Sourcefire VRT Rules Update
Date: 2007-06-19
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.2.
The format of the file is:
sid - Message (rule group)
New rules: 11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) 11948 <-> SPYWARE-PUT Hijacker snap toolbar runtime detection - cookie (spyware-put.rules) 11949 <-> BACKDOOR lame rat v1.0 runtime detection (backdoor.rules) 11950 <-> BACKDOOR killav_gj (backdoor.rules) 11951 <-> BACKDOOR winshadow runtime detection - init connection request (backdoor.rules) 11952 <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules) 11953 <-> BACKDOOR supervisor plus runtime detection (backdoor.rules) 11954 <-> BACKDOOR supervisor plus runtime detection (backdoor.rules) 11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) 11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) 11957 <-> NETBIOS-DG SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) 11958 <-> NETBIOS-DG SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) 11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) 11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) 11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) 11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) 11963 <-> NETBIOS-DG SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) 11964 <-> NETBIOS-DG SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) 11965 <-> WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (web-misc.rules) Updated rules: 104 <-> DELETED BACKDOOR - Dagger_1.4.0_client_connect (deleted.rules) 120 <-> DELETED BACKDOOR Infector 1.6 Server to Client (deleted.rules) 153 <-> DELETED BACKDOOR DonaldDick 1.53 Traffic (deleted.rules) 155 <-> DELETED BACKDOOR NetSphere 1.31.337 access (deleted.rules) 159 <-> DELETED BACKDOOR NetMetro File List (deleted.rules) 282 <-> DELETED DOS arkiea backup (deleted.rules) 537 <-> DELETED NETBIOS SMB IPC$ share access (deleted.rules) 538 <-> DELETED NETBIOS SMB IPC$ unicode share access (deleted.rules) 674 <-> DELETED MS-SQL xp_displayparamstmt possible buffer overflow (deleted.rules) 675 <-> DELETED MS-SQL xp_setsqlsecurity possible buffer overflow (deleted.rules) 682 <-> DELETED MS-SQL xp_enumresultset possible buffer overflow (deleted.rules) 690 <-> DELETED MS-SQL/SMB xp_printstatements possible buffer overflow (deleted.rules) 696 <-> DELETED MS-SQL/SMB xp_showcolv possible buffer overflow (deleted.rules) 697 <-> DELETED MS-SQL/SMB xp_peekqueue possible buffer overflow (deleted.rules) 698 <-> DELETED MS-SQL/SMB xp_proxiedmetadata possible buffer overflow (deleted.rules) 699 <-> DELETED MS-SQL xp_printstatements possible buffer overflow (deleted.rules) 700 <-> DELETED MS-SQL/SMB xp_updatecolvbm possible buffer overflow (deleted.rules) 701 <-> DELETED MS-SQL xp_updatecolvbm possible buffer overflow (deleted.rules) 702 <-> DELETED MS-SQL/SMB xp_displayparamstmt possible buffer overflow (deleted.rules) 703 <-> DELETED MS-SQL/SMB xp_setsqlsecurity possible buffer overflow (deleted.rules) 705 <-> DELETED MS-SQL xp_showcolv possible buffer overflow (deleted.rules) 706 <-> DELETED MS-SQL xp_peekqueue possible buffer overflow (deleted.rules) 707 <-> DELETED MS-SQL xp_proxiedmetadata possible buffer overflow (deleted.rules) 708 <-> DELETED MS-SQL/SMB xp_enumresultset possible buffer overflow (deleted.rules) 830 <-> DELETED WEB-CGI NPH-publish access (deleted.rules) 841 <-> DELETED WEB-CGI pfdisplay.cgi access (deleted.rules) 873 <-> WEB-CGI scriptalias access (web-cgi.rules) 915 <-> WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules) 972 <-> DELETED WEB-IIS %2E-asp access (deleted.rules) 1029 <-> WEB-IIS scripts-browse access (web-iis.rules) 1104 <-> DELETED WEB-MISC whisker space splice attack (deleted.rules) 1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules) 1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules) 1288 <-> WEB-FRONTPAGE /_vti_bin/ access (web-frontpage.rules) 1479 <-> WEB-CGI ttawebtop.cgi arbitrary file attempt (web-cgi.rules) 1524 <-> WEB-MISC AxisStorpoint CD attempt (web-misc.rules) 1632 <-> DELETED CHAT AIM send message (deleted.rules) 1748 <-> DELETED FTP command overflow attempt (deleted.rules) 1801 <-> DELETED WEB-IIS .asp HTTP header buffer overflow attempt (deleted.rules) 2101 <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules) 2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) 2251 <-> DELETED NETBIOS DCERPC Remote Activation bind attempt (deleted.rules) 2308 <-> DELETED NETBIOS SMB DCERPC Workstation Service unicode bind attempt (deleted.rules) 2309 <-> DELETED NETBIOS SMB DCERPC Workstation Service bind attempt (deleted.rules) 2310 <-> DELETED NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt (deleted.rules) 2311 <-> DELETED NETBIOS SMB-DS DCERPC Workstation Service bind attempt (deleted.rules) 2315 <-> DELETED NETBIOS DCERPC Workstation Service direct service bind attempt (deleted.rules) 2316 <-> DELETED NETBIOS DCERPC Workstation Service direct service access attempt (deleted.rules) 2465 <-> DELETED NETBIOS-DG SMB IPC$ share access (deleted.rules) 2466 <-> DELETED NETBIOS-DG SMB IPC$ unicode share access (deleted.rules) 2500 <-> DELETED POP3 SSLv3 invalid data version attempt (deleted.rules) 2532 <-> DELETED POP3 SSLv3 Client_Hello request (deleted.rules) 2533 <-> DELETED POP3 SSLv3 Server_Hello request (deleted.rules) 2534 <-> DELETED POP3 SSLv3 invalid Client_Hello attempt (deleted.rules) 2622 <-> DELETED ORACLE dbms_repcat_utl.drop_an_object buffer overflow attempt (deleted.rules) 2623 <-> DELETED ORACLE dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt (deleted.rules) 2631 <-> DELETED ORACLE dbms_repcat.refresh_mview_repgroup buffer overflow attempt (deleted.rules) 2635 <-> DELETED ORACLE dbms_offline_snapshot.end_load buffer overflow attempt (deleted.rules) 2647 <-> DELETED ORACLE dbms_repcat_instantiate.instantiate_online buffer overflow attempt (deleted.rules) 2676 <-> DELETED ORACLE dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt (deleted.rules) 2700 <-> DELETED ORACLE numtoyminterval buffer overflow attempt (deleted.rules) 2710 <-> DELETED ORACLE dbms_offline_og.begin_load buffer overflow attempt (deleted.rules) 2952 <-> DELETED NETBIOS SMB-DS IPC$ share access (deleted.rules) 2953 <-> DELETED NETBIOS SMB-DS IPC$ unicode share access (deleted.rules) 2954 <-> DELETED NETBIOS SMB IPC$ andx share access (deleted.rules) 2955 <-> DELETED NETBIOS SMB IPC$ unicode andx share access (deleted.rules) 3017 <-> EXPLOIT WINS overflow attempt (exploit.rules) 3272 <-> DELETED BACKDOOR mydoom.a backdoor upload/execute attempt (deleted.rules) 3505 <-> DELETED POP3 SSLv2 Client_Hello request (deleted.rules) 3506 <-> DELETED POP3 SSLv2 Client_Hello with pad request (deleted.rules) 3507 <-> DELETED POP3 TLSv1 Client_Hello request (deleted.rules) 3508 <-> DELETED POP3 TLSv1 Client_Hello via SSLv2 handshake request (deleted.rules) 3509 <-> DELETED POP3 SSLv2 Server_Hello request (deleted.rules) 3510 <-> DELETED POP3 TLSv1 Server_Hello request (deleted.rules) 3684 <-> DELETED WEB-CLIENT Bitmap Transfer (deleted.rules) 3697 <-> NETBIOS DCERPC DIRECT veritas alter context attempt (netbios.rules) 3698 <-> NETBIOS DCERPC DIRECT veritas little endian alter context attempt (netbios.rules) 3699 <-> NETBIOS DCERPC DIRECT veritas bind attempt (netbios.rules) 3700 <-> NETBIOS DCERPC DIRECT veritas little endian bind attempt (netbios.rules) 5716 <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules) 5717 <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules) 5718 <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules) 5719 <-> NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules) 5720 <-> NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules) 5721 <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules) 5722 <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5723 <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules) 5724 <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5725 <-> NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules) 5726 <-> NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5727 <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules) 5728 <-> NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules) 5729 <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules) 5730 <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules) 5731 <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules) 5732 <-> NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules) 5733 <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules) 5734 <-> NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules) 5735 <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules) 5736 <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules) 5737 <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules) 5738 <-> NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules) 5856 <-> DELETED SPYWARE-PUT Hijacker funbuddyicons runtime detection - funwebproducts user-agent string (deleted.rules) 5869 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (deleted.rules) 5870 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (deleted.rules) 5912 <-> DELETED SPYWARE-PUT Hijacker webcrawler runtime detection (deleted.rules) 6032 <-> DELETED BACKDOOR fkwp 2.0 runtime detection - conn success-cts (deleted.rules) 6038 <-> DELETED BACKDOOR netbus 1.7 runtime detection - initial connection (deleted.rules) 6067 <-> DELETED BACKDOOR optixlite 1.0 runtime detection - conn failure-cts (deleted.rules) 6135 <-> DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules) 6158 <-> DELETED BACKDOOR satanz Backdoor runtime detection (deleted.rules) 6162 <-> DELETED BACKDOOR netsphere v1.31.337 final runtime detection (deleted.rules) 6163 <-> DELETED BACKDOOR gate crahser v1.2 runtime detection (deleted.rules) 6210 <-> DELETED SPYWARE-PUT Adware deskwizz runtime detection - ad banner (deleted.rules) 6229 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules) 6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules) 6235 <-> DELETED SPYWARE-PUT Adware spoton runtime detection (deleted.rules) 6262 <-> DELETED SPYWARE-PUT Hijacker gigatech superbar runtime detection - hijack ie auto search (deleted.rules) 6272 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - initial connection (deleted.rules) 6273 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - pop-up retreival (deleted.rules) 6277 <-> DELETED SPYWARE-PUT Hijacker navexcel runtime detection (deleted.rules) 6369 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .dll (deleted.rules) 6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules) 6393 <-> DELETED SPYWARE-PUT Hijacker zeropopup runtime detection - button search (deleted.rules) 6519 <-> DELETED WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (deleted.rules) 7056 <-> DELETED BACKDOOR amanda 2.0 runtime detection - initial connection (deleted.rules) 7062 <-> DELETED BACKDOOR charon runtime detection - download log flowbit 2 (deleted.rules) 7063 <-> DELETED BACKDOOR charon runtime detection - download log (deleted.rules) 7092 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection (deleted.rules) 7093 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection - init connectiion (deleted.rules) 7094 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection (deleted.rules) 7095 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection - begin capture (deleted.rules) 7100 <-> DELETED BACKDOOR mass connect 1.1 runtime detection - http (deleted.rules) 7109 <-> DELETED BACKDOOR vampire runtime detection (deleted.rules) 7110 <-> DELETED BACKDOOR vampire runtime detection (deleted.rules) 7117 <-> DELETED BACKDOOR y3k 1.2 runtime detection - icq notification (deleted.rules) 7131 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (deleted.rules) 7132 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (deleted.rules) 7133 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (deleted.rules) 7134 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (deleted.rules) 7170 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7171 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7172 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7173 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7174 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules) 7181 <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules) 7182 <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules) 7555 <-> DELETED SPYWARE-PUT Adware hxdl runtime detection - crypt user-agent (deleted.rules) 7666 <-> DELETED BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (deleted.rules) 7779 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (deleted.rules) 7780 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (deleted.rules) 7781 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection (deleted.rules) 7960 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7961 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7962 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7963 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7964 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7965 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7966 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7967 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7968 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7969 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 8447 <-> DELETED WEB-CLIENT Open document file transfer attempt (deleted.rules) 10106 <-> DELETED BACKDOOR icmp cmd 1.0 runtime detection - download file (deleted.rules) 10668 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10670 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10671 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10673 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10674 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10675 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10676 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10677 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10678 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10680 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10681 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10682 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10683 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10684 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10685 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10687 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10689 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10691 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10692 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10693 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10694 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10695 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10696 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10697 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10794 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns alter context attempt (deleted.rules) 10795 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns alter context attempt (deleted.rules) 10796 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian alter context attempt (deleted.rules) 10797 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns alter context attempt (deleted.rules) 10798 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian alter context attempt (deleted.rules) 10799 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian alter context attempt (deleted.rules) 10800 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns little endian alter context attempt (deleted.rules) 10801 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns alter context attempt (deleted.rules) 10802 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns bind attempt (deleted.rules) 10803 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns bind attempt (deleted.rules) 10804 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian bind attempt (deleted.rules) 10805 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns bind attempt (deleted.rules) 10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules) 10807 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian bind attempt (deleted.rules) 10808 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns little endian bind attempt (deleted.rules) 10809 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns bind attempt (deleted.rules) 10954 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10955 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10956 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10957 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10958 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10959 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10960 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10961 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10962 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10963 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10964 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10965 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10966 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10967 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10968 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10969 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10970 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10971 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10972 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10973 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10974 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10975 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10976 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10977 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules) 11622 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid access (web-client.rules) 11623 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid unicode access (web-client.rules) 11818 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid access (web-client.rules) 11819 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid unicode access (web-client.rules) 11820 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call access (web-client.rules) 11821 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call unicode access (web-client.rules) 11822 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid access (web-client.rules) 11823 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid unicode access (web-client.rules) 11824 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call access (web-client.rules) 11825 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call unicode access (web-client.rules)
