| Rule # |
Reason |
| -1 |
Stateless ICMP, answer without request or ICMP
error not referring to an established connection stored in the
State Tables [5] |
| -4 |
Anti-Spoofing, packet does not match automatic
configuration of Anti-Spoofing [5] |
| -5 |
Custom rule with logging, configured by the
administrator |
|
-9 |
Hot Spot, user has not authenticated
successfully, but tried to open a connection |
| -10 |
Encryption mismatch, packet should be encrypted,
but is received in clear text [5] |
| -11 |
Packet out of state, not matching the State
Tables [5] |
| -12 |
Land Attack |
| -13 |
Ping size too big, to be configured in
SmartDefense |
| -14 |
ICMP with Null payload |
| -15 |
Welchia ICMP worm |
| -16 |
Christmas packet with too many TCP flags set [5] |
| -17 |
Cisco IOS Denial-of-Service attack |
| -18 |
Connections exceed allowed Network Quota, to be
configured in SmartDefense |
| -19 |
FTP Bounce attack against FTP server |
| -20 |
FTP port command overflow |
| -21 |
FTP port command tried to open a known port |
| -22 |
FTP: Illegal command |
| -23 |
KaZaA traffic detected, to be configured in
SmartDefense |
| -24 |
Skype traffic detected, to be configured in
SmartDefense |
| -25 |
BitTorrent traffic detected, to be configured in
SmartDefense |
| -26 |
eMule traffic detected, to be configured in
SmartDefense |
| -27 |
Gnutella traffic detected, to be configured in
SmartDefense |
| -28 |
ICQ traffic detected, to be configured in
SmartDefense |
| -29 |
Yahoo traffic detected, to be configured in
SmartDefense |
| -30 |
Short IGMP packets detected |
| -31 |
IGMP packet with bad TTL detected |
| -32 |
IGMP packet not sent to a multicast address |
| -33 |
Vertical Port Scan Traffic |
| -34 |
Horizontal Port Scan Traffic |
| -35 |
FTP Data Traffic |
| -36 |
ICMP Replay Attack |
| -37 |
TCP Reset Replay Attack |
| -38 |
Winny Traffic |
| -39 |
Packet should not have been encrypted |
| -40 |
MSN Messenger Traffic |
