Sourcefire VRT Rules Update

Date: 2007-06-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.2.

The format of the file is:

sid - Message (rule group)

New rules:
11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
11948 <-> SPYWARE-PUT Hijacker snap toolbar runtime detection - cookie (spyware-put.rules)
11949 <-> BACKDOOR lame rat v1.0 runtime detection (backdoor.rules)
11950 <-> BACKDOOR killav_gj (backdoor.rules)
11951 <-> BACKDOOR winshadow runtime detection - init connection request (backdoor.rules)
11952 <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules)
11953 <-> BACKDOOR supervisor plus runtime detection (backdoor.rules)
11954 <-> BACKDOOR supervisor plus runtime detection (backdoor.rules)
11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
11957 <-> NETBIOS-DG SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
11958 <-> NETBIOS-DG SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
11963 <-> NETBIOS-DG SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
11964 <-> NETBIOS-DG SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
11965 <-> WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (web-misc.rules)

Updated rules:
 104 <-> DELETED BACKDOOR - Dagger_1.4.0_client_connect (deleted.rules)
 120 <-> DELETED BACKDOOR Infector 1.6 Server to Client (deleted.rules)
 153 <-> DELETED BACKDOOR DonaldDick 1.53 Traffic (deleted.rules)
 155 <-> DELETED BACKDOOR NetSphere 1.31.337 access (deleted.rules)
 159 <-> DELETED BACKDOOR NetMetro File List (deleted.rules)
 282 <-> DELETED DOS arkiea backup (deleted.rules)
 537 <-> DELETED NETBIOS SMB IPC$ share access (deleted.rules)
 538 <-> DELETED NETBIOS SMB IPC$ unicode share access (deleted.rules)
 674 <-> DELETED MS-SQL xp_displayparamstmt possible buffer overflow (deleted.rules)
 675 <-> DELETED MS-SQL xp_setsqlsecurity possible buffer overflow (deleted.rules)
 682 <-> DELETED MS-SQL xp_enumresultset possible buffer overflow (deleted.rules)
 690 <-> DELETED MS-SQL/SMB xp_printstatements possible buffer overflow (deleted.rules)
 696 <-> DELETED MS-SQL/SMB xp_showcolv possible buffer overflow (deleted.rules)
 697 <-> DELETED MS-SQL/SMB xp_peekqueue possible buffer overflow (deleted.rules)
 698 <-> DELETED MS-SQL/SMB xp_proxiedmetadata possible buffer overflow (deleted.rules)
 699 <-> DELETED MS-SQL xp_printstatements possible buffer overflow (deleted.rules)
 700 <-> DELETED MS-SQL/SMB xp_updatecolvbm possible buffer overflow (deleted.rules)
 701 <-> DELETED MS-SQL xp_updatecolvbm possible buffer overflow (deleted.rules)
 702 <-> DELETED MS-SQL/SMB xp_displayparamstmt possible buffer overflow (deleted.rules)
 703 <-> DELETED MS-SQL/SMB xp_setsqlsecurity possible buffer overflow (deleted.rules)
 705 <-> DELETED MS-SQL xp_showcolv possible buffer overflow (deleted.rules)
 706 <-> DELETED MS-SQL xp_peekqueue possible buffer overflow (deleted.rules)
 707 <-> DELETED MS-SQL xp_proxiedmetadata possible buffer overflow (deleted.rules)
 708 <-> DELETED MS-SQL/SMB xp_enumresultset possible buffer overflow (deleted.rules)
 830 <-> DELETED WEB-CGI NPH-publish access (deleted.rules)
 841 <-> DELETED WEB-CGI pfdisplay.cgi access (deleted.rules)
 873 <-> WEB-CGI scriptalias access (web-cgi.rules)
 915 <-> WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules)
 972 <-> DELETED WEB-IIS %2E-asp access (deleted.rules)
1029 <-> WEB-IIS scripts-browse access (web-iis.rules)
1104 <-> DELETED WEB-MISC whisker space splice attack (deleted.rules)
1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules)
1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules)
1288 <-> WEB-FRONTPAGE /_vti_bin/ access (web-frontpage.rules)
1479 <-> WEB-CGI ttawebtop.cgi arbitrary file attempt (web-cgi.rules)
1524 <-> WEB-MISC AxisStorpoint CD attempt (web-misc.rules)
1632 <-> DELETED CHAT AIM send message (deleted.rules)
1748 <-> DELETED FTP command overflow attempt (deleted.rules)
1801 <-> DELETED WEB-IIS .asp HTTP header buffer overflow attempt (deleted.rules)
2101 <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
2103 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
2251 <-> DELETED NETBIOS DCERPC Remote Activation bind attempt (deleted.rules)
2308 <-> DELETED NETBIOS SMB DCERPC Workstation Service unicode bind attempt (deleted.rules)
2309 <-> DELETED NETBIOS SMB DCERPC Workstation Service bind attempt (deleted.rules)
2310 <-> DELETED NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt (deleted.rules)
2311 <-> DELETED NETBIOS SMB-DS DCERPC Workstation Service bind attempt (deleted.rules)
2315 <-> DELETED NETBIOS DCERPC Workstation Service direct service bind attempt (deleted.rules)
2316 <-> DELETED NETBIOS DCERPC Workstation Service direct service access attempt (deleted.rules)
2465 <-> DELETED NETBIOS-DG SMB IPC$ share access (deleted.rules)
2466 <-> DELETED NETBIOS-DG SMB IPC$ unicode share access (deleted.rules)
2500 <-> DELETED POP3 SSLv3 invalid data version attempt (deleted.rules)
2532 <-> DELETED POP3 SSLv3 Client_Hello request (deleted.rules)
2533 <-> DELETED POP3 SSLv3 Server_Hello request (deleted.rules)
2534 <-> DELETED POP3 SSLv3 invalid Client_Hello attempt (deleted.rules)
2622 <-> DELETED ORACLE dbms_repcat_utl.drop_an_object buffer overflow attempt (deleted.rules)
2623 <-> DELETED ORACLE dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt (deleted.rules)
2631 <-> DELETED ORACLE dbms_repcat.refresh_mview_repgroup buffer overflow attempt (deleted.rules)
2635 <-> DELETED ORACLE dbms_offline_snapshot.end_load buffer overflow attempt (deleted.rules)
2647 <-> DELETED ORACLE dbms_repcat_instantiate.instantiate_online buffer overflow attempt (deleted.rules)
2676 <-> DELETED ORACLE dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt (deleted.rules)
2700 <-> DELETED ORACLE numtoyminterval buffer overflow attempt (deleted.rules)
2710 <-> DELETED ORACLE dbms_offline_og.begin_load buffer overflow attempt (deleted.rules)
2952 <-> DELETED NETBIOS SMB-DS IPC$ share access (deleted.rules)
2953 <-> DELETED NETBIOS SMB-DS IPC$ unicode share access (deleted.rules)
2954 <-> DELETED NETBIOS SMB IPC$ andx share access (deleted.rules)
2955 <-> DELETED NETBIOS SMB IPC$ unicode andx share access (deleted.rules)
3017 <-> EXPLOIT WINS overflow attempt (exploit.rules)
3272 <-> DELETED BACKDOOR mydoom.a backdoor upload/execute attempt (deleted.rules)
3505 <-> DELETED POP3 SSLv2 Client_Hello request (deleted.rules)
3506 <-> DELETED POP3 SSLv2 Client_Hello with pad request (deleted.rules)
3507 <-> DELETED POP3 TLSv1 Client_Hello request (deleted.rules)
3508 <-> DELETED POP3 TLSv1 Client_Hello via SSLv2 handshake request (deleted.rules)
3509 <-> DELETED POP3 SSLv2 Server_Hello request (deleted.rules)
3510 <-> DELETED POP3 TLSv1 Server_Hello request (deleted.rules)
3684 <-> DELETED WEB-CLIENT Bitmap Transfer (deleted.rules)
3697 <-> NETBIOS DCERPC DIRECT veritas alter context attempt (netbios.rules)
3698 <-> NETBIOS DCERPC DIRECT veritas little endian alter context attempt (netbios.rules)
3699 <-> NETBIOS DCERPC DIRECT veritas bind attempt (netbios.rules)
3700 <-> NETBIOS DCERPC DIRECT veritas little endian bind attempt (netbios.rules)
5716 <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
5717 <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
5718 <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
5719 <-> NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules)
5720 <-> NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
5721 <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5722 <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5723 <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
5724 <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5725 <-> NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5726 <-> NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5727 <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
5728 <-> NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules)
5729 <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
5730 <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
5731 <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
5732 <-> NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules)
5733 <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
5734 <-> NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules)
5735 <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
5736 <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
5737 <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)
5738 <-> NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
5856 <-> DELETED SPYWARE-PUT Hijacker funbuddyicons runtime detection - funwebproducts user-agent string (deleted.rules)
5869 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 1 (deleted.rules)
5870 <-> DELETED SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - download request 2 (deleted.rules)
5912 <-> DELETED SPYWARE-PUT Hijacker webcrawler runtime detection (deleted.rules)
6032 <-> DELETED BACKDOOR fkwp 2.0 runtime detection - conn success-cts (deleted.rules)
6038 <-> DELETED BACKDOOR netbus 1.7 runtime detection - initial connection (deleted.rules)
6067 <-> DELETED BACKDOOR optixlite 1.0 runtime detection - conn failure-cts (deleted.rules)
6135 <-> DELETED BACKDOOR clindestine 1.0 icq notification of server installation (deleted.rules)
6158 <-> DELETED BACKDOOR satanz Backdoor runtime detection (deleted.rules)
6162 <-> DELETED BACKDOOR netsphere v1.31.337 final runtime detection (deleted.rules)
6163 <-> DELETED BACKDOOR gate crahser v1.2 runtime detection (deleted.rules)
6210 <-> DELETED SPYWARE-PUT Adware deskwizz runtime detection - ad banner (deleted.rules)
6229 <-> DELETED SPYWARE-PUT Adware exact.bargainbuddy runtime detection - adp ads (deleted.rules)
6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules)
6235 <-> DELETED SPYWARE-PUT Adware spoton runtime detection (deleted.rules)
6262 <-> DELETED SPYWARE-PUT Hijacker gigatech superbar runtime detection - hijack ie auto search (deleted.rules)
6272 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - initial connection (deleted.rules)
6273 <-> DELETED SPYWARE-PUT Adware bundleware ds3 runtime detection - pop-up retreival (deleted.rules)
6277 <-> DELETED SPYWARE-PUT Hijacker navexcel runtime detection (deleted.rules)
6369 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .dll (deleted.rules)
6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules)
6393 <-> DELETED SPYWARE-PUT Hijacker zeropopup runtime detection - button search (deleted.rules)
6519 <-> DELETED WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (deleted.rules)
7056 <-> DELETED BACKDOOR amanda 2.0 runtime detection - initial connection (deleted.rules)
7062 <-> DELETED BACKDOOR charon runtime detection - download log flowbit 2 (deleted.rules)
7063 <-> DELETED BACKDOOR charon runtime detection - download log (deleted.rules)
7092 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection (deleted.rules)
7093 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection - init connectiion (deleted.rules)
7094 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection (deleted.rules)
7095 <-> DELETED BACKDOOR uprising screen control 1.0 runtime detection - begin capture (deleted.rules)
7100 <-> DELETED BACKDOOR mass connect 1.1 runtime detection - http (deleted.rules)
7109 <-> DELETED BACKDOOR vampire runtime detection (deleted.rules)
7110 <-> DELETED BACKDOOR vampire runtime detection (deleted.rules)
7117 <-> DELETED BACKDOOR y3k 1.2 runtime detection - icq notification (deleted.rules)
7131 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - tracking (deleted.rules)
7132 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 1 (deleted.rules)
7133 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - advertising 2 (deleted.rules)
7134 <-> DELETED SPYWARE-PUT Hijacker wowok mp3 bar runtime detection - search assissant hijacking (deleted.rules)
7170 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7171 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7172 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7173 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7174 <-> DELETED SPYWARE-PUT Keylogger ab system spy runtime detection - info update (deleted.rules)
7181 <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules)
7182 <-> DELETED SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - info request (deleted.rules)
7555 <-> DELETED SPYWARE-PUT Adware hxdl runtime detection - crypt user-agent (deleted.rules)
7666 <-> DELETED BACKDOOR screen control 1.0 runtime detection - capture on port 2208 - flowbit set (deleted.rules)
7779 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 1 (deleted.rules)
7780 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection - flowbit set 2 (deleted.rules)
7781 <-> DELETED BACKDOOR net devil 1.4 runtime detection - initial connection (deleted.rules)
7960 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7961 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7962 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7963 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7964 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7965 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7966 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7967 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7968 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7969 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
8447 <-> DELETED WEB-CLIENT Open document file transfer attempt (deleted.rules)
10106 <-> DELETED BACKDOOR icmp cmd 1.0 runtime detection - download file (deleted.rules)
10668 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10670 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10671 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10673 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10674 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10675 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10676 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10677 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10678 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10680 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10681 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10682 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10683 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10684 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10685 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10687 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10689 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10691 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10692 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10693 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10694 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10695 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10696 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10697 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10794 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns alter context attempt (deleted.rules)
10795 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns alter context attempt (deleted.rules)
10796 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian alter context attempt (deleted.rules)
10797 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns alter context attempt (deleted.rules)
10798 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian alter context attempt (deleted.rules)
10799 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian alter context attempt (deleted.rules)
10800 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns little endian alter context attempt (deleted.rules)
10801 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns alter context attempt (deleted.rules)
10802 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns bind attempt (deleted.rules)
10803 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns bind attempt (deleted.rules)
10804 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian bind attempt (deleted.rules)
10805 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns bind attempt (deleted.rules)
10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules)
10807 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian bind attempt (deleted.rules)
10808 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns little endian bind attempt (deleted.rules)
10809 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns bind attempt (deleted.rules)
10954 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10955 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10956 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10957 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10958 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10959 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10960 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10961 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10962 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10963 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10964 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10965 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10966 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10967 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10968 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10969 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10970 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10971 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10972 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10973 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10974 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10975 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10976 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10977 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules)
11622 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid access (web-client.rules)
11623 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid unicode access (web-client.rules)
11818 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid access (web-client.rules)
11819 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid unicode access (web-client.rules)
11820 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call access (web-client.rules)
11821 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call unicode access (web-client.rules)
11822 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid access (web-client.rules)
11823 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid unicode access (web-client.rules)
11824 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call access (web-client.rules)
11825 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call unicode access (web-client.rules)