127 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106127; sid: 6106127; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC TTDB Request"; content: "SID: 6128 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106128; sid: 6106128; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Message Queuing Overflow"; content: "SID: 6130 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106130; sid: 6106130; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Plug and Play Overflow"; content: "SID: 6131 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106131; sid: 6106131; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mod SSL- Mod Proxy Hook Format String"; content: "SID: 6132 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106132; sid: 6106132; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Cell Length Buffer Overflow CVE-2004-0846"; content: "SID: 6133 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106133; sid: 6106133; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ASP.NET Canonicalization"; content: "SID: 6134 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106134; sid: 6106134; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Solaris in.rwhod Buffer Overflow"; content: "SID: 6135 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106135; sid: 6106135; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wordpad Default Font Overflow"; content: "SID: 6137 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106137; sid: 6106137; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-ASCII Hostname"; content: "SID: 6138 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106138; sid: 6106138; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malicious BMP File"; content: "SID: 6139 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106139; sid: 6106139; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid ASN.1 Header Parsing Denial of Service"; content: "SID: 6140 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106140; sid: 6106140; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia JRun 4.x Server File Disclosure"; content: "SID: 6141 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106141; sid: 6106141; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache HTTP Server Mod_Cache Module DoS"; content: "SID: 6142 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106142; sid: 6106142; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Borland Interbase Database Service Create-Request Buffer Overflow"; content: "SID: 6143 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106143; sid: 6106143; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] X.Org X Font Server Buffer Overflow"; content: "SID: 6144 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106144; sid: 6106144; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect TMregChange Buffer Overflow"; content: "SID: 6145 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106145; sid: 6106145; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid WCCP Message Receive Buffer Overflow"; content: "SID: 6146 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106146; sid: 6106146; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer RealMedia Security Bypass"; content: "SID: 6147 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106147; sid: 6106147; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL_get_shared_ciphers Off-by-one"; content: "SID: 6148 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106148; sid: 6106148; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Arbitrary Library Injection"; content: "SID: 6149 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106149; sid: 6106149; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypserv Portmap Request"; content: "SID: 6150 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106150; sid: 6106150; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypbind Portmap Request"; content: "SID: 6151 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106151; sid: 6106151; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] yppasswdd Portmap Request"; content: "SID: 6152 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106152; sid: 6106152; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypupdated Portmap Request"; content: "SID: 6153 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106153; sid: 6106153; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ypxfrd Portmap Request"; content: "SID: 6154 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106154; sid: 6106154; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mountd Portmap Request"; content: "SID: 6155 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106155; sid: 6106155; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos kadmind RPC Library Unix Authentication"; content: "SID: 6156 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106156; sid: 6106156; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos Kadmind Remote Code Injection"; content: "SID: 6157 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106157; sid: 6106157; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MIT Kerberos Kadmind Rename Buffer Overflow"; content: "SID: 6158 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106158; sid: 6106158; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Active Directory Crafted LDAP Request DoS"; content: "SID: 6159 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106159; sid: 6106159; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Active Directory Crafted LDAP Buffer Overflow"; content: "SID: 6160 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106160; sid: 6106160; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ingres Database Communications Server Component Buffer Overflow"; content: "SID: 6161 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106161; sid: 6106161; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ipswitch IMail Server Date String Overflow"; content: "SID: 6162 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106162; sid: 6106162; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Document Parsing Buffer Overflow"; content: "SID: 6164 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106164; sid: 6106164; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] nfs-utils TCP Connection Termination Denial of Service"; content: "SID: 6165 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106165; sid: 6106165; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory HTTP Server Redirection Buffer Overflow"; content: "SID: 6166 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106166; sid: 6106166; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates Products Message Engine RPC Server Buffer Overflow"; content: "SID: 6168 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106168; sid: 6106168; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] mod_tcl Module Format String Vulnerability"; content: "SID: 6169 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106169; sid: 6106169; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory evtFilteredMonitorEventsRequest Function Overflow"; content: "SID: 6170 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106170; sid: 6106170; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Info Center HPInfoDLL.dll ActiveX Control Remote Code Execution"; content: "SID: 6171 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106171; sid: 6106171; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell eDirectory evtFilteredMonitorEventsRequest Function"; content: "SID: 6172 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106172; sid: 6106172; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Empty DNS Query"; content: "SID: 6173 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $DNS_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106173; sid: 6106173; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenLDAP Server BIND Request Denial of Service"; content: "SID: 6174 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106174; sid: 6106174; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rexd Portmap Request"; content: "SID: 6175 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106175; sid: 6106175; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed SIP Invite Packet"; content: "SID: 6177 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106177; sid: 6106177; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Message DoS"; content: "SID: 6178 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106178; sid: 6106178; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed MGCP Packet"; content: "SID: 6179 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106179; sid: 6106179; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rexd Attempt"; content: "SID: 6180 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106180; sid: 6106180; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP DoS"; content: "SID: 6181 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106181; sid: 6106181; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Large SIP Message"; content: "SID: 6184 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106184; sid: 6106184; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RIS Data Collector Heap Overflow"; content: "SID: 6186 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106186; sid: 6106186; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CallManager TCP Connection DoS"; content: "SID: 6187 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106187; sid: 6106187; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd dot dot"; content: "SID: 6188 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106188; sid: 6106188; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd automount attack"; content: "SID: 6189 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106189; sid: 6106189; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] statd Buffer Overflow"; content: "SID: 6190 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106190; sid: 6106190; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC.tooltalk Buffer Overflow"; content: "SID: 6191 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106191; sid: 6106191; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC mountd Buffer Overflow"; content: "SID: 6192 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106192; sid: 6106192; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RPC CMSD Buffer Overflow"; content: "SID: 6193 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106193; sid: 6106193; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sadmind Buffer Overflow"; content: "SID: 6194 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106194; sid: 6106194; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sadmind RPC Buffer Overflow"; content: "SID: 6195 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106195; sid: 6106195; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] snmpXdmid Buffer Overflow"; content: "SID: 6196 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106196; sid: 6106196; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] rpc yppaswdd overflow"; content: "SID: 6197 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106197; sid: 6106197; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long rwalld Message"; content: "SID: 6198 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106198; sid: 6106198; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cachefsd Overflow"; content: "SID: 6199 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106199; sid: 6106199; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ident Buffer Overflow"; content: "SID: 6200 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106200; sid: 6106200; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Ident Newline"; content: "SID: 6201 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106201; sid: 6106201; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] sadmind directory traversal command exec"; content: "SID: 6203 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106203; sid: 6106203; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IIS Source Code Disclosure"; content: "SID: 6204 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106204; sid: 6106204; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Vmd Buffer Overflow"; content: "SID: 6205 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106205; sid: 6106205; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WorldMail IMAP Directory Traversal"; content: "SID: 6206 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106206; sid: 6106206; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FreeBSD nfsd Request Denial of Service"; content: "SID: 6207 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106207; sid: 6106207; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Volume Manager Buffer Overflow"; content: "SID: 6208 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106208; sid: 6106208; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] NetBackup Vnetd Buffer Overflow"; content: "SID: 6209 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106209; sid: 6106209; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LPR Format String Overflow"; content: "SID: 6210 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106210; sid: 6106210; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LPD NoOp Sled"; content: "SID: 6211 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106211; sid: 6106211; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Tag Memory Corruption"; content: "SID: 6212 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106212; sid: 6106212; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Firefox JavaScript Focus Buffer Overflow"; content: "SID: 6213 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106213; sid: 6106213; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LibTIFF TIFFFetchData Integer Overflow"; content: "SID: 6214 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106214; sid: 6106214; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell Print Services Integer Overflow"; content: "SID: 6215 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106215; sid: 6106215; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] EMC Retrospect Client Buffer Overflow"; content: "SID: 6216 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106216; sid: 6106216; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] eDirectory iMonitor NDS Server Buffer Overflow"; content: "SID: 6217 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106217; sid: 6106217; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MediaWiki Script Insertion"; content: "SID: 6218 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106218; sid: 6106218; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CommuniGate Pro LDAP Server Buffer Overflow"; content: "SID: 6219 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106219; sid: 6106219; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Retrospect Backup Agent Denial of Service"; content: "SID: 6220 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106220; sid: 6106220; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Director Agent DoS"; content: "SID: 6221 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106221; sid: 6106221; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView Client Configuration Manager Radia Notify Daemon Code Execution"; content: "SID: 6222 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106222; sid: 6106222; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix MetaFrame IMA Authentication Processing Buffer Overflow"; content: "SID: 6223 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106223; sid: 6106223; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows IGMP Overflow"; content: "SID: 6224 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106224; sid: 6106224; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] KAME IKE raccoon HASH"; content: "SID: 6225 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106225; sid: 6106225; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trojan.Srizbi Bot"; content: "SID: 6226 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106226; sid: 6106226; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Basic Charts Control Memory Corruption"; content: "SID: 6227 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106227; sid: 6106227; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mac OSX Software Update Remote Code Execution"; content: "SID: 6228 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106228; sid: 6106228; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS SQL Server sqldmo.dll Overflow"; content: "SID: 6229 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106229; sid: 6106229; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] F-Secure Products Web Console Buffer Overflow"; content: "SID: 6230 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106230; sid: 6106230; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Presentation Server IMA"; content: "SID: 6231 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106231; sid: 6106231; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Distributed Transaction Coordinator Overflow"; content: "SID: 6232 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106232; sid: 6106232; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates BrightStor ARCserve Backup Tape Engine Service"; content: "SID: 6233 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106233; sid: 6106233; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VideoLAN VLC Subtitle Overflow"; content: "SID: 6234 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106234; sid: 6106234; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Quicktime SMIL Overflow"; content: "SID: 6235 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106235; sid: 6106235; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] AMI Pro File Buffer Overflow"; content: "SID: 6236 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106236; sid: 6106236; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MailEnable IMAP Service Login Overflow"; content: "SID: 6237 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106237; sid: 6106237; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GNU RADIUS SQL Accounting Format String Vulnerability"; content: "SID: 6238 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106238; sid: 6106238; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime RTSP Long URL"; content: "SID: 6239 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106239; sid: 6106239; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP LOGIN Negative Value"; content: "SID: 6240 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106240; sid: 6106240; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro ServerProtect eng50.dll Stack Overflow"; content: "SID: 6242 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106242; sid: 6106242; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun JRE Abstract Windowing Toolkit Module Memory Corruption"; content: "SID: 6243 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106243; sid: 6106243; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows SNMP Service Memory Corruption"; content: "SID: 6244 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106244; sid: 6106244; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Storage Manager Initial Sign-on Request Buffer Overflow"; content: "SID: 6245 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106245; sid: 6106245; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Gateway Weblaunch Activex Control"; content: "SID: 6246 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106246; sid: 6106246; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Microsystems Java GIF File Handling Memory Corruption"; content: "SID: 6247 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106247; sid: 6106247; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Mercury Loadrunner Agent Command Processing Buffer Overflow"; content: "SID: 6248 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106248; sid: 6106248; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio 6 ActiveX Exploit"; content: "SID: 6249 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106249; sid: 6106249; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] FTP Authorization Failure"; content: "SID: 6250 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106250; sid: 6106250; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Telnet Authorization Failure"; content: "SID: 6251 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $TELNET_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106251; sid: 6106251; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rlogin Authorization Failure"; content: "SID: 6252 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106252; sid: 6106252; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] POP3 Authorization Failure"; content: "SID: 6253 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106253; sid: 6106253; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SMB Authorization Failure"; content: "SID: 6255 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106255; sid: 6106255; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTTP Authorization Failure"; content: "SID: 6256 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106256; sid: 6106256; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DHCP Client DoS"; content: "SID: 6257 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106257; sid: 6106257; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE HTML Rendering Memory Corruption"; content: "SID: 6258 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106258; sid: 6106258; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Linux Printing And Imaging hpssd Command Injection"; content: "SID: 6259 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106259; sid: 6106259; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VERITAS Storage Foundation Administrator Buffer Overflow"; content: "SID: 6260 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106260; sid: 6106260; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ISC DHCP Remote DoS"; content: "SID: 6261 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106261; sid: 6106261; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure Access Control Server CGI Buffer Overflow"; content: "SID: 6262 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106262; sid: 6106262; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] XSS in Cisco ACS Server"; content: "SID: 6263 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106263; sid: 6106263; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed Header"; content: "SID: 6264 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106264; sid: 6106264; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Jet Database Engine Buffer Overflow"; content: "SID: 6265 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106265; sid: 6106265; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Excel Malformed Header"; content: "SID: 6266 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106266; sid: 6106266; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP Long FETCH Command"; content: "SID: 6267 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106267; sid: 6106267; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Network Node Manager Buffer Overflow"; content: "SID: 6268 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106268; sid: 6106268; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP Openview Operations Buffer Overflow"; content: "SID: 6269 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106269; sid: 6106269; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView Network Node Manager Integer Overflow"; content: "SID: 6270 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106270; sid: 6106270; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VMWare ActiveX Arbitrary File Access"; content: "SID: 6271 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106271; sid: 6106271; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iPrint Client ActiveX Buffer Overflow"; content: "SID: 6272 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106272; sid: 6106272; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works ActiveX WkImgSrv.dll Insecure Function"; content: "SID: 6273 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106273; sid: 6106273; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee ePolicy Orchestrator Format String"; content: "SID: 6274 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106274; sid: 6106274; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SGI fam Attempt"; content: "SID: 6275 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106275; sid: 6106275; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TooltalkDB overflow"; content: "SID: 6276 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106276; sid: 6106276; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Show Mount Recon"; content: "SID: 6277 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106277; sid: 6106277; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Web Components DataSource Vulnerability"; content: "SID: 6278 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106278; sid: 6106278; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Presentation Server Client ActiveX Overflow"; content: "SID: 6279 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106279; sid: 6106279; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Messenger Information Disclosure Vulnerability"; content: "SID: 6280 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106280; sid: 6106280; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed EPS Filter Vulnerability"; content: "SID: 6281 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106281; sid: 6106281; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed PICT Filter Vulnerability"; content: "SID: 6282 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106282; sid: 6106282; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BMP Filter Vulnerability"; content: "SID: 6283 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106283; sid: 6106283; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Openwsman HTTP Basic Authentication Buffer Overflow"; content: "SID: 6284 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106284; sid: 6106284; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] LANDesk Intel QIP Service Heal Packet Buffer Overflow"; content: "SID: 6295 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106295; sid: 6106295; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow"; content: "SID: 6296 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106296; sid: 6106296; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Import Method Buffer Overflow"; content: "SID: 6297 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106297; sid: 6106297; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Creative Software AutoUpdate Engine ActiveX Stack-Overflow"; content: "SID: 6298 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106298; sid: 6106298; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Namo ActiveSquare6 ActiveX Vulnerability"; content: "SID: 6299 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106299; sid: 6106299; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Loki ICMP Tunneling"; content: "SID: 6300 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106300; sid: 6106300; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] General Loki ICMP Tunneling"; content: "SID: 6302 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106302; sid: 6106302; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PingTunnel ICMP Tunneling"; content: "SID: 6303 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106303; sid: 6106303; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS-SQL Query Abuse"; content: "SID: 6350 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106350; sid: 6106350; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba SPOOLSS Notify Options Heap overflow"; content: "SID: 6402 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106402; sid: 6106402; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Uninitialized Memory Corruption"; content: "SID: 6403 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106403; sid: 6106403; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow WAV Parsing Remote Code Execution"; content: "SID: 6406 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106406; sid: 6106406; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE DHTML Memory Corruption"; content: "SID: 6408 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106408; sid: 6106408; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Invalid Object Memory Corruption"; content: "SID: 6409 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106409; sid: 6106409; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Unsafe Memory Operation"; content: "SID: 6410 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106410; sid: 6106410; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed BGP Message"; content: "SID: 6412 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106412; sid: 6106412; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] McAfee Subscription Manager ActiveX Stack Buffer Overflow"; content: "SID: 6413 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106413; sid: 6106413; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ClamAV UPX File Handling Heap Overflow"; content: "SID: 6414 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106414; sid: 6106414; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Help HLP File Processing Memory Corruption"; content: "SID: 6416 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106416; sid: 6106416; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] JavaScript Navigator Object Memory Corruption"; content: "SID: 6417 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106417; sid: 6106417; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache HTTP Server mod_rewrite Module LDAP Scheme Handling Buffer Overflow"; content: "SID: 6418 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106418; sid: 6106418; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Database dbms_assert Filter Bypass Vulnerability"; content: "SID: 6419 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106419; sid: 6106419; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Malformed GIF File Processing Code Execution"; content: "SID: 6420 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106420; sid: 6106420; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Malformed SELECTION Record Code Execution"; content: "SID: 6421 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106421; sid: 6106421; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft ASP.NET Application Folder Information Disclosure"; content: "SID: 6422 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106422; sid: 6106422; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft XML Core Services Integer Overflow"; content: "SID: 6423 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106423; sid: 6106423; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint PPT File Parsing Memory Corruption"; content: "SID: 6424 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106424; sid: 6106424; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Malformed OBJECT Record Code Execution"; content: "SID: 6425 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106425; sid: 6106425; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word mso.dll LsCreateLine Memory Corruption"; content: "SID: 6426 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106426; sid: 6106426; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] zlib Denial of Service"; content: "SID: 6427 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106427; sid: 6106427; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CSS Memory Corruption"; content: "SID: 6430 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106430; sid: 6106430; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Web Cache Heap Overflow"; content: "SID: 6431 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106431; sid: 6106431; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Subversion svn Protocol String Parsing Vulnerability"; content: "SID: 6432 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106432; sid: 6106432; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Norton Internet Security NBNS Stack Overflow"; content: "SID: 6433 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106433; sid: 6106433; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Citrix Program Neighborhood Agent Buffer Overflow"; content: "SID: 6436 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106436; sid: 6106436; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealNetworks RealPlayer Compressed Skin Buffer Overflow"; content: "SID: 6437 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106437; sid: 6106437; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMail IMAP Fetch Buffer Overflow"; content: "SID: 6443 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106443; sid: 6106443; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] iGateway Content-Length Buffer Overflow"; content: "SID: 6444 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106444; sid: 6106444; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SUSE Remote Manager Heap Overflow"; content: "SID: 6445 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106445; sid: 6106445; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Acrobat Reader eBook plug-in Format String Vulnerability"; content: "SID: 6446 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106446; sid: 6106446; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apache Tomcat Mod_jk Stack Overflow"; content: "SID: 6449 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106449; sid: 6106449; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] pcAnywhere Buffer Overflow"; content: "SID: 6450 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106450; sid: 6106450; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MediaWiki Language Option PHP Code Execution"; content: "SID: 6451 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106451; sid: 6106451; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Winhlp32 Compressed Phrase Buffer Overflow"; content: "SID: 6454 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106454; sid: 6106454; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Flash Media Server DoS"; content: "SID: 6456 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106456; sid: 6106456; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lotus Notes URI Handler Argument Injection"; content: "SID: 6457 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106457; sid: 6106457; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Media Player File Information Disclosure"; content: "SID: 6458 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106458; sid: 6106458; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Winhlp32 Compressed Phrase Integer Overflow"; content: "SID: 6459 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106459; sid: 6106459; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer CDF Cross Domain Scripting"; content: "SID: 6462 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106462; sid: 6106462; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Squid WCCP Message Parsing Denial of Service"; content: "SID: 6466 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106466; sid: 6106466; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla Firefox Click Event Classification Vulnerability"; content: "SID: 6467 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106467; sid: 6106467; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Vendor AV Gateway Virus Detection Bypass"; content: "SID: 6468 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106468; sid: 6106468; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple Web Browsers Window Injection."; content: "SID: 6477 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106477; sid: 6106477; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell iManager Tomcat HTTP POST Request Handling Denial of Service"; content: "SID: 6486 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106486; sid: 6106486; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TikiWiki jhot.php Script File Upload Security Bypass"; content: "SID: 6487 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106487; sid: 6106487; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup Command Chaining"; content: "SID: 6488 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106488; sid: 6106488; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow"; content: "SID: 6489 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106489; sid: 6106489; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Alt-N MDAEMON IMAP Server Heap Overflow"; content: "SID: 6491 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106491; sid: 6106491; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Graphics Rendering Engine Buffer Overflow Vulnerability"; content: "SID: 6493 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106493; sid: 6106493; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IMAP APPEND Date Buffer Overflow"; content: "SID: 6494 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106494; sid: 6106494; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer URL Spoofing Vulnerability Details"; content: "SID: 6496 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106496; sid: 6106496; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RingZero Trojan"; content: "SID: 6500 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106500; sid: 6106500; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tribe Flood Net Client Request"; content: "SID: 6501 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106501; sid: 6106501; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Tribe Flood Net Server Reply"; content: "SID: 6502 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106502; sid: 6106502; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Stacheldraht Client Request"; content: "SID: 6503 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106503; sid: 6106503; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Stacheldraht Server Reply"; content: "SID: 6504 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106504; sid: 6106504; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo Client Request"; content: "SID: 6505 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106505; sid: 6106505; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trinoo Server Reply"; content: "SID: 6506 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106506; sid: 6106506; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFN2K Control Traffic"; content: "SID: 6507 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106507; sid: 6106507; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mstream Control Traffic"; content: "SID: 6508 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106508; sid: 6106508; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft DXmedia SDK6 ActiveX Control"; content: "SID: 6509 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106509; sid: 6106509; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GOM Player ActiveX Control Buffer Overflow"; content: "SID: 6510 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106510; sid: 6106510; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macrovision FlexNet isusweb.dll DownloadAndExecute Method"; content: "SID: 6512 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106512; sid: 6106512; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macrovision FlexNet DownloadManager Insecure Methods"; content: "SID: 6513 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106513; sid: 6106513; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Invalid SIP Response Code"; content: "SID: 6515 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106515; sid: 6106515; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed Via Header"; content: "SID: 6517 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106517; sid: 6106517; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Long Header Field"; content: "SID: 6518 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106518; sid: 6106518; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Long SIP Message"; content: "SID: 6520 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106520; sid: 6106520; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Call Manager Overflow"; content: "SID: 6521 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106521; sid: 6106521; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Failed HTTP Login HTTP 401"; content: "SID: 6522 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106522; sid: 6106522; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Non-Printable in SIP Header"; content: "SID: 6523 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106523; sid: 6106523; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution"; content: "SID: 6524 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106524; sid: 6106524; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Lighttpd FastCGI Header Overrun"; content: "SID: 6526 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106526; sid: 6106526; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Publisher Invalid Memory Reference RCE"; content: "SID: 6527 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106527; sid: 6106527; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server 10G EmChartBeam Remote Directory Traversal"; content: "SID: 6528 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106528; sid: 6106528; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SynCE Command Injection"; content: "SID: 6530 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106530; sid: 6106530; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Perdition IMAP Proxy str_vwrite Format String"; content: "SID: 6532 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106532; sid: 6106532; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Computer Associates BrightStor ARCserve Backup Discovery Service"; content: "SID: 6533 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106533; sid: 6106533; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Backup Exec ActiveX Control"; content: "SID: 6534 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106534; sid: 6106534; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Facebook Photo Uploader ActiveX Control"; content: "SID: 6535 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106535; sid: 6106535; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Aurigma ImageUploader ActiveX Control"; content: "SID: 6536 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106536; sid: 6106536; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Kraken Botnet Traffic"; content: "SID: 6537 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106537; sid: 6106537; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Malware Protection Engine DoS"; content: "SID: 6539 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106539; sid: 6106539; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM Certificate Trust List Memory Consumption DOS"; content: "SID: 6540 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106540; sid: 6106540; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Project Malformed File Exploit"; content: "SID: 6541 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106541; sid: 6106541; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TFTPServer Error Overflow"; content: "SID: 6542 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106542; sid: 6106542; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CiscoWorks Common Services Arbitrary Code Injection"; content: "SID: 6543 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106543; sid: 6106543; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] ActiveX Object Memory Corruption Vulnerability"; content: "SID: 6544 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106544; sid: 6106544; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WINS Local Privilege Escalation"; content: "SID: 6545 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106545; sid: 6106545; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SNMPv3 Malformed Authentication Attempt"; content: "SID: 6546 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; default_dst_port: $SNMP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106546; sid: 6106546; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server 7 TDS Denial Of Service"; content: "SID: 6702 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106702; sid: 6106702; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Snort SACK TCP Option Handling Denial of Service Details"; content: "SID: 6703 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106703; sid: 6106703; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Address Bar Spoofing Vulnerability"; content: "SID: 6704 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106704; sid: 6106704; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Internet Explorer Drag And Drop Vulnerability"; content: "SID: 6705 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106705; sid: 6106705; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows Remote Desktop Protocol DoS"; content: "SID: 6707 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106707; sid: 6106707; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Macromedia Flash Player LoadMovie DoS"; content: "SID: 6710 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106710; sid: 6106710; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Image Download Spoofing"; content: "SID: 6711 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106711; sid: 6106711; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Script Engine Stack Exhaustion"; content: "SID: 6712 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106712; sid: 6106712; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Status Bar URL Spoofing"; content: "SID: 6717 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106717; sid: 6106717; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Multiple AV Vendor Invalid Archive Checksum"; content: "SID: 6718 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106718; sid: 6106718; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL COM_TABLE_DUMP Function Stack Overflow"; content: "SID: 6719 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106719; sid: 6106719; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MySQL Login Handshake Information Disclosure"; content: "SID: 6720 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106720; sid: 6106720; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenBSD ISAKMP Message Handling Denial Of Service"; content: "SID: 6721 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106721; sid: 6106721; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Oracle Application Server 10g emagent.exe Stack Buffer Overflow"; content: "SID: 6722 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106722; sid: 6106722; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Sun Directory Server LDAP Denial of Service Details"; content: "SID: 6723 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106723; sid: 6106723; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Nullsoft Winamp Midi File Header Handling Buffer Overflow"; content: "SID: 6727 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106727; sid: 6106727; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows GUID Folder Code Execution"; content: "SID: 6728 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106728; sid: 6106728; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IBM Tivoli Storage Manager Express Buffer Overflow"; content: "SID: 6730 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106730; sid: 6106730; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Username Buffer Overflow"; content: "SID: 6731 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106731; sid: 6106731; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Password Buffer Overflow"; content: "SID: 6732 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106732; sid: 6106732; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCServe Backup LGServer Arbitrary File Upload"; content: "SID: 6733 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106733; sid: 6106733; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA ARCserve Backup LGServer Multiple Buffer Overflows"; content: "SID: 6734 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106734; sid: 6106734; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer HHCtrl.ocx Image Property Heap Corruption"; content: "SID: 6735 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106735; sid: 6106735; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple QuickTime FLIC Animation File Buffer Overflow Details"; content: "SID: 6736 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106736; sid: 6106736; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenSSL SSL_get_shared_ciphers Function Buffer Overflow"; content: "SID: 6737 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106737; sid: 6106737; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell GroupWise Messenger HTTP POST Request Invalid Memory Access"; content: "SID: 6739 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106739; sid: 6106739; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Trend Micro OfficeScan Atxconsole ActiveX Control Format String"; content: "SID: 6740 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106740; sid: 6106740; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Discovery XFERWAN Buffer overflow"; content: "SID: 6741 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106741; sid: 6106741; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Malformed Record Code Execution"; content: "SID: 6742 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106742; sid: 6106742; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Novell ZENworks Asset Mangement Overflow"; content: "SID: 6743 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106743; sid: 6106743; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Mozilla FireFox DomNodeRemoved Memory Corruption"; content: "SID: 6744 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106744; sid: 6106744; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Remote Kernel TCPIP ICMP Vulnerability"; content: "SID: 6755 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106755; sid: 6106755; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Internet Explorer Page Update Race Condition"; content: "SID: 6757 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106757; sid: 6106757; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visio Version Number Code Execution Vulnerability"; content: "SID: 6758 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106758; sid: 6106758; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Apple Safari Regular Expression Overflow"; content: "SID: 6759 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106759; sid: 6106759; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Buffer overflow"; content: "SID: 6760 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106760; sid: 6106760; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unified Communications Manager CTL Provider Heap Overflow"; content: "SID: 6761 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106761; sid: 6106761; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco PIX and ASA Time-to-Live DoS"; content: "SID: 6764 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106764; sid: 6106764; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Application Velocity System Default Passwords"; content: "SID: 6765 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106765; sid: 6106765; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Security Zone Bypass and Address Spoofing"; content: "SID: 6766 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106766; sid: 6106766; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows RSH Daemon Stack Overflow"; content: "SID: 6767 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106767; sid: 6106767; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Samba WINS Remote Code Execution Vulnerability"; content: "SID: 6768 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106768; sid: 6106768; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Netware LSASS CIFS.NLM Driver Overflow"; content: "SID: 6769 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106769; sid: 6106769; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OpenOffice PRTDATA Heap Overflow"; content: "SID: 6770 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106770; sid: 6106770; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows WebDAV Mini Redirector"; content: "SID: 6771 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106771; sid: 6106771; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WordPerfect X3 Printer Selection Vulnerability"; content: "SID: 6773 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106773; sid: 6106773; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Works Converter Remote Code Execution"; content: "SID: 6775 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106775; sid: 6106775; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Converter Input Validation Remote Code Execution"; content: "SID: 6776 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106776; sid: 6106776; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows OLE Automation Remote Code Execution"; content: "SID: 6777 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106777; sid: 6106777; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Works Converter Index Table Vulnerability"; content: "SID: 6778 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106778; sid: 6106778; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Argument Handling Memory Corruption Vulnerability"; content: "SID: 6780 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106780; sid: 6106780; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP Proxy Response Overflow"; content: "SID: 6781 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106781; sid: 6106781; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SIP MIME Request Boundary Overflow"; content: "SID: 6782 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106782; sid: 6106782; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe PDF Code Execution"; content: "SID: 6784 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106784; sid: 6106784; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Visual Basic VBP File Processing Buffer Overflow"; content: "SID: 6785 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106785; sid: 6106785; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Memory Corruption Vulnerability"; content: "SID: 6786 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106786; sid: 6106786; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office Cell Parsing Memory Corruption Vulnerability"; content: "SID: 6787 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106787; sid: 6106787; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SonicWALL SSL VPN Client Remote ActiveX Vulnerability"; content: "SID: 6788 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106788; sid: 6106788; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Winamp Ultravox Stream Title Stack Overflow"; content: "SID: 6789 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106789; sid: 6106789; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Outlook Web Access Privilege Escalation"; content: "SID: 6790 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106790; sid: 6106790; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] SQL Memory Corruption Vulnerability"; content: "SID: 6792 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106792; sid: 6106792; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Windows GDI Image Handling"; content: "SID: 6793 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106793; sid: 6106793; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CA BrightStor ARCserve Backup Listservcntrl ActiveX Overflow"; content: "SID: 6794 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106794; sid: 6106794; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Panda ActiveScan ActiveX Overflow"; content: "SID: 6795 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106795; sid: 6106795; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP StorageWorks Buffer Overflow"; content: "SID: 6798 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106798; sid: 6106798; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM CTI DoS"; content: "SID: 6799 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106799; sid: 6106799; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Reply"; content: "SID: 6901 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106901; sid: 6106901; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Request"; content: "SID: 6902 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106902; sid: 6106902; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood ICMP Any"; content: "SID: 6903 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: icmp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106903; sid: 6106903; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood UDP"; content: "SID: 6910 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: udp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106910; sid: 6106910; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Net Flood TCP"; content: "SID: 6920 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106920; sid: 6106920; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Code Execution"; content: "SID: 6921 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106921; sid: 6106921; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] VBScript JScript Remote Code Execution"; content: "SID: 6922 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106922; sid: 6106922; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Memory Corruption Vulnerability"; content: "SID: 6923 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106923; sid: 6106923; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MS Publisher Remote Code Execution"; content: "SID: 6924 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106924; sid: 6106924; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Property Memory Corruption"; content: "SID: 6925 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106925; sid: 6106925; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco IOS DLSw DoS"; content: "SID: 6926 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106926; sid: 6106926; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Outlook mailto URI Remote Code Execution"; content: "SID: 6928 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106928; sid: 6106928; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Excel Memory Corruption"; content: "SID: 6929 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106929; sid: 6106929; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Office Web Components URL Parsing Vulnerability"; content: "SID: 6930 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106930; sid: 6106930; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Virtual-Access Interface Exhaustion DoS"; content: "SID: 6931 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106931; sid: 6106931; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HTML Objects Uninitialized Memory Corruption Vulnerability"; content: "SID: 6932 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106932; sid: 6106932; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI Buffer Overflow"; content: "SID: 6934 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106934; sid: 6106934; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CVE-2008-1086 ActiveX Killbit Update"; content: "SID: 6935 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106935; sid: 6106935; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] UCM Disaster Recovery Framework Command Execution"; content: "SID: 6936 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106936; sid: 6106936; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE File Handling Memory Corruption"; content: "SID: 6937 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106937; sid: 6106937; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE Argument Handling Memory Corruption Exploit"; content: "SID: 6938 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106938; sid: 6106938; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Project Remote Code Execution"; content: "SID: 6939 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106939; sid: 6106939; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] RealPlayer ActiveX Remote Code Execution"; content: "SID: 6940 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106940; sid: 6106940; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Yahoo ActiveX Buffer Overflow"; content: "SID: 6942 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106942; sid: 6106942; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUPS CGI Compile Search Overflow"; content: "SID: 6944 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106944; sid: 6106944; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] HP OpenView OVAS.EXE Stack Overflow"; content: "SID: 6945 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106945; sid: 6106945; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Web Client Remote Code Execution Vulnerability"; content: "SID: 6946 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106946; sid: 6106946; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Drawing Object Vulnerability"; content: "SID: 6951 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106951; sid: 6106951; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Word Cascading Style Sheet (CSS) Vulnerability"; content: "SID: 6952 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106952; sid: 6106952; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] CUCM SIP Stack DoS"; content: "SID: 6954 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106954; sid: 6106954; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Adobe Flash Null Pointer Dereference"; content: "SID: 6959 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106959; sid: 6106959; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE Response Cross-Domain Info Disclosure"; content: "SID: 6960 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106960; sid: 6106960; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IE HTML Objects Memory Corruption"; content: "SID: 6961 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106961; sid: 6106961; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Unity DOS"; content: "SID: 6962 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106962; sid: 6106962; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] MJPEG Decoder Vulnerability"; content: "SID: 6963 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106963; sid: 6106963; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Asprox Injection Attempt"; content: "SID: 6964 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106964; sid: 6106964; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Malformed Search File Code Execution"; content: "SID: 6966 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106966; sid: 6106966; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft SQL Server Privilege Elevation"; content: "SID: 6967 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106967; sid: 6106967; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Access Snapshot Viewer ActiveX Remote Code Execution"; content: "SID: 6968 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106968; sid: 6106968; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Word Smart Tag Corruption Exploit"; content: "SID: 6969 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106969; sid: 6106969; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] DirectShow SAMI Parsing Remote Code Execution"; content: "SID: 6970 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106970; sid: 6106970; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Generic Exploit Component"; content: "SID: 6971 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106971; sid: 6106971; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Rosoft Media Player Overflow"; content: "SID: 6972 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106972; sid: 6106972; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOS FTPd MKD Command Buffer Overflow"; content: "SID: 6973 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106973; sid: 6106973; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Motorola Timbuktu Pro Arbitrary File Deletion/Creation"; content: "SID: 6974 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106974; sid: 6106974; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Arbitrary File Upload In CA ARCserve"; content: "SID: 6975 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106975; sid: 6106975; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Powerpoint 2003 Viewer Buffer Overflow"; content: "SID: 6976 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106976; sid: 6106976; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Wonderware Suitlink Denial Of Service"; content: "SID: 6977 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106977; sid: 6106977; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] PowerPoint Parsing Overflow"; content: "SID: 6978 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106978; sid: 6106978; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] BEA WebLogic Server Apache Connector HTTP Version String BO"; content: "SID: 6979 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106979; sid: 6106979; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PowerPoint Memory Allocation Exploit"; content: "SID: 6981 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106981; sid: 6106981; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft PICT Filter Parsing Exploit"; content: "SID: 6983 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106983; sid: 6106983; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Windows Image Color Management System RCE"; content: "SID: 6984 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106984; sid: 6106984; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft Office WPG Image File Heap Corruption Exploit"; content: "SID: 6985 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106985; sid: 6106985; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft IE HTML Objects Memory Corruption Exploit"; content: "SID: 6986 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106986; sid: 6106986; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] WebEx Meeting Manager ActiveX Overflow"; content: "SID: 6988 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106988; sid: 6106988; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] IOSFW HTTP Inspection Vulnerability"; content: "SID: 6989 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; default_proto: tcp; default_dst_port: $HTTP_PORT; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106989; sid: 6106989; rev: 5;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Visual Studio Msmask32.ocx ActiveX Buffer Overflow"; content: "SID: 6990 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106990; sid: 6106990; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Symantec Veritas Storage Foundation Null Session"; content: "SID: 6991 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106991; sid: 6106991; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco Secure ACS EAP Overflow"; content: "SID: 6994 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106994; sid: 6106994; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI EMF Memory Corruption Vulnerability"; content: "SID: 6995 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106995; sid: 6106995; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] GDI+ BMP Integer Overflow"; content: "SID: 6996 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106996; sid: 6106996; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] OneNote Uniform Resource Locator Validation Error Vulnerability"; content: "SID: 6997 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106997; sid: 6106997; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Microsoft GDI-Plus WMF Buffer Overrun Exploit"; content: "SID: 6998 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106998; sid: 6106998; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Cisco PIM Multicast Denial of Service Attack"; content: "SID: 6999 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6106999; sid: 6106999; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] Data Base TNS Connection"; content: "SID: 7000 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107000; sid: 6107000; rev: 4;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CISCO-SDEE] TNS Redirect Request"; content: "SID: 7001 ,"; parse_src_ip: 1; parse_dst_ip: 2; parse_port; program: qdee; classtype: suspicious-traffic; reference: url,wiki.quadrantsec.com/bin/view/Main/6107001; sid: 6107001; rev: 4;)