Filter
Top Products
40-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 40 Managing IPS Anomaly Detection
Understanding Anomaly Detection
Table 40-1 Anomaly Detection Worm Signatures
Signature ID Subsignature ID Name Description
13000 0 Internal TCP
Scanner
Identified a single scanner over a TCP
protocol in the internal zone.
13000 1 Internal TCP
Scanner
Identified a worm attack over a TCP
protocol in the internal zone; the TCP
histogram threshold was crossed and a
scanner over a TCP protocol was
identified.
13001 0 Internal UDP
Scanner
Identified a single scanner over a UDP
protocol in the internal zone.
13001 1 Internal UDP
Scanner
Identified a worm attack over a UDP
protocol in the internal zone; the UDP
histogram threshold was crossed and a
scanner over a UDP protocol was
identified.
13002 0 Internal Other
Scanner
Identified a single scanner over an
Other protocol in the internal zone.
13002 1 Internal Other
Scanner
Identified a worm attack over an Other
protocol in the internal zone; the Other
histogram threshold was crossed and a
scanner over an Other protocol was
identified.
13003 0 External TCP
Scanner
Identified a single scanner over a TCP
protocol in the external zone.
13003 1 External TCP
Scanner
Identified a worm attack over a TCP
protocol in the external zone; the TCP
histogram threshold was crossed and a
scanner over a TCP protocol was
identified.
13004 0 External UDP
Scanner
Identified a single scanner over a UDP
protocol in the external zone.
13004 1 External UDP
Scanner
Identified a worm attack over a UDP
protocol in the external zone; the UDP
histogram threshold was crossed and a
scanner over a UDP protocol was
identified.
13005 0 External Other
Scanner
Identified a single scanner over an
Other protocol in the external zone.
13005 1 External Other
Scanner
Identified a worm attack over an Other
protocol in the external zone; the Other
histogram threshold was crossed and a
scanner over an Other protocol was
identified.
13006 0 Illegal TCP
Scanner
Identified a single scanner over a TCP
protocol in the illegal zone.