Sourcefire VRT Rules Update
Date: 2007-09-17
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.3.
The format of the file is:
sid - Message (rule group)
Updated rules: 4637 <-> EXPLOIT MailEnable HTTPMail buffer overflow attempt (exploit.rules) New rules: 224 <-> DDOS Stacheldraht server spoof (ddos.rules) 225 <-> DDOS Stacheldraht gag server response (ddos.rules) 226 <-> DDOS Stacheldraht server response (ddos.rules) 227 <-> DDOS Stacheldraht client spoofworks (ddos.rules) 229 <-> DDOS Stacheldraht client check skillz (ddos.rules) 236 <-> DDOS Stacheldraht client check gag (ddos.rules) 237 <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules) 238 <-> DDOS TFN server response (ddos.rules) 243 <-> DDOS mstream agent to handler (ddos.rules) 244 <-> DDOS mstream handler to agent (ddos.rules) 245 <-> DDOS mstream handler ping to agent (ddos.rules) 246 <-> DDOS mstream agent pong to handler (ddos.rules) 247 <-> DDOS mstream client to handler (ddos.rules) 248 <-> DDOS mstream handler to client (ddos.rules) 250 <-> DDOS mstream handler to client (ddos.rules) 251 <-> DDOS - TFN client command LE (ddos.rules) 365 <-> ICMP PING undefined code (icmp-info.rules) 462 <-> ICMP unassigned type 7 (icmp-info.rules) 463 <-> ICMP unassigned type 7 undefined code (icmp-info.rules) 483 <-> ICMP PING CyberKit 2.2 Windows (icmp.rules) 484 <-> ICMP PING Sniffer Pro/NetXRay network scan (icmp.rules) 485 <-> ICMP Destination Unreachable Communication Administratively Prohibited (icmp.rules) 486 <-> ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp.rules) 487 <-> ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp.rules) 488 <-> INFO Connection Closed MSG from Port 80 (info.rules) 489 <-> INFO FTP no password (info.rules) 490 <-> INFO battle-mail traffic (info.rules) 491 <-> INFO FTP Bad login (info.rules) 492 <-> INFO TELNET login failed (info.rules) 493 <-> INFO psyBNC access (info.rules) 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules) 524 <-> BAD-TRAFFIC tcp port 0 traffic (bad-traffic.rules) 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules) 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules) 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules) 601 <-> RSERVICES rlogin LinuxNIS (rservices.rules) 602 <-> RSERVICES rlogin bin (rservices.rules) 603 <-> RSERVICES rlogin echo++ (rservices.rules) 604 <-> RSERVICES rsh froot (rservices.rules) 605 <-> RSERVICES rlogin login failure (rservices.rules) 606 <-> RSERVICES rlogin root (rservices.rules) 607 <-> RSERVICES rsh bin (rservices.rules) 608 <-> RSERVICES rsh echo + + (rservices.rules) 609 <-> RSERVICES rsh froot (rservices.rules) 610 <-> RSERVICES rsh root (rservices.rules) 611 <-> RSERVICES rlogin login failure (rservices.rules) 637 <-> SCAN Webtrends Scanner UDP Probe (scan.rules) 718 <-> INFO TELNET login incorrect (info.rules) 1133 <-> SCAN cybercop os probe (scan.rules) 1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules) 1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules) 1428 <-> MULTIMEDIA audio galaxy keepalive (multimedia.rules) 1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules) 1436 <-> MULTIMEDIA Quicktime User Agent access (multimedia.rules) 1437 <-> MULTIMEDIA Windows Media download (multimedia.rules) 1439 <-> MULTIMEDIA Shoutcast playlist redirection (multimedia.rules) 1440 <-> MULTIMEDIA Icecast playlist redirection (multimedia.rules) 1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules) 1629 <-> OTHER-IDS SecureNetPro traffic (other-ids.rules) 1638 <-> SCAN SSH Version map attempt (scan.rules) 1760 <-> OTHER-IDS ISS RealSecure 6 event collector connection attempt (other-ids.rules) 1761 <-> OTHER-IDS ISS RealSecure 6 daemon connection attempt (other-ids.rules) 1810 <-> ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE (attack-responses.rules) 1811 <-> ATTACK-RESPONSES successful gobbles ssh exploit uname (attack-responses.rules) 1813 <-> ICMP digital island bandwidth query (icmp.rules) 1854 <-> DDOS Stacheldraht handler->agent niggahbitch (ddos.rules) 1855 <-> DDOS Stacheldraht agent->handler skillz (ddos.rules) 1856 <-> DDOS Stacheldraht handler->agent ficken (ddos.rules) 1901 <-> ATTACK-RESPONSES successful kadmind buffer overflow attempt (attack-responses.rules) 1917 <-> SCAN UPnP service discover attempt (scan.rules) 1918 <-> SCAN SolarWinds IP scan attempt (scan.rules) 2104 <-> ATTACK-RESPONSES rexec username too long response (attack-responses.rules) 2113 <-> RSERVICES rexec username overflow attempt (rservices.rules) 2114 <-> RSERVICES rexec password overflow attempt (rservices.rules) 2123 <-> ATTACK-RESPONSES Microsoft cmd.exe banner (attack-responses.rules) 2180 <-> P2P BitTorrent announce request (p2p.rules) 2181 <-> P2P BitTorrent transfer (p2p.rules) 2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules) 2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules) 2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules) 2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules) 2412 <-> ATTACK-RESPONSES successful cross site scripting forced download attempt (attack-responses.rules) 2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules) 2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules) 2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules) 2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules) 2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules) 2586 <-> P2P eDonkey transfer (p2p.rules) 2587 <-> P2P eDonkey server response (p2p.rules) 2686 <-> ORACLE sys.dbms_rectifier_diff.differences buffer overflow attempt (oracle.rules) 2925 <-> INFO web bug 1x1 gif attempt (info.rules) 3459 <-> P2P Manolito Search Query (p2p.rules) 3626 <-> ICMP PATH MTU denial of service (icmp.rules) 3680 <-> P2P AOL Instant Messenger file send attempt (p2p.rules) 3681 <-> P2P AOL Instant Messenger file receive attempt (p2p.rules) 3691 <-> CHAT Yahoo Messenger Message (chat.rules) 5320 <-> VIRUS Possible Sober virus set one call home attempt (virus.rules) 5324 <-> VIRUS Possible Sober virus set two call home attempt (virus.rules) 5692 <-> P2P Skype client successful install (p2p.rules) 5693 <-> P2P Skype client start up get latest version attempt (p2p.rules) 5694 <-> P2P Skype client setup get newest version attempt (p2p.rules) 5998 <-> P2P Skype client login startup (p2p.rules) 5999 <-> P2P Skype client login (p2p.rules) 6182 <-> CHAT IRC channel notice (chat.rules) 6467 <-> CHAT jabber traffic detected (chat.rules) 6468 <-> CHAT jabber file transfer request (chat.rules) 8081 <-> SCAN UPnP service discover attempt (scan.rules) 10402 <-> SPECIFIC-THREATS Trojan.Duntek Data Report POST (specific-threats.rules) 10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules) 10511 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules) 11000 <-> ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (oracle.rules) 11175 <-> ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (oracle.rules) 11185 <-> DOS CA eTrust key handling dos -- username (dos.rules) 11186 <-> DOS CA eTrust key handling dos -- password (dos.rules) 11263 <-> DOS Apache mod_ssl non-SSL connection to SSL port denial of service attempt (dos.rules) 11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules) 11837 <-> SMTP MS Windows Mail UNC navigation remote command execution (smtp.rules) 11968 <-> VOIP-SIP Inbound INVITE Message (voip.rules) 11969 <-> VOIP-SIP Inbound 401 Unauthorized Message (voip.rules) 11970 <-> VOIP-SIP Cisco 7940/7960 INVITE Remote-Party-ID Denial of Service Attempt (voip.rules) 11972 <-> VOIP-SIP Max-Forwards Value Over 70 (voip.rules) 11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules) 11974 <-> VOIP-SIP Response Too Small (voip.rules) 11975 <-> VOIP-SIP Via Header Missing SIP Field (voip.rules) 11976 <-> VOIP-SIP Overflow In URI Type - SIP (voip.rules) 11977 <-> VOIP-SIP Overflow In URI Type - Tel (voip.rules) 11978 <-> VOIP-SIP From Header Field Buffer Overflow Attempt (voip.rules) 11979 <-> VOIP-SIP Oversized SDP Media Port (voip.rules) 11980 <-> VOIP-SIP SDP Attribute Possible Buffer Overflow Attempt (voip.rules) 11981 <-> VOIP-SIP MultiTech INVITE Field Buffer Overflow Attempt (voip.rules) 11982 <-> VOIP-SIP Recursive URL-Encoded Data In To Header (voip.rules) 11983 <-> VOIP-SIP SDP Negative Time Value (voip.rules) 11984 <-> VOIP-SIP SDP Oversized Time Value (voip.rules) 11985 <-> VOIP-SIP Expires Header Overflow Attempt (voip.rules) 11986 <-> VOIP-SIP Invalid Characters In Authorization Response Parameter (voip.rules) 11987 <-> VOIP-SIP Via Header Format String Attempt (voip.rules) 11988 <-> VOIP-SIP From Header Format String Attempt (voip.rules) 11989 <-> VOIP-SIP Call-ID Header Format String Attempt (voip.rules) 11990 <-> VOIP-SIP Contact Header Format String Attempt (voip.rules) 11991 <-> VOIP-SIP CSeq Header Format String Attempt (voip.rules) 11992 <-> VOIP-SIP Content-Type Header Format String Attempt (voip.rules) 11993 <-> VOIP-SIP Call-ID Header Invalid Characters Detected (voip.rules) 11994 <-> VOIP-SIP Contact Header Invalid Characters Detected (voip.rules) 11995 <-> VOIP-SIP Content-Type Header Invalid Characters Detected (voip.rules) 11996 <-> VOIP-SIP CSeq Header Invalid Characters Detected (voip.rules) 11997 <-> VOIP-SIP From Header Invalid Characters Detected (voip.rules) 11998 <-> VOIP-SIP To Header Invalid Characters Detected (voip.rules) 11999 <-> VOIP-SIP Via Header Invalid Characters Detected (voip.rules) 12000 <-> VOIP-SIP INVITE Invalid IP Address (voip.rules) 12001 <-> VOIP-SIP SDP Version Overflow Attempt (voip.rules) 12002 <-> VOIP-SIP BYE Flood (voip.rules) 12003 <-> VOIP-SIP CANCEL Flood (voip.rules) 12004 <-> VOIP-SIP INVITE Message Invalid Content-Length Size Of Zero (voip.rules) 12005 <-> VOIP-SIP Invalid SDP Connection Value (voip.rules) 12006 <-> VOIP-SIP Outbound INVITE Message (voip.rules) 12007 <-> VOIP-SIP Outbound 401 Unauthorized Message (voip.rules) 12008 <-> VOIP-SIP Request Too Small (voip.rules) 12009 <-> SQL Firebird SQL Fbserver Buffer Overflow (sql.rules) 12023 <-> DELETED WEB-CLIENT RealPlayer Helix G2 Control ActiveX clsid access (deleted.rules) 12027 <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) 12031 <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) 12032 <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) 12033 <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) 12034 <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) 12035 <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) 12036 <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) 12037 <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) 12038 <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) 12039 <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) 12040 <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) 12041 <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) 12042 <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) 12043 <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules) 12044 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules) 12045 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules) 12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules) 12061 <-> SIP Request Line Equal To Zero (voip.rules) 12067 <-> POLICY Outbound Teredo traffic detected (policy.rules) 12072 <-> VOIP-SIP Response code not three digits (voip.rules) 12073 <-> VOIP-SIP Inbound 100 Trying Message (voip.rules) 12074 <-> VOIP-SIP Outbound 100 Trying Message (voip.rules) 12076 <-> DOS Ipswitch WS_FTP log server long unicode string (dos.rules) 12082 <-> ORACLE Oracle 9i TNS denial of service attempt (oracle.rules) 12112 <-> VOIP-SIP Sivus Scanner Detected (voip.rules) 12113 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules) 12167 <-> VOIP-SIP Multiple At Signs In SIP URI (voip.rules) 12170 <-> VOIP-SIP Inbound 408 Request Timeout Message (voip.rules) 12171 <-> VOIP-SIP Outbound 408 Request Timeout Message (voip.rules) 12172 <-> VOIP-SIP Inbound 501 Not Implemented Message (voip.rules) 12173 <-> VOIP-SIP Outbound 501 Not Implemented Message (voip.rules) 12174 <-> VOIP-SIP Inbound 604 Does Not Exist Anywhere Message (voip.rules) 12175 <-> VOIP-SIP Outbound 604 Does Not Exist Anywhere Message (voip.rules) 12176 <-> VOIP-SIP Inbound 415 Unsupported Media Type Message (voip.rules) 12177 <-> VOIP-SIP Outbound 415 Unsupported Media Type Message (voip.rules) 12178 <-> VOIP-SIP Inbound 481 Call/Leg Transaction Does Not Exist (voip.rules) 12179 <-> VOIP-SIP Outbound 481 Call/Leg Transaction Does Not Exist (voip.rules) 12180 <-> VOIP-SIP Inbound 404 Not Found (voip.rules) 12181 <-> VOIP-SIP Outbound 404 Not Found (voip.rules) 12182 <-> POLICY Adobe FLV file transfer (policy.rules) 12184 <-> MISC Microsoft Excel workbook workspace designation handling arbitrary code execution attempt (misc.rules) 12199 <-> DOS RIM BlackBerry SRP negative string size (dos.rules) 12209 <-> POLICY P2PTv TVAnt udp traffic detected (policy.rules) 12210 <-> POLICY P2PTv TVAnts TCP tracker connect traffic detected (policy.rules) 12211 <-> POLICY P2PTv TVAnts TCP connection traffic detected (policy.rules) 12212 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules) 12213 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules) 12215 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules) 12233 <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules) 12236 <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules) 12237 <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules) 12239 <-> BACKDOOR webcenter v1.0 Backdoor - init connection (backdoor.rules) 12241 <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules) 12243 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules) 12244 <-> BACKDOOR itadem trojan 3.0 runtime detection (backdoor.rules) 12245 <-> BACKDOOR furax 1.0 b3 runtime detection (backdoor.rules) 12247 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX clsid unicode access (web-client.rules) 12255 <-> WEB-CGI CSGuestbook setup attempt (web-cgi.rules) 12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules) 12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules) 12278 <-> POLICY Microsoft Media Player compressed skin download (policy.rules) 12285 <-> WEB-CLIENT Excel Workspace file download (web-client.rules) 12286 <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules) 12288 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - hijack ie searches (spyware-put.rules) 12289 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - get updates (spyware-put.rules) 12290 <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules) 12291 <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules) 12293 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - get cfg info (spyware-put.rules) 12296 <-> SPYWARE-PUT Hijacker 3search runtime detection - update (spyware-put.rules) 12297 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules) 12298 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules) 12299 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules) 12300 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules) 12301 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid access (web-client.rules) 12302 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid unicode access (web-client.rules) 12303 <-> POLICY Google Chat web client connection (policy.rules) 12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules) 12305 <-> POLICY Yahoo Messenger web client connection (policy.rules) 12306 <-> POLICY Microsoft Messenger web client connection (policy.rules) 12353 <-> NETBIOS DCERPC DIRECT ca-alert alter context attempt (netbios.rules) 12354 <-> NETBIOS DCERPC DIRECT ca-alert little endian alter context attempt (netbios.rules) 12355 <-> NETBIOS DCERPC DIRECT ca-alert bind attempt (netbios.rules) 12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules) 12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules) 12360 <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules) 12361 <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules) 12362 <-> EXPLOIT Squid HTTP Proxy-Authorization overflow (exploit.rules) 12363 <-> SPYWARE-PUT Other-Technologies malware-stopper runtime detection (spyware-put.rules) 12364 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - get cfg information (spyware-put.rules) 12365 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules) 12366 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - toolbar search function (spyware-put.rules) 12367 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules) 12368 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules) 12369 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules) 12370 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - auto update (spyware-put.rules) 12371 <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules) 12372 <-> SPYWARE-PUT Keylogger mg-shadow 2.0 runtime detection (spyware-put.rules) 12373 <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules) 12374 <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules) 12375 <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules) 12376 <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules) 12377 <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules) 12378 <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules) 12379 <-> SPYWARE-PUT Keylogger PaqKeylogger 5.1 runtime detection - ftp (spyware-put.rules) 12380 <-> WEB-CLIENT Oracle JInitiator ActiveX clsid access (web-client.rules) 12381 <-> WEB-CLIENT Oracle JInitiator ActiveX clsid unicode access (web-client.rules) 12382 <-> WEB-CLIENT EasyMail Objects ActiveX clsid access (web-client.rules) 12383 <-> WEB-CLIENT EasyMail Objects ActiveX clsid unicode access (web-client.rules) 12384 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX clsid access (web-client.rules) 12385 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX clsid unicode access (web-client.rules) 12386 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX function call access (web-client.rules) 12387 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX function call unicode access (web-client.rules) 12388 <-> WEB-CLIENT PPStream PowerPlayer ActiveX clsid access (web-client.rules) 12389 <-> WEB-CLIENT PPStream PowerPlayer ActiveX clsid unicode access (web-client.rules) 12390 <-> POLICY Yahoo Webmail client chat applet (policy.rules) 12391 <-> POLICY Google Webmail client chat applet (policy.rules) 12392 <-> IMAP GNU Mailutils request tag format string vulnerability (imap.rules) 12393 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid access (web-client.rules) 12394 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid unicode access (web-client.rules) 12395 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid access (web-client.rules) 12396 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid unicode access (web-client.rules) 12397 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid access (web-client.rules) 12398 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid unicode access (web-client.rules) 12399 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid access (web-client.rules) 12400 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid unicode access (web-client.rules) 12401 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid access (web-client.rules) 12402 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid unicode access (web-client.rules) 12403 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid access (web-client.rules) 12404 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid unicode access (web-client.rules) 12405 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid access (web-client.rules) 12406 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid unicode access (web-client.rules) 12407 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid access (web-client.rules) 12408 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid unicode access (web-client.rules) 12409 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid access (web-client.rules) 12410 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid unicode access (web-client.rules) 12411 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid access (web-client.rules) 12412 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid unicode access (web-client.rules) 12413 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX clsid access (web-client.rules) 12414 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX clsid unicode access (web-client.rules) 12415 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX function call access (web-client.rules) 12416 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX function call unicode access (web-client.rules) 12417 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid access (web-client.rules) 12418 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid unicode access (web-client.rules) 12419 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call access (web-client.rules) 12420 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call unicode access (web-client.rules) 12421 <-> EXPLOIT RealNetworks Helix RTSP long transport header (exploit.rules) 12422 <-> EXPLOIT RealNetworks Helix RTSP long DESCRIBE URI (exploit.rules) 12423 <-> SMTP Microsoft CDO long header name (smtp.rules) 12424 <-> RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (rpc.rules) 12425 <-> POLICY Ruckus P2P client (policy.rules) 12426 <-> POLICY Ruckus P2P broadcast domain probe (policy.rules) 12427 <-> POLICY Ruckus encrypted authentication connection (policy.rules) 12428 <-> WEB-CLIENT GlobalLink glitemflat.dll ActiveX clsid access (web-client.rules) 12429 <-> WEB-CLIENT GlobalLink glitemflat.dll ActiveX clsid unicode access (web-client.rules) 12430 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX clsid access (web-client.rules) 12431 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX clsid unicode access (web-client.rules) 12432 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX function call access (web-client.rules) 12433 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX function call unicode access (web-client.rules) 12434 <-> WEB-CLIENT BaoFeng Storm MPS.dll ActiveX clsid access (web-client.rules) 12435 <-> WEB-CLIENT BaoFeng Storm MPS.dll ActiveX clsid unicode access (web-client.rules) 12436 <-> MULTIMEDIA Youtube video player file request (multimedia.rules) 12437 <-> MULTIMEDIA Google video player request (multimedia.rules) 12438 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX clsid access (web-client.rules) 12439 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX clsid unicode access (web-client.rules) 12440 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX function call access (web-client.rules) 12441 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX function call unicode access (web-client.rules) 12442 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll 2 ActiveX clsid access (web-client.rules) 12443 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll 2 ActiveX clsid unicode access (web-client.rules) 12444 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX clsid access (web-client.rules) 12445 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX clsid unicode access (web-client.rules) 12446 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX function call access (web-client.rules) 12447 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX function call unicode access (web-client.rules) 12448 <-> WEB-CLIENT Microsoft Agent Control ActiveX clsid access (web-client.rules) 12449 <-> WEB-CLIENT Microsoft Agent Control ActiveX clsid unicode access (web-client.rules) 12450 <-> WEB-CLIENT Microsoft Agent Control ActiveX function call access (web-client.rules) 12451 <-> WEB-CLIENT Microsoft Agent Control ActiveX function call unicode access (web-client.rules) 12452 <-> WEB-CLIENT MS Agent File Provider ActiveX clsid access (web-client.rules) 12453 <-> WEB-CLIENT MS Agent File Provider ActiveX clsid unicode access (web-client.rules) 12454 <-> MISC asf file download (misc.rules) 12455 <-> POLICY Crystal reports download request (policy.rules) 12456 <-> POLICY Crystal reports download (policy.rules) 12457 <-> CHAT Microsoft Live chat video feed initiation (chat.rules) 12458 <-> POLICY portmapper sadmin port query (policy.rules) 12459 <-> WEB-CLIENT Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid access (web-client.rules) 12460 <-> WEB-CLIENT Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid unicode access (web-client.rules) 12461 <-> WEB-CLIENT Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid access (web-client.rules) 12462 <-> WEB-CLIENT Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid unicode access (web-client.rules) 12463 <-> EXPLOIT Crystal Reports RPT file handling buffer overflow attempt (exploit.rules)
