Note: Columns 1 and 2 are from Bell thesis, column 3 is NIST determination of the number of parameter values required to trigger the event. For example, if the event is triggered by P1 = x AND P2 = y AND p3 = z, then an interaction of three parameter values is required; but for (P1 = x AND P2 = y) OR p3 = z, a single value will trigger it (p3 = z). This tutorial has more on analyzing parameter values in interactions. | ||
---|---|---|
Test # | Test values (format parameter.value) | Interactions |
101 | Service.HTTP <AND> HTTP Query Types.Send Request with exec <AND> FileName Presence.Exists |
3 |
102 | Web Administration Interface.Enable <AND> Service.HTTP <AND> HTTP URL Extra.Question Mark |
3 |
103 | HTTP Query Types.Request with exec <AND> HTTP URL Extra.NUMBER |
2 |
104 | ((Enable Password.Enable <AND> Password Types.Default) <OR> (Enable Password.Enable <AND> Password Types.Blank) <OR> (Enable Password.Enable <AND> Password Types.Missing)) <AND> ((Enable Password.Disable <AND> Password Types.Default) <OR> (Enable Password.Disable <AND> Password Types.Blank) <OR> (Enable Password.Disable <AND> Password Types.Missing)) |
2 |
105 | ACL Number of Lines.Exactly 448 <AND> ACL Last Statement.Is not deny ip any any |
2 |
106 | Packet Types.ICMP <AND> Number Packet Type Requests.Many <AND> ICMP State.Unreachable |
3 |
107 | none | |
108 | ACL Keywords.established | 1 |
109 | ACL Keywords.tacacs <OR> ACL Keywords.tacacs |
1 |
110 | none | |
111 | Protocol.TCP <AND> TCP Seqnum.Statistically Generated <AND> Number Packet Type Requests.Many |
3 |
112 | (Protocol.TCP <AND> Ports.3100 to 3199) <AND> [OR?] (Protocol.TCP <AND> Ports.5100 to 5999) <AND> [OR?] (Protocol.TCP <AND> Ports.7100 to 7999) <AND> (Protocol.TCP <AND> Ports.10100 to 10999) |
2? |
113 | Service.Telnet <AND> (<NOT> (User Name Types.Correct <AND> Password Types.Correct) |
2 |
114 | Packet Types.PPTP <AND> Packet Form.Malformed <AND> Ports.1723 |
3 |
115 | Ports.NotSTP <AND> Frame Types.802.1x |
2 |
116 | Service.Telnet | 1 |
117 | Protocol.NTP <AND> NTP Query Argument.Readvar <AND> NTP Argument Length.Long |
3 |
118 | Cisco Express Forwarding.Enable <AND> MAC Address.Shorter <AND> IP Layer Length.Normal |
3 |
119 | Packet Types.ARP <AND> ARP Types.Request <AND> ARP Num of Requests.Many <AND> MAC Address Type.Different <AND> Number Packet Type Requests.Many |
5 |
120 | Protocol.Other | 1 |
121 | Service.Telnet <AND> Ports.23 <AND> Telnet Options.Are You There AYT |
3 |
122 | ||
123 | HTTP Query Types.One Character | 1 |
124 | (Telnet Access.Enable <AND> User Name Types.Invalid) <AND> (Telnet Acess.Enable <AND> Password Types.Invalid) |
4 |
125 | Protocol.TFTP <AND> 8/15/2003 Filename Length.More Than 700 Byes |
2 |
126 | Packet Types.OSPF <AND> Packet Form.Malformed <AND> OSPF Request Types.Annouce 256 |
3 |
127 | Service.HTTP <AND> HTTP Request Length.Long |
2 |
128 | Group Accounts.Access Granted <AND> User Accounts.Access Denied |
2 |
129 | Service.HTTP <AND> HTTP Request Length.Long |
2 |
130 | Service Request.Incorrect <AND> (Service.HTTP <OR> Service.SSH <OR> Service.FTP ) |
1 |
131 | (Number of Login Attempts.Many <AND> Service.SSL) <OR> (Number of Login Attempts.Many <AND> Service.Telnet) |
2 |
132 | Group Accounts.Access Granted <AND> User Accounts.Access Denied <AND> Packet Types.PPTP <AND> Client Encryption.No |
4 |
133 | HTTP Tasks.View Source | 1 |
134 | Service.HTTP <AND> 9/4/2002 (User Name Types.Long <OR> Password Types.Long) |
2 |
135 | HTTP Tasks.View Source | 1 |
136 | Encryption.Enable <AND> Client Encryption.No |
2 |
137 | Network Validity.Invalid <AND> Protocol.TCP |
2 |
138 | (Packet Form.Malformed <AND> Packet Types.ISAKMP) <OR> (Packet Form.Large <AND> Packet Types.ISAKMP) |
2 |
139 | Service.HTTP <AND> IP Routing.Disable <AND> HTTP Query Types.Long Request <AND> Gateway Existence.Does Not Exist |
4 |
140 | Packet Form.Malformed <AND> Packet Types.SIP |
2 |
141 | SSH Options.Large <AND> SSH Support.Enable |
2 |
142 | Packet Types.SSH <AND> SSH Options.Large Packet <AND> SSH Support.Enable |
3 |
143 | Packet Form.Malformed <AND> Packet Length Specifiers.Incorrect <AND> Test Suite.SSHredder |
3 |
144 | Password Types.Null | 1 |
145 | (Service.HTTP <AND> User Name Types.Long) <OR> (Service.HTTP <AND> Password Types.Long) |
2 |
146 | (Packet Form.Malformed <AND> Packet Types.SSH <AND> IPsec over TCP.Enable) <OR> (Number of Login Attempts.Many <AND> Packet Form.Malformed <AND> Packet Types.ICMP <AND> IPSec over TCP.Enable) |
3 |
147 | Packet Form.Malformed <AND> PacketTypes.Response Time Responder <AND> Port.1967 <AND> RTR Responder.Enable |
4 |
148 | (Protocol.SWIPE 53 <AND> TTL.1) <OR> (Protocol.Swipe 53 <AND> TTL.0) <AND> (Protocol.IP Mobility 55 <AND> TTL.1) <OR> (Protocol.IP Mobility 55 <AND> TTL.0) <AND> (Protocol.Sun ND 77 <AND> TTL.1) <OR> (Protocol.Sun ND 77 <AND> TTL.0) <AND> (Protocol.PIM 103 <AND> TTL.1) <OR> (Protocol.PIM 103 <AND> TTL.0) |
2 |
149 | Ports.1720 <AND> Implement Test Suite.PROTOS | 2 |
150 | Packet Inconsistency.Layer 2 Frame Length Mismatch <AND> Switch Type.Software |
2 |
151 | Packet Types.IKE <AND> Packet Form.Malformed |
2 |
152 | TCP ACK.Invalid Handshake | 1 |