-------------------------------------------------
Frag3
-------------------------------------------------

options                         description
--------------                  -----------
drop_ipoptions                  Drop inconsistent IP optionscd pr
drop_teardrop                   Drop Teardrop attack
drop_short_frag                 Drop short fragment, possible DOS
drop_anomaly_oversize           Drop packet after defragmented packet
drop_anomaly_zero               Drop zero byte fragmented packet
drop_anomaly_badsize_sm         Drop negative  size fragment
drop_anomaly_badsize_lg         Drop over sized fragment
drop_anomaly_ovlp               Drop fragmentation overlap
drop_ipv6_bsd_icmp_frag         Drop IPV6 BSD mbufs kernel overflow
drop_ipv6_bad_frag_pkt          Drop bogus fragmentation packet



-------------------------------------------------
Stream5
-------------------------------------------------

options                         description
--------------                  -----------
drop_syn_on_est                 Drop SYN on established packet
drop_data_on_syn                Drop data on SYN packet
drop_data_on_closed             Drop data sent on stream not accepting data
drop_bad_timestamp              Drop TCP Timestamp is outside of PAWS window
drop_bad_segment                Drop bad segment,overlap adjusted size <= 0
drop_window_too_large           Drop window size (after scaling) larger than policy allows
drop_excessive_tcp_overlaps     Drop when limit on the number of TCP packerts reached
drop_data_after_reset           Drop data after Reset packet



-------------------------------------------------
HTTP Inspect
-------------------------------------------------

options                         description
--------------                  -----------
drop_ascii                      Drop ASCII encoding
drop_double_decode              Drop double decoding attacks
drop_u_encode                   Drop U encoding
drop_bare_byte                  Drop bare byte unicode encoding
drop_base36                     Drop base36 encoding
drop_utf_8                      Drop utf-8 encoding
drop_iis_unicode                Drop IIS unicode codepoint encoding
drop_multi_slash                Drop multislash encoding
drop_iis_backslash              Drop IIS backslash evasion
drop_self_dir_trav              Drop self directory traversal
drop_apache_ws                  Drop apache whitspace
drop_iis_delimeter              Drop IIS non-rfc delimeter
drop_non_rfc_char               Drop non-rfc character
drop_oversize_dir               Drop oversize request URI directory
drop_large_chunk                Drop oversize chunk encoding
drop_proxy_use                  Drop detected proxy use
drop_webroot_dir                Drop webroot directory traversal



-------------------------------------------------
SMTP
-------------------------------------------------

options                         description
--------------                  -----------
drop_obsolete_types             Drop Obsolete DNS RR Types
drop_experimental_types         Drop Experimental DNS RR Types
drop_rdata_overflow             Drop DNS Client rdata txt Overflow



-------------------------------------------------
DNS
-------------------------------------------------

options                         description
--------------                  -----------
drop_obsolete_types             Drop Obsolete DNS RR Types
drop_experimental_types         Drop Experimental DNS RR Types
drop_rdata_overflow             Drop DNS Client rdata txt Overflow



-------------------------------------------------
FTP/Telnet
-------------------------------------------------

Telnet Configuration:
options                         description
--------------                  -----------
drop_encrypted_traffic          Drop encrypted traffic
drop_ayt_overflow               Drop consecutive TELNET AYT commands beyond set threshold
drop_sb_no_se                   Drop TELENT subnegotiation begin command without subnegotiation end


FTP Global Configuration:
options                         description
--------------                  -----------
drop_evasive_telnet_cmd         Drop evasive TELNET CMD's on FTP command channel
drop_encrypted_traffic          Drop encrypted FTP traffic


FTP Client Configuration:
options                         description
--------------                  -----------
drop_telnet_cmd                 Drop TELNET CMD on FTP Command Channel
drop_long_response_parameters   Drop FTP response message that are too long
drop_bounce_attempt             Drop FTP bounce attempts


FTP Server Configuration:
options                         description
--------------                  -----------
drop_telnet_cmd                 Drop TELNET CMD on FTP Command Channel
drop_invalid_cmd                Drop invalid FTP Command
drop_long_cmd_parameters        Drop FTP command parameters that are too long
drop_malformed_parameters       Drop FTP command parameters were malformed
drop_string_format_parameters   Drop FTP command parameters that contain potential string format



-------------------------------------------------
SSH
-------------------------------------------------

options                         description
--------------                  -----------
drop_gobbles                    Drop Gobbles exploit
drop_ssh1crc32                  Drop SSH1 CRC32 exploit
drop_srvoverflow                Drop server version string overflow
drop_protomismatch              Drop protocol mismatch
drop_badmsgdir                  Drop bad message direction
drop_paysize                    Drop payload size incorrect for the given payload
drop_recognition                Drop failure to detect SSH version string