.N NetProwler_SU20	#Policy Name
.L 2	#Policy structure
.D Detects NetProwler SNMP traps for NP signatures found in SU 20	#Policy Description
.V 1031248802	#Policy revision number
.Z 20000	#Policy ID
.R HTTP_AnswerBook2_AddAdmin	#Rule Definition
..D Detects potentially unauthorized attempts to add administrator accounts to a Solaris AnswerBook2 host.	#Rule Description
..Z 20001	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*HTTP_AnswerBook2_AddAdmin*	#Regular text
....Z 20002	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20003	#ID of the clause
.R HTTP_Lucent_Access_Kill	#Rule Definition
..D Detects the attempt to exploit a vulnerability in Lucent's Access Points IP Services Router that allows the remote rebooting of the router.	#Rule Description
..Z 20004	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*HTTP_Lucent_Access_Kill*	#Regular text
....Z 20005	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20006	#ID of the clause
.R HTTP_MS_Help_BO	#Rule Definition
..D Detects the attempt to exploit a vulnerability in Winhelp that allows the remote execution of arbitrary code on a remote system.	#Rule Description
..Z 20007	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*HTTP_MS_Help_BO*	#Regular text
....Z 20008	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20009	#ID of the clause
.R SNMP_Avaya_Community_String	#Rule Definition
..D Detects the attempt to exploit a vulnerability in some Avaya series hardware that allows remote administration.	#Rule Description
..Z 20010	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*SNMP_Avaya_Community_String*	#Regular text
....Z 20011	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20012	#ID of the clause
.R TELNET_Solaris_BO	#Rule Definition
..D Detects the attempt to exploit a vulnerability which allows visitors to gain root access, due to an exploitable buffer overflow.	#Rule Description
..Z 20013	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*TELNET_Solaris_BO*	#Regular text
....Z 20014	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20015	#ID of the clause
.R TFTP_Cisco_Filename_BO	#Rule Definition
..D Detects the attempt to exploit a vulnerability which allows a denial of service and potential code execution, due to a buffer overflow in the TFTP service.	#Rule Description
..Z 20016	#Rule ID
..V 90	#Rule Value
..S	#Select Clause(s)
...G System Message	#System Message
....T *NetProwler*TFTP_Cisco_Filename_BO*	#Regular text
....Z 20017	#ID of the clause
..A	#Action Clause(s)
...E Record to Event Viewer	#Record Event
....Z 20018	#ID of the clause