D-Link DFL-M510 Faq page 20

Q: Is the signature unidirectional or bidirectional?
A:
The direction of the signature varies from one application to another. It's all up to
the behaviour.
For signatures detecting IM's behaviours such as File Transfer, Chat, Online Game,
Audio Communication, and Video Communication, the directions are bidirectional. This
means that DFL-M510 can detect such attempts either from LAN to WAN or from WAN
to LAN.
For signatures detecting HTTP download attempts, IM login attempts, Web Mail controls
(Yahoo Mail, Gmail, and Hotmail), Web Upload, Web Download, and Java Applet
download attempts, the directions are unidirectional.
For signatures detecting malicious traffic made by worm/Trojan, the direction is
bidirectional.
MISC
A: Worm/Trojan List
Item Description
1 WORM Windows Lsasrv.dII RPC Overflow(Sasser)
2 WORM Windows Lsasrv.dII RPC Overflow (Sasser)-1
3 WORM Windows Lsasrv.dII RPC Overflow Unicode (Sasser)
4 WORM Windows Lsasrv.dII RPC Overflow Unicode (Sasser)-1
5 WORM HTTP IIS CodeRed
6 WORM IIS default.ida access (CodeRed v2)
7 WORM DCOM System Shell Expicit Response (Blaster)
8 WORM DCOM Successful Shell Exploit Response (Blaster)
9 WORM Windows RPC DCOM Interface exploit - 135 (Blaster)
10 WORM Windows RPC DCOM Interface exploit - 445 (Blaster)
11 WORM Windows RPC DCOM Bind attempt (Blaster)
12 WORM WEB-IlS WebDAV exploit attempt.a (Blaster)
13 MISC OpenSSL Worm traffic
14 WORM slapper admin traffic
15 DoS MS-SQL Slammer Worm
16 WORM .emf Heap Overflow (M504-032) -1
17 WORM .emf Heap Overflow (M504-032) -2
18 WORM .emf Heap Overflow (M504-032) -3
19 WORM M504-034 zipped Folders Exploit via http
20 WORM M504-034 zipped Folders Exploit via smtp_1
21 WORM M504-034 zipped Folders Exploit via smtp_2
22 WORM M504-034 zipped Folders Exploit via smtp_3
23 WORM RealPlayer SMIL File Handling Buffer Overflow
D-Link Nordic Technical Support 20