Protocol Analysis of integrating attack and defense technologies into IPS

By; Firefox

1 AIM ===^ (* [x01x02]. * x03x0b | * x01 .?.?.?.? X01) | flapon | toc_signon. * 0x
2 Apple Juice ====^ ajprotx0dx0a
3 Ares ===^ x03 [] Z].?.? X05 $
4 Battlefield 1942 ====^ x01x11x10 | xf8x02x10x40x06
5 Battlefield 2 ===^ (x11x20x01 ...? X11 | xfexfd .?.?.?.?.?.? (X14x01x06 | xffxffxff) | [] x01].? Battlefield2
6 Battlefield 2142 ===^ (x11x20x01x90x50x64x10 | xfexfd .?.?.? X18 | [x01 \].? Battlefield2)
7 Border Gateway Protocol ===^ xffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxffxff ..? X01 [x03x04]
8 Chikka ===^ CTPv1. [123] Kamusta. * x0dx0a $
9 cimd === x02 [0-4] [0-9]: [0-9] +. * x03 $
10 ciscovpn ====^ x01xf4x01xf4
11 Citrix ICA === x32x26x85x92x58
12 Counterstrike ===^ xffxffxffxff. * cstrikeCounter-Strike
13 CVS ===^ BEGIN (AUTH | VERIFICATION | GSSAPI) REQUESTx0a
14 dayofdefeat-source ====^ xffxffxffxff. * dodDay of Defeat
15 DHCP ===^ [x01x02] [x01-] x06. * cx82sc
16 Direct Connect ===^ ($ mynick | $ lock | $ key)
17 DNS ===^ .?.?.?.? [X01x02]...? [X01-?] [A-z0-9] [x01 -? A-z] * [x02-x06] [a-z] [a-z] [fglmoprstuvz]? [Aeop]? (Um )? [X01-x10x1c] [x01x03x04xFF]
18 Doom 3 ===^ xffxffchallenge
19 FastTrack ===^ get (/. download /. * | /. supernode. | /. status. | /. network. * | /. files | /. hash = [0-9a-f] */. *) http/1.1 | user-agent: kazaa | x-kazaa (-username |-network |-ip |-supernodeip |-xferid |-xferuid | tag) | ^ give [0-9] [0-9] [0-9] [0-9] [0-9] [0-9] [0-9] [0-9] -9]? [0-9]? [0-9]?
20 Finger = ^ [a-z] [a-z0-9-_] + | login: [x09-x0d-~] * Name: [x09-x0d-~] * Directory:
21 Freenet =====^ x01 [x08x09] [x03x04]
22 FTP ===^ 220 [x09-x0d-~] * Ftp
23 Gkrellm ===^ gkrellm [23]. [0-9]. [0-9] x0a $
24 GnucleusLAN === gnuclear connect/[x09-x0d-~] * User-agent: gnucleus [x09-x0d-~] * Lan:
25 Gnutella ===^ (gnd [x01x02] ??? X01 | gnutella connect/[012]. [0-9] x0dx0a | get/uri-res/n2r? Urn: sha1: | get /. * user-agent: (gtk-gnutella | bearshare | mactella | gnucleus | gnotella | limewire | imesh) | get /. * content-type: application/x-gnutella-packets | giv [0-9] *: [0-9a-f] */| queue [0-9a-f] * [1-9] [0-9]? [0-9]?. [1-9] [0-9]? [0-9]?. [1-9] [0-9]? [0-9]?. [1-9] [0-9]? [0-9]? : [1-9] [0-9]? [0-9]? [0-9]? | Gnutella. * content-type: application/x-gnutella | ...................? Lime)
26 GoBoogy ===< peerplat> | ^ get/getfilebyhash. cgi? | ^ Get/queue_register.cgi? | ^ Get/getupdowninfo. cgi?
27 Gopher = ^ [x09-x0d] * [1-9, + tgi] [x09-x0d-~] * X09 [x09-x0d-~] * X09 [a-z0-9.] *. [a-z] [a-z].?.? X09 [1-9]
28 Guild Wars ===^ [x04x05] x0c. ix01
29 H.323 ===^ x03 ..? X08 ...?.?.?.?.?.?.?.?.?.?.?.?.?.?.? X05
30 Half-Life 2 Deathmatch ====^ xffxffxffxff. * hl2mpDeathmatch
31 hddtemp ====^|/dev/[a-z] [a-z] [a-z] | [0-9a-z] * | [0-9] [0- 9] | [cfk] |
32 Hotline ====^ .................... TRTPHOTLx01x02
33 http-rtsp ===^ (get [x09-x0d-~] * Accept: application/x-rtsp-tunnelled | http/(0.9 | 1.0 | 1.1) [1-5] [0-9] [0-9] [x09-x0d-~] * A = control: rtsp ://)
34 HTTP === http/(0.9 | 1.0 | 1.1) [1-5] [0-9] [0-9] [x09-x0d-~] * (Connection: | content-type: | content-length: | date :) | post [x09-x0d-~] * Http/[01]. [019]
35 Ident ===^ [1-9] [0-9]? [0-9]? [0-9]? [0-9]? [X09-x0d] *, [x09-x0d] * [1-9] [0-9]? [0-9]? [0-9]? [0-9]? (X0dx0a | [x0dx0a])? $
36 IMAP = ^ (* OK | a [0-9] + noop)
37 iMesh ===^ (post [x09-x0d-~] * <PasswordHash> ................................ </PasswordHash> <ClientVer> | x34x80? X0d? Xfcxffx04 | get [x09-x0d-~] * Host: imsh.download-prod.musicnet.com | x02 [x01x02] x83. * x02 [x01x02] x83)
38 IRC ===^ (nick [x09-x0d-~] * User [x09-x0d-~] *: | User [x09-x0d-~] *: [X02-x0d-~] * Nick [x09-x0d-~] * X0dx0a)
39 jabber ===< stream: stream [x09-x0d] [-~] * [X09-x0d] xmlns = ["] jabber
40 KuGoo ===^ (x31.. x8e | x64. + x74x47x50x37)
41 live365 === membername. * session. * player
42 liveforspeed =====^. x05x58x0ax1dx03
43 LPD ====^( x01 [! -~] + | X02 [! -~] + X0a. [x01x02x03] [x01-x0a-~] * | [X03x04] [! -~] + [X09-x0d] + [a-z] [x09-x0d-~] * | X05 [! -~] + [X09-x0d] + ([a-z] [! -~] * [X09-x0d] + [1-9] [0-9]? [0-9]? | Root [x09-x0d] + [! -~] +). *) X0a $
44 mohaa ===^ xffxffxffxffgetstatusx0a
45 msn-filetransfer ===^ (ver [-~] * Msnftpx0dx0aver msnftpx0dx0ausr | method msnmsgr :)
46 MSN Messenger === ver [0-9] + msnp [1-9] [0-9]? [X09-x0d-~] * Cvr0x0dx0a $ | usr 1 [! -~] + [0-9.] + x0dx0a $ | ans 1 [! -~] + [0-9.] + x0dx0a $
47 MUTE ===^ (Public | AES) Key: [0-9a-f] * x0aEnd (Public | AES) Keyx0a $
48 Napster ===^ (. [x02x06] [! -~] + [! -~] + [0-9] [0-9]? [0-9]? [0-9]? [0-9]? [X09-x0d-~] + "([0-9] | 10) | 1 (send | get )[! -~] + "[X09-x0d-~] + ")
49 NBNS ==== x01x10x01 |) x10x01x01 | 0x10x01
50 NCP ===^ (dmdt. * x01. * ("" | x11x11 | uu) | tncp. * 33)
51 NetBIOS === x81 .?.?. [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] a-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P]] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P] [A-P]
52 NNTP = ^ 20 [01] [x09-x0d-~] * X0dx0a [x09-x0d-~] * Authinfo user | 20 [01] [x09-x0d-~] * News
53 (S) NTP ====^( [x13x1bx23xd3xdbxe3] | [x14x1c $] ...... ??? ......??..=? [Xc6-xff])
54 OpenFT ==== x-openftalias: [-) (0-9a-z ~.]
55 pcanywhere ===^ (nq | st) $
56 POCO ===^ x80x94x0ax01 .... X1fx9e
57 POP3 = ^ (+ OK [x09-x0d-~] * (Ready | hello | pop | starting) |-err [x09-x0d-~] * (Invalid | unknown | unimplemented | unrecognized | command ))
58 PPLive === x01... Xd3. + x0c. $
59 QQ = ^ .?.? X02. + x03 $
60 quake-halflife ===^ xffxffxffxffget (info | challenge)
61 quake1 ====^ x80x0cx01quakex03
62 radmin ===^ x01x01 (x08x08 | x1bx1b) $
63 RDP === rdpdr. * cliprdr. * rdpsnd
64 replaytv-ivs ===^ (get/ivs-IVSGetFileChunk | http/(0.9 | 1.0 | 1.1) [1-5] [0-9] [0-9] [x09-x0d-~] * X23x23x23x23x23x23replay_chunk_startx23x23x23x23x23x23)
65 rlogin = ^ [a-z] [a-z0-9] [a-z0-9] +/[1-9] [0-9]? [0-9]? [0-9]? 00
66 rtp = ^ x80 [x01-"'-x7fx80-xa2xe0-xff]? ...... * X80
67 Shoutcast ===^ get/. * icy-metadata: 1 | icy [1-5] [0-9] [0-9] [x09-x0d-~] * (Content-type: audio | icy -)
68 SIP ====^ (invite | register | cancel) sip [x09-x0d-~] * Sip/[0-2]. [0-9]
69 skypetoskype ===^.. x02 .............
70 smb === xffsmb [x72x25]
71 SMTP ===^ 220 [x09-x0d-~] * (E? Smtp | simple mail)
72 SNMP = ^ x02x01x04. + ([xa0-xa3] x02 [x01-x04]...? X02x01 .? X02x01 .? X30 | xa4x06. + x40x04 .?.?.?.? X02x01 .? X02x01 .? X43)
73 SOCKS === x05 [x01-x08] * x05 [x01-x08]?. * X05 [x01-x03] [x01x03]. * x05 [x01-x08]? [X01x03]
74 Soribada ===^ GETMP3x0dx0aFilename | ^ x01 .?.?.? (X51x3a + | x51x32x3a) | ^ x10 [x14-x16] x10 [x15-x17]...? $
75 Soulseek ===^ (x05 ..? |. X01. [-~] + X01F ..?.?.?.?.?.?.?) $
76 SSDP =====^ notify [x09-x0d] * [x09-x0d] http/1.1 [x09-x0d-~] * Ssdp :( alive | byebye) | ^ m-search [x09-x0d] * [x09-x0d] http/1.1 [x09-x0d-~] * Ssdp: discover
77 ssh ===^ ssh-[12]. [0-9]
78 ssl ===^ (.?.? X16x03. * x16x03 | .?.? X01x03x01 ?. * X0b)
79 STUN ===^ [x01x02] ......? $
80 Subspace ===^ x01 .... X11x10 ........ X01 $
81 teamfortress2 ===^ xffxffxffxff ..... * TfTeam Fortress
82 TeamSpeak ====^ xf4xbex03. * teamspeak
83 Telnet ===^ xff [xfb-xfe]. xff [xfb-xfe]. xff [xfb-xfe]
84 Tesla === x03x9ax89x22x31x31x31. x30x30x20x42x65x74x61x20 | xe2x3cx69x1ex1cxe9
85 TFTP ===^ (x01 | x02) [-~] * (Netascii | octet | mail)
86 thecircle ===^ tx03ni .? [X01-x06]? T [x01-x05] s [x0ax0b] (glob | who are you $ | query data)
87 Tor === TOR1. * <identity>
88 tsp ===^ [x01-x13x16-$] x01 .?.?.?.?.?.?.?.?.?.? [-~] +
89 uucp ====^ x10here =
90 validcertssl ===^ (.?.? X16x03. * x16x03 | .?.? X01x03x01 ?. * X0b). * (thawte | equifax secure | rsa data security, inc | verisign, inc | gte cybertrust root | entrust.net limited)
91 ventrilo ===^ ..? V $ xcf
92 vnc ===^ rfb 00 [1-9]. 00 [0-9] x0a $
93 whois ===^ [! -~] + X0dx0a $
94 worldofwarcraft ====^ x06xecx01
95x11 ===^ [lb].? X0b
96 xboxlive ===^ x58x80 ........ Xf3