SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

Category: PROTOCOLS

PROTOCOLS Category Description

This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent certain protocols on network.

  Telnet -- Server Response (WILL ECHO)
  Telnet -- Server Response (DO ECHO)
  SSH Protocol -- Server Response (Inbound)
  SMB -- App Command (IPC$ Share)
  SMB -- App Command (IPC$ Share Unicode)
  Telnet -- Server Response (Outbound)
  Telnet -- Server Response (Inbound)
  LDAP v3 -- Client Request (TLS Inbound)
  LDAP v3 -- Client Request (TLS Outbound)
  LDAP v3 -- Client Request (SASL Inbound)
  LDAP v3 -- Client Request (SASL Outbound)
  Finger -- Client Request (Inbound)
  Finger -- Client Request (Outbound)
  NNTP -- TCP Activity (Outbound)
  NNTP -- TCP Activity (Inbound)
  SNMP -- UDP Activity (public)
  SNMP -- TCP Activity (public)
  SNMP -- UDP Activity (private)
  SNMP -- TCP Activity (private)
  Modbus -- Client Request (Outbound)
  Modbus -- Client Request (Inbound)
  STUN -- Client Request (Binding)
  OpenFT Protocol -- Client Request
  ICMPv4 -- Tunneling 1
  ICMPv4 -- Tunneling 2
  ICMPv4 -- Tunneling 3
  ICMPv4 -- Tunneling 4
  ICMPv6 -- PING Request Message
  ICMPv6 -- PING Reply Message
  ICMPv6 -- Router Solicitation Message
  ICMPv6 -- Routing Advertisement Message
  ISAKMP -- IKEv1 Quick Mode
  ISAKMP -- IKEv1 Type Informational
  ISAKMP -- IKEv1 Main Mode Identity Protection -c2
  ISAKMP -- IKEv1 Type Informational -c2
  ISAKMP -- IKEv1 Cisco Fragmentation
  ISAKMP -- IKEv2 Cisco Fragmentation
  ISAKMP -- IKEv1 Aggressive Mode Identity Protection -c2
  ISAKMP -- IKEv1 Quick Mode -c2
  SNMP -- UDP Activity (ILMI)
  PPTP -- Client Request (Inbound)
  LDAP v3 -- Client Request (Kerberos Outbound)
  PPTP -- Client Request (Outbound)
  SSH Protocol -- Server Response (Outbound)
  IMAP -- Server Response (TLS Outbound)
  IMAP -- Client Request (TLS Outbound)
  ISAKMP -- IKEv1 Aggressive Mode Identity Protection
  BOOTP -- Boot Message
  NTLM -- NTLM over SMB NEGOTIATE_MESSAGE (Inbound)
  NTLM -- NTLM over SMB NEGOTIATE_MESSAGE (Outbound)
  NTLM -- NTLM over SMB NEGOTIATE_MESSAGE (Outbound) 2
  NTLM -- NTLM over SMB NEGOTIATE_MESSAGE (Inbound) 2
  iperf tool -- Data Channel UDP 1
  iperf tool -- Control Channel TCP 1
  iperf tool -- Control Channel TCP 2
  Telnet -- Client Request (Inbound)
  Telnet -- Client Request (Outbound)
  DNS Protocol -- Standard Query Response (Authoritative)
  DNS Protocol -- Standard Query Response (Non-Authoritative)
  DNS Protocol -- Standard Query A (RD=0)
  IMAP -- Server Response (Outbound) 1
  POP3 -- Server Response (Outbound)
  HTTP Protocol -- GET Method
  HTTP Protocol -- POST Method
  SMTP -- Client Request (HELO Outbound)
  SMTP -- Client Request (EHLO Outbound)
  SSL/TLS Protocol -- SSLv3.0 Version
  SSL/TLS Protocol -- TLSv1.0 (SSLv3.1) Version
  IMAP -- Server Response (Inbound) 1
  POP3 -- Server Response (Inbound)
  SMB -- Client Request (Outbound)
  DNS Protocol -- Standard Query A
  ICMPv4 -- Echo Message
  ICMPv4 -- Echo Reply Message
  ICMPv4 -- Redirect Message
  ICMPv4 -- Destination Unreachable Message
  QUIC -- UDP Activity
  POP3 -- Client Request (TLS Inbound)
  Teredo -- UDP Activity
  H.248 Protocol -- UDP Activity (Megaco)
  H.248 Protocol -- UDP Activity (Megaco Reply)
  DNP3 -- Disable Unsolicited Responses Message
  DNP3 -- Unsolicited Response Message
  DNP3 -- Cold Restart Message
  DNP3 -- Stop Application Message
  DNP3 -- Warm Restart Message
  DNP3 -- Broadcast Request Message
  DHCP Protocol -- Boot Message
  HTTP Protocol -- PUT Method
  HTTP Protocol -- HEAD Method
  LDAP v3 -- Client Request (Kerberos Inbound)
  HTTP Protocol -- 206 Partial Content Message
  HTTP Protocol -- Content-Range Header
  DNS Protocol -- Standard Query (.info Domains)
  DNS Protocol -- Standard Query (.com Domains)
  DNS Protocol -- Standard Query (.org Domains)
  DNS Protocol -- Standard Query (.net Domains)
  DNS Protocol -- Standard Query (.xxx Domains)
  DNS Protocol -- Standard Query A (Reverse Lookup)
  HTTP Protocol -- Range Header
  SNMP -- v1 Version
  SNMP -- v2 Version
  SNMP -- v3 Version
  Apple Filing Protocol -- Client Request
  Apple Filing Protocol -- Server Response
  Apple Bonjour -- UDP Activity (mDNS Query)
  Apple Bonjour -- UDP Activity (mDNS Respone)
  ISAKMP -- IKEv1 Main Mode Identity Protection
  SSL/TLS Protocol -- TLSv1.1 Version
  SSL/TLS Protocol -- TLSv1.2 Version
  FTP -- Client Request (Inbound)
  WebDAV -- PROPFIND Method
  WebDAV -- MOVE Method
  WebDAV -- COPY Method
  WebDAV -- LOCK Method
  WebDAV -- UNLOCK Method
  WebDAV -- MKCOL Method
  WebDAV -- PROPPATCH Method
  FTP -- Client Request (Outbound)
  SMTP -- Client Request (HELO Inbound)
  SMTP -- Client Request (EHLO Inbound)
  IMAP -- Server Response (Inbound) 2
  SMB -- Client Request (Inbound)
  SMB2 -- Client Request (Inbound)
  SMB2 -- Client Request (Outbound)
  IMAP -- Server Response (TLS Inbound)
  IMAP -- Login
  FTP -- Data channel (generic)
  H.323 Protocols -- Data Channel
  SMTP -- Security Feature (STARTTLS)
  IMAP -- Server Response (Outbound) 2
  IMAP -- Client Request (TLS Inbound)
  POP3 -- Client Request (TLS Outbound)
  SSH Protocol -- Client Request (Inbound)
  SSH Protocol -- Client Request (Outbound)
  WebSocket -- TCP Activity (Upgrade Request)
  QUIC -- Handshake Message
  SSL/TLS Protocol -- SPDYv3.1 Version
  ISAKMP -- IKEv2 Security Association initialization
  STUN -- Client Request (Allocate)
  Aspera FASP -- TCP Activity (Control Channel)
  Aspera FASP -- UDP Activity (Data Channel)
  Aspera FASP -- HTTPS Activity
  FTP -- STOR Command
  FTP -- RETR Command
  HTTP Protocol -- OPTIONS Method
  HTTP Protocol -- DELETE Method
  HTTP Protocol -- CONNECT Method
  HTTP Protocol -- TRACE Method
  DNP3 -- Client Request
  ISAKMP -- Non-ESP Marker Message
  WebSocket -- TCP Activity (To Server)
  WebSocket -- TCP Activity (To Client)
  STUN -- UDP Activity (Magic Cookie 0x2112A442)
  STUN -- UDP Activity (Magic Cookie 0x72C64BC6)
  STUN -- TCP Activity (Magic Cookie 0x72C64BC6)
  HNAP Protocol -- GET
  DNS Protocol -- Security Feature (DNS Over HTTPS, DoH) 1
  DNS Protocol -- Security Feature (DNS Over HTTPS, DoH) 2
  DNS Protocol -- Security Feature (DNSSEC)
  HNAP Protocol -- POST


Relevant Information