ON THIS PAGE
Legacy Contexts
These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups for legacy contexts as match conditions in IDP policy rules.
Service Contexts: AIM
The table displays the security context details for AIM:
Context and Direction |
Description |
Display Name |
|---|---|---|
aim-auth-request-msg (ANY) |
Matches the message sent from one user to another when requesting authorization to add to the buddy list. |
AIM Auth Request Msg |
aim-away-message (CTS) |
Matches the message sent to other clients when a user changes status to 'away'. |
AIM Away Message |
aim-buddy-comment (ANY) |
Matches the comment stored for a buddy in the contact list. |
AIM Buddy Comment |
aim-capabilities (ANY) |
Matches the set of features supported by the client. |
AIM Capabilities |
aim-chat-info (STC) |
Matches the information about a chatroom. |
AIM Chat Info |
aim-chat-interests (STC) |
Matches the categories of personal interests in a user's profile. |
AIM Chat Interests |
aim-chat-room-desc (STC) |
Matches the description of a chatroom. |
AIM Chat Room Desc |
aim-chat-room-name (STC) |
Matches the name of a chatroom in an AIM/ICQ session. |
AIM Chat Room Name |
aim-client-ip (STC) |
Matches the IP address of the client for direct P2P communication. |
AIM Client Ip |
aim-client-port (STC) |
Matches the port that the client is listening on for P2P communication. |
AIM Client Port |
aim-client-status (STC) |
Matches the user's online status. |
AIM Client Status |
aim-decline-reason (ANY) |
Matches the decline reason when a client refuses to be added to another user's contact list. |
AIM Decline Reason |
aim-descripted-url (ANY) |
Matches the description and URL when sending a Web page to another address. |
AIM Descripted Url |
aim-email-address (STC) |
Matches the e-mail address of a user as it appears in the profile. |
AIM Email Address |
aim-error-url (STC) |
Matches the URL on the server where the user can reconfigure the account password. |
AIM Error Url |
aim-gcard-message (ANY) |
Matches the message associated with a greeting card. |
AIM Gcard Message |
aim-gcard-recipient (ANY) |
Matches the screen name of a greeting card recipient. |
AIM Gcard Recipient |
aim-gcard-sender (ANY) |
Matches the screen name of a greeting card sender. |
AIM Gcard Sender |
aim-gcard-theme (ANY) |
Matches the theme of a greeting card sent from one client to another. |
AIM Gcard Theme |
aim-gcard-title (ANY) |
Matches the title of a greeting card sent from one user to another. |
AIM Gcard Title |
aim-gcard-url (ANY) |
Matches the URL of the greeting card sent from one user to another. |
AIM Gcard Url |
aim-get-file (STC) |
Matches the name of a file that the user is transferring from a peer. |
AIM Get File |
aim-group (ANY) |
Matches the name of a group of items (usually buddies). |
AIM Group |
aim-info-text (STC) |
Matches additional information text that appears in a user's profile. |
AIM Info Text |
aim-local-ip (CTS) |
Matches the IP address of a client used for P2P communication. |
AIM Local Ip |
aim-local-port (CTS) |
Matches the local port that the client is listening on for P2P communication. |
AIM Local Port |
aim-message-block (ANY) |
Matches the instant message sent from one user to another. |
AIM Message Block |
aim-message-description (ANY) |
Matches the description of a message. |
AIM Message Description |
aim-nick-name (ANY) |
Matches the nickname of an AIM/ICQ user. |
AIM Nick Name |
aim-oft-content (ANY) |
Matches the contents of a file being transferred between peers. |
AIM Oft Content |
aim-oft-name (ANY) |
Matches the name of a file being transferred between peers. |
AIM Oft Name |
aim-peer-ip (STC) |
Matches the IP address of a peer for direct P2P communication. |
AIM Peer Ip |
aim-peer-port (STC) |
Matches the port of a peer for direct P2P communication. |
AIM Peer Port |
aim-put-file (CTS) |
Matches the name of a file that the user is transferring to a peer. |
AIM Put File |
aim-screen-name (ANY) |
Matches the screen name of a user. |
AIM Screen Name |
aim-server-ip (STC) |
Matches the IP address of a server. Typically used when the main server redirects the client to another server. |
AIM Server Ip |
aim-server-url (STC) |
Matches any URL on the server. |
AIM Server Url |
aim-url (ANY) |
Matches the URL of a user's profile. |
AIM Url |
aim-xml-value (STC) |
Matches the XML string sent by the server with the value of a requested URL. |
AIM Xml Value |
Service Contexts: Finger
The table displays the security context details for Finger:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
finger-host (CTS) |
Matches each hostname in a FINGER request.  |
|||
finger-s2c-data (STC) |
finger-s2c-data |
|||
finger-user (CTS) |
Matches the username in a FINGER request.  |
|||
Service Contexts: Gnutella
The table displays the security context details for Gnutella:
Context and Direction |
Description |
Display Name |
|---|---|---|
gnutella-connect-fail-reason (STC) |
Matches the connection fail reason string in a Gnutella connection. |
GNUTELLA Connect Fail Reason |
gnutella-connect-header (ANY) |
Matches the contents of the HTTP style CONNECT message in a Gnutella session. |
GNUTELLA Connect Header |
gnutella-http-get-filename (CTS) |
Matches the name of the file that the client intends to retrieve. |
GNUTELLA Http Get Filename |
gnutella-http-header (ANY) |
Matches any HTTP style headers in a Gnutella session. |
GNUTELLA Http Header |
gnutella-queryhit-vendor (STC) |
Matches the 4-byte vendor code in the reply for the QUERYHIT message. |
GNUTELLA Queryhit Vendor |
gnutella-search-criteria (CTS) |
Matches the search criteria in a QUERY message of a Gnutella session. |
GNUTELLA Search Criteria |
gnutella-user-agent (ANY) |
Matches the name of the user agent in a Gnutella session. |
GNUTELLA User Agent |
Service Contexts: Gopher
The table displays the security context details for Gopher:
Context and Direction |
Description |
Display Name |
|---|---|---|
gopher-display (STC) |
Matches the display string of a Gopher item. |
GOPHER Display |
gopher-file (STC) |
Matches the contents of a Gopher item/file. |
GOPHER File |
gopher-host-port (STC) |
Matches the host and port used to get an item. |
GOPHER Host Port |
gopher-selector (STC) |
Matches the selector string of a Gopher item. |
GOPHER Selector |
Service Contexts: IEC
The table displays the security context details for IEC:
Context and Direction |
Description |
Display Name |
|---|---|---|
iec104-message-type-i (ANY) |
Matches the Type-I message of IEC104. |
IEC104 Message Type I |
iec104-message-type-s (ANY) |
Matches the Type-S message of IEC104. |
IEC104 Message Type S |
iec104-message-type-u (ANY) |
Matches the Type-U message of IEC104. |
IEC104 Message Type U |
Service Contexts: IRC
The table displays the security context details for IRC:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
irc-command (ANY) |
Matches any IRC command name.  |
|||
irc-join-chan (ANY) |
Matches the channel name in the JOIN command of an IRC session.  |
|||
irc-nick-name (ANY) |
Matches the name in the NICK command of an IRC session.  |
|||
irc-notice-msg (ANY) |
Matches the message in the NOTICE command of an IRC session.  |
|||
irc-oper-name (ANY) |
Matches the name in the OPER command of an IRC session. |
|||
irc-oper-password (ANY) |
Matches the password in the OPER command of an IRC session. |
|||
irc-part-chan (ANY) |
Matches the channel name in the PART command of an IRC session. |
|||
irc-password (ANY) |
Matches the password in the PASS command of an IRC session. |
|||
irc-priv-msg (ANY) |
Matches the message in the PRIVMSG command of an IRC session.  |
|||
irc-real-name (ANY) |
Matches the real name in the USER command of an IRC session.  |
|||
irc-topic (ANY) |
Matches the arguments of the TOPIC command of an IRC session. |
|||
irc-user-name (ANY) |
Matches the name in the USER command of an IRC session.  |
|||
Service Contexts: LPR
The table displays the security context details for LPR:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
lpr-cfile-command (CTS) |
Matches the entire CFILE subcommand line, including the first byte of the subcommand type. |
|||
lpr-cfile-name (CTS) |
Matches the name of the control filename that is sent as part of the RECEIVE-JOB command. |
|||
lpr-command (CTS) |
Matches the entire command line, including the first byte of the command code.  |
|||
lpr-dfile-name (CTS) |
Matches the name of the data filename that is sent as part of the RECEIVE-JOB command. |
|||
Service Contexts: MSN
The table displays the security context details for MSN:
Context and Direction |
Description |
Display Name |
|---|---|---|
msn-addrbook-url (STC) |
Matches the URL for a user's address book. |
MSN Addrbook Url |
msn-compose-url (STC) |
Matches the URL for composing an e-mail. |
MSN Compose Url |
msn-display-name (ANY) |
Matches the display name of a user. |
MSN Display Name |
msn-get-file (STC) |
Matches the name of a file that the client is downloading from a peer. |
MSN Get File |
msn-group-name (ANY) |
Matches the name of a group of contacts. |
MSN Group Name |
msn-inbox-url (STC) |
Matches the URL for a user's Inbox. |
MSN Inbox Url |
msn-ip-port (STC) |
Matches the address and port of a switchboard server. |
MSN IP Port |
msn-message (ANY) |
Matches the instant message text. |
MSN Message |
msn-message-application (ANY) |
Matches the line of an application message (like file transfer). |
MSN Message Application |
msn-message-email-notification (STC) |
Matches the line sent by the server to notify a client of new or unread e-mail. |
MSN Message Email Notification |
msn-message-header (ANY) |
Matches the header line of an instant message. |
MSN Message Header |
msn-message-profile (STC) |
Matches the line containing the profile of a message sender. |
MSN Message Profile |
msn-passport-url (STC) |
Matches login passport URL. |
MSN Passport Url |
msn-phone-number (ANY) |
Matches the user's phone number. |
MSN Phone Number |
msn-png-chunk (ANY) |
Matches contents of PNG chunk in MSN transaction. |
MSN PNG CHUNK |
msn-profile-url (STC) |
Matches the URL of a user's passport profile. |
MSN Profile Url |
msn-put-file (CTS) |
Matches the name of a file that the client is sending to a peer. |
MSN Put File |
msn-sign-in-name (ANY) |
Matches the screen name (login name) of a user. |
MSN Sign In Name |
msn-url (STC) |
Matches any URL in an MSN session |
MSN URL |
msn-user-state (ANY) |
Matches the user's online state. |
MSN User State |
Service Contexts: NNTP
The table displays the security context details for NNTP:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
nntp-banner (STC) |
Matches the NNTP banner.  |
|||
nntp-body (ANY) |
Matches each line of an NNTP message body.  |
|||
nntp-cmd-line (CTS) |
Matches the entire NNTP command line.  |
|||
nntp-header (ANY) |
Matches any header in an NNTP session.  |
|||
nntp-ihave-msgid (CTS) |
Matches the message ID that appears in the IHAVE command of an NNTP session. |
|||
nntp-mode (CTS) |
Matches the NNTP mode.  |
|||
nntp-msgid (ANY) |
Matches the message ID that appears in various commands of an NNTP session.  |
|||
nntp-newsgroup (ANY) |
Matches the name of news groups in an NNTP session. |
|||
Service Contexts: REXEC
The table displays the security context details for REXEC:
Context and Direction |
Description |
Display Name |
|---|---|---|
rexec-remote-command (CTS) |
Matches the remote command in an REXEC session. |
REXEC Remote Command |
rexec-remote-user (CTS) |
Matches the remote username in an REXEC session. |
REXEC Remote Username |
Service Contexts: RLOGIN
The table displays the security context details for RLOGIN:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
rlogin-local-user (CTS) |
Matches the local username in an RLOGIN session.  |
|||
rlogin-remote-user (CTS) |
Matches the remote username in an RLOGIN session.  |
|||
Service Contexts: RSH
The table displays the security context details for RSH:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
rsh-local-user (CTS) |
Matches the local username in an RSH session.  |
|||
rsh-remote-command (CTS) |
Matches the remote command in an RSH session.  |
|||
rsh-remote-user (CTS) |
Matches the remote username in an RSH session.  |
|||
Service Contexts: RUSERS
The table displays the security context details for RUSERS:
Context and Direction |
Description |
Display Name |
|---|---|---|
rusers-device (STC) |
Matches the name of the device in an RUSERS session. |
RUSERS Device |
rusers-host (STC) |
Matches the name of the host in an RUSERS session. |
RUSERS Host |
rusers-user (STC) |
Matches the name of the user in an RUSERS session. |
RUSERS User |
Service Contexts: TNS
The table displays the security context details for TNS:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
tns-accept-section (STC) |
Matches the Accept Section Data in a TNS session. |
|||
tns-connect-addr-dev (CTS) |
Matches the Connect Address-Dev in a TNS session. |
|||
tns-connect-addr-host (CTS) |
Matches the Connect Address-Host in a TNS session. |
|||
tns-connect-addr-key (CTS) |
Matches the Connect Address-Key in a TNS session. |
|||
tns-connect-addr-port (CTS) |
Matches the Connect Address-Port in a TNS session. |
|||
tns-connect-addr-proto (CTS) |
Matches the Connect Address-Protocol in an TNS session. |
|||
tns-connect-cid-host (CTS) |
Matches the Connect Data CID Host in a TNS session. |
|||
tns-connect-cid-user (CTS) |
Matches the Connect Data CID User in a TNS session. |
|||
tns-connect-data-cid-prog (CTS) |
Matches the Connect Data CID Program in a TNS session. |
|||
tns-connect-data-sid (CTS) |
Matches the Connect Data SID in a TNS session. |
|||
tns-connect- data-svcname (CTS) |
Matches the Connect Data Service Name in an TNS session. |
|||
tns-connect-section (CTS) |
Matches the Connect Section Data in a TNS session.  |
|||
tns-data-flags (ANY) |
Matches 2 bytes flags of Data Section in an TNS session |
|||
tns-data-section (ANY) |
Matches the Data Section Data in a TNS session. |
|||
tns-message-body (ANY) |
Matches any Message Body in a TNS session.  |
|||
tns-message-type (ANY) |
Matches the Message Type in a TNS session.  |
|||
tns-preamble (ANY) |
Matches the first 8 bytes of a TNS message. |
|||
tns-redirect-section (STC) |
Matches the Redirect Section in a TNS session. |
|||
Service Contexts: YMSG
The table displays the security context details for YMSG:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
ymsg-alias (ANY) |
Matches the alternate name associated with the main username. |
|||
ymsg-buddy-name (ANY) |
Matches the name of a user that appears on the friends list. |
|||
ymsg-chatroom-chatter (ANY) |
Matches the name of a user participating in a chat session |
|||
ymsg-chatroom-invitee (ANY) |
Matches the name of the user who is being invited to join a chatroom. |
|||
ymsg-chatroom-message (ANY) |
Matches the messages exchanged in a chatroom. |
|||
ymsg-chatroom-name (ANY) |
Matches the name of a chatroom in a YMSG session. |
|||
ymsg-conf-host (ANY) |
Matches the name of the user who is hosting the conference. |
|||
ymsg-conf-invitee (ANY) |
Matches the name of a user who is invited to a conference. |
|||
ymsg-conf-join-msg (ANY) |
Matches the content of a message sent as part of a conference invitation. |
|||
ymsg-conf-name (ANY) |
Matches the name of a conference session. |
|||
ymsg-config-url (STC) |
Matches the URL at which the user can configure the password after the account is disabled. |
|||
ymsg-contact-name (ANY) |
Matches the contact name in a friends list or invitation. |
|||
ymsg-group-name (ANY) |
Matches the name of a group used to categorize friends. |
|||
ymsg-header (ANY) |
Matches data in the protocol header.  |
|||
ymsg-ignored-user (ANY) |
Matches the name of the user being added to, or appearing on, the ignored users list. |
|||
ymsg-mail-sender (STC) |
Matches the name of the user sending an e-mail message. |
|||
ymsg-mail- sender-address (STC) |
Matches the e-mail address of sender. |
|||
ymsg-mail-subject (STC) |
Matches the e-mail subject. |
|||
ymsg-main-identity (ANY) |
Matches the main identity name of the user. |
|||
ymsg-message (ANY) |
Matches the instant message that is sent from one client to another.  |
|||
ymsg-message-server- filename-url (STC) |
Matches the message with the name of the file on the client from which the server can download and transfer to peers. |
|||
ymsg-nickname (ANY) |
Matches the nickname of a user. |
|||
ymsg-p2p- get-filename (STC) |
Matches the name of the file on the peer from which the file can be downloaded.  |
|||
ymsg-p2p-get-filename-url (STC) |
Matches the location of a file on the peer from which the file can be downloaded. |
|||
ymsg-p2p-put-filename (CTS) |
Matches the name of the file on the client that other peers can download.  |
|||
ymsg-p2p- put-filename-url (CTS) |
Matches the location of a file on the client from which other peers can download. |
|||
ymsg-recipient (ANY) |
Matches the identity of the recipient of a message or file. |
|||
ymsg-sender (ANY) |
Matches the identity of a sender of a message or file. |
|||
ymsg-server- get-filename-url (STC) |
Matches the location of a file on the client from which the server can download and transfer to peers. |
|||
ymsg-system- message (STC) |
Matches the content of a message sent from the server to the client. |
|||
ymsg-user-name (ANY) |
Matches the identity of the login user or one of the user's alias.  |
|||