Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 966

Network and Security Manager Administration Guide
P2P:WINMX:CLIENT-MATCHMAKE-DNS
P2P:WINMX:CLIENT-NET-PRB-DNS
P2P:WINMX:CLIENT-VER-CHK
P2P:WINMX:CLIENT-VER-CHK-DNS
POP3:DOS:MDAEMON-POP-DOS
POP3:ERROR:BOUNDARY_MISSING
POP3:EXT:DOT-386
POP3:EXT:DOT-ADE
POP3:EXT:DOT-ADP
916
This signature detects a WinMX client performing DNS
lookups for matchmaking servers. WinMX is a peer-to-peer
file sharing client that tests firewall rules and
reverse-connectivity to determine the most effective way
to share files. WinMX queries a matchmaking server to obtain
Supernode lists, which enable the WinMX client to share
files.
This signature detects a WinMX client performing DNS
lookups for hosts that WinMX will probe for connectivity.
WinMX is a peer-to-peer file sharing client that tests firewall
rules and reverse-connectivity to determine the most
effective way to share files.
This signature detects an initial connection by WinMX, a
peer-to-peer file sharing client. WinMX queries a Web site
for new versions of the WinMX client software.
This signature detects attempts to obtain the IP address of
the host that tracks WinMX client versions. WinMX is a
peer-to-peer file sharing client.
This signature detects denial-of-service attempts against
the Mdaemon POP3 Server. Mdaemon v.6.0.7 and earlier
versions are vulnerable. Attackers may send a maliciously
crafted DELE or UIDL request to the POP3 daemon to crash
the POP3, SMTP, and IMAP services.
This protocol anomaly is a message with a multipart content
type but no boundary.
This signature detects e-mail attachments that have the
extension .386 and were received via POP3. Because .386s
( Windows Enhanced Mode Driver) files contain executable
code, this may indicate an incoming e-mail virus. Attackers
may create malicious executables, tricking users into
executing the file and infecting the system.
This signature detects e-mail attachments that have the
extension .ade and were received via POP3. Because .ADEs
(Microsoft Access Project Extension) files can contain
macros, this may indicate an incoming e-mail virus. Attackers
may create malicious scripts, tricking users into executing
the macros and infecting the system.
This signature detects e-mail attachments that have the
extension .adp and were received via POP3. Because .ADPs
(Microsoft Access Project) files can contain macros, this
may indicate an incoming e-mail virus. Attackers may create
malicious scripts, tricking users into executing the macros
and infecting the system.
info sos5.1.0
info sos5.1.0
info sos5.1.0
info sos5.1.0
medium sos5.0.0,
sos5.1.0
high sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.1.0
Copyright © 2010, Juniper Networks, Inc.