Sourcefire VRT Rules Update

Date: 2007-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.3.

The format of the file is:

sid - Message (rule group)

Updated rules:
4637 <-> EXPLOIT MailEnable HTTPMail buffer overflow attempt (exploit.rules)

New rules:
 224 <-> DDOS Stacheldraht server spoof (ddos.rules)
 225 <-> DDOS Stacheldraht gag server response (ddos.rules)
 226 <-> DDOS Stacheldraht server response (ddos.rules)
 227 <-> DDOS Stacheldraht client spoofworks (ddos.rules)
 229 <-> DDOS Stacheldraht client check skillz (ddos.rules)
 236 <-> DDOS Stacheldraht client check gag (ddos.rules)
 237 <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules)
 238 <-> DDOS TFN server response (ddos.rules)
 243 <-> DDOS mstream agent to handler (ddos.rules)
 244 <-> DDOS mstream handler to agent (ddos.rules)
 245 <-> DDOS mstream handler ping to agent (ddos.rules)
 246 <-> DDOS mstream agent pong to handler (ddos.rules)
 247 <-> DDOS mstream client to handler (ddos.rules)
 248 <-> DDOS mstream handler to client (ddos.rules)
 250 <-> DDOS mstream handler to client (ddos.rules)
 251 <-> DDOS - TFN client command LE (ddos.rules)
 365 <-> ICMP PING undefined code (icmp-info.rules)
 462 <-> ICMP unassigned type 7 (icmp-info.rules)
 463 <-> ICMP unassigned type 7 undefined code (icmp-info.rules)
 483 <-> ICMP PING CyberKit 2.2 Windows (icmp.rules)
 484 <-> ICMP PING Sniffer Pro/NetXRay network scan (icmp.rules)
 485 <-> ICMP Destination Unreachable Communication Administratively Prohibited (icmp.rules)
 486 <-> ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp.rules)
 487 <-> ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp.rules)
 488 <-> INFO Connection Closed MSG from Port 80 (info.rules)
 489 <-> INFO FTP no password (info.rules)
 490 <-> INFO battle-mail traffic (info.rules)
 491 <-> INFO FTP Bad login (info.rules)
 492 <-> INFO TELNET login failed (info.rules)
 493 <-> INFO psyBNC access (info.rules)
 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules)
 524 <-> BAD-TRAFFIC tcp port 0 traffic (bad-traffic.rules)
 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules)
 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules)
 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules)
 601 <-> RSERVICES rlogin LinuxNIS (rservices.rules)
 602 <-> RSERVICES rlogin bin (rservices.rules)
 603 <-> RSERVICES rlogin echo++ (rservices.rules)
 604 <-> RSERVICES rsh froot (rservices.rules)
 605 <-> RSERVICES rlogin login failure (rservices.rules)
 606 <-> RSERVICES rlogin root (rservices.rules)
 607 <-> RSERVICES rsh bin (rservices.rules)
 608 <-> RSERVICES rsh echo + + (rservices.rules)
 609 <-> RSERVICES rsh froot (rservices.rules)
 610 <-> RSERVICES rsh root (rservices.rules)
 611 <-> RSERVICES rlogin login failure (rservices.rules)
 637 <-> SCAN Webtrends Scanner UDP Probe (scan.rules)
 718 <-> INFO TELNET login incorrect (info.rules)
1133 <-> SCAN cybercop os probe (scan.rules)
1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules)
1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules)
1428 <-> MULTIMEDIA audio galaxy keepalive (multimedia.rules)
1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules)
1436 <-> MULTIMEDIA Quicktime User Agent access (multimedia.rules)
1437 <-> MULTIMEDIA Windows Media download (multimedia.rules)
1439 <-> MULTIMEDIA Shoutcast playlist redirection (multimedia.rules)
1440 <-> MULTIMEDIA Icecast playlist redirection (multimedia.rules)
1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules)
1629 <-> OTHER-IDS SecureNetPro traffic (other-ids.rules)
1638 <-> SCAN SSH Version map attempt (scan.rules)
1760 <-> OTHER-IDS ISS RealSecure 6 event collector connection attempt (other-ids.rules)
1761 <-> OTHER-IDS ISS RealSecure 6 daemon connection attempt (other-ids.rules)
1810 <-> ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE (attack-responses.rules)
1811 <-> ATTACK-RESPONSES successful gobbles ssh exploit uname (attack-responses.rules)
1813 <-> ICMP digital island bandwidth query (icmp.rules)
1854 <-> DDOS Stacheldraht handler->agent niggahbitch (ddos.rules)
1855 <-> DDOS Stacheldraht agent->handler skillz (ddos.rules)
1856 <-> DDOS Stacheldraht handler->agent ficken (ddos.rules)
1901 <-> ATTACK-RESPONSES successful kadmind buffer overflow attempt (attack-responses.rules)
1917 <-> SCAN UPnP service discover attempt (scan.rules)
1918 <-> SCAN SolarWinds IP scan attempt (scan.rules)
2104 <-> ATTACK-RESPONSES rexec username too long response (attack-responses.rules)
2113 <-> RSERVICES rexec username overflow attempt (rservices.rules)
2114 <-> RSERVICES rexec password overflow attempt (rservices.rules)
2123 <-> ATTACK-RESPONSES Microsoft cmd.exe banner (attack-responses.rules)
2180 <-> P2P BitTorrent announce request (p2p.rules)
2181 <-> P2P BitTorrent transfer (p2p.rules)
2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules)
2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules)
2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules)
2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules)
2412 <-> ATTACK-RESPONSES successful cross site scripting forced download attempt (attack-responses.rules)
2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules)
2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules)
2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules)
2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules)
2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules)
2586 <-> P2P eDonkey transfer (p2p.rules)
2587 <-> P2P eDonkey server response (p2p.rules)
2686 <-> ORACLE sys.dbms_rectifier_diff.differences buffer overflow attempt (oracle.rules)
2925 <-> INFO web bug 1x1 gif attempt (info.rules)
3459 <-> P2P Manolito Search Query (p2p.rules)
3626 <-> ICMP PATH MTU denial of service (icmp.rules)
3680 <-> P2P AOL Instant Messenger file send attempt (p2p.rules)
3681 <-> P2P AOL Instant Messenger file receive attempt (p2p.rules)
3691 <-> CHAT Yahoo Messenger Message (chat.rules)
5320 <-> VIRUS Possible Sober virus set one call home attempt (virus.rules)
5324 <-> VIRUS Possible Sober virus set two call home attempt (virus.rules)
5692 <-> P2P Skype client successful install (p2p.rules)
5693 <-> P2P Skype client start up get latest version attempt (p2p.rules)
5694 <-> P2P Skype client setup get newest version attempt (p2p.rules)
5998 <-> P2P Skype client login startup (p2p.rules)
5999 <-> P2P Skype client login (p2p.rules)
6182 <-> CHAT IRC channel notice (chat.rules)
6467 <-> CHAT jabber traffic detected (chat.rules)
6468 <-> CHAT jabber file transfer request (chat.rules)
8081 <-> SCAN UPnP service discover attempt (scan.rules)
10402 <-> SPECIFIC-THREATS Trojan.Duntek Data Report POST (specific-threats.rules)
10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules)
10511 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
11000 <-> ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (oracle.rules)
11175 <-> ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (oracle.rules)
11185 <-> DOS CA eTrust key handling dos -- username (dos.rules)
11186 <-> DOS CA eTrust key handling dos -- password (dos.rules)
11263 <-> DOS Apache mod_ssl non-SSL connection to SSL port denial of service attempt (dos.rules)
11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules)
11837 <-> SMTP MS Windows Mail UNC navigation remote command execution (smtp.rules)
11968 <-> VOIP-SIP Inbound INVITE Message (voip.rules)
11969 <-> VOIP-SIP Inbound 401 Unauthorized Message (voip.rules)
11970 <-> VOIP-SIP Cisco 7940/7960 INVITE Remote-Party-ID Denial of Service Attempt (voip.rules)
11972 <-> VOIP-SIP Max-Forwards Value Over 70 (voip.rules)
11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules)
11974 <-> VOIP-SIP Response Too Small (voip.rules)
11975 <-> VOIP-SIP Via Header Missing SIP Field (voip.rules)
11976 <-> VOIP-SIP Overflow In URI Type - SIP (voip.rules)
11977 <-> VOIP-SIP Overflow In URI Type - Tel (voip.rules)
11978 <-> VOIP-SIP From Header Field Buffer Overflow Attempt (voip.rules)
11979 <-> VOIP-SIP Oversized SDP Media Port (voip.rules)
11980 <-> VOIP-SIP SDP Attribute Possible Buffer Overflow Attempt (voip.rules)
11981 <-> VOIP-SIP MultiTech INVITE Field Buffer Overflow Attempt (voip.rules)
11982 <-> VOIP-SIP Recursive URL-Encoded Data In To Header (voip.rules)
11983 <-> VOIP-SIP SDP Negative Time Value (voip.rules)
11984 <-> VOIP-SIP SDP Oversized Time Value (voip.rules)
11985 <-> VOIP-SIP Expires Header Overflow Attempt (voip.rules)
11986 <-> VOIP-SIP Invalid Characters In Authorization Response Parameter (voip.rules)
11987 <-> VOIP-SIP Via Header Format String Attempt (voip.rules)
11988 <-> VOIP-SIP From Header Format String Attempt (voip.rules)
11989 <-> VOIP-SIP Call-ID Header Format String Attempt (voip.rules)
11990 <-> VOIP-SIP Contact Header Format String Attempt (voip.rules)
11991 <-> VOIP-SIP CSeq Header Format String Attempt (voip.rules)
11992 <-> VOIP-SIP Content-Type Header Format String Attempt (voip.rules)
11993 <-> VOIP-SIP Call-ID Header Invalid Characters Detected (voip.rules)
11994 <-> VOIP-SIP Contact Header Invalid Characters Detected (voip.rules)
11995 <-> VOIP-SIP Content-Type Header Invalid Characters Detected (voip.rules)
11996 <-> VOIP-SIP CSeq Header Invalid Characters Detected (voip.rules)
11997 <-> VOIP-SIP From Header Invalid Characters Detected (voip.rules)
11998 <-> VOIP-SIP To Header Invalid Characters Detected (voip.rules)
11999 <-> VOIP-SIP Via Header Invalid Characters Detected (voip.rules)
12000 <-> VOIP-SIP INVITE Invalid IP Address (voip.rules)
12001 <-> VOIP-SIP SDP Version Overflow Attempt (voip.rules)
12002 <-> VOIP-SIP BYE Flood (voip.rules)
12003 <-> VOIP-SIP CANCEL Flood (voip.rules)
12004 <-> VOIP-SIP INVITE Message Invalid Content-Length Size Of Zero (voip.rules)
12005 <-> VOIP-SIP Invalid SDP Connection Value (voip.rules)
12006 <-> VOIP-SIP Outbound INVITE Message (voip.rules)
12007 <-> VOIP-SIP Outbound 401 Unauthorized Message (voip.rules)
12008 <-> VOIP-SIP Request Too Small (voip.rules)
12009 <-> SQL Firebird SQL Fbserver Buffer Overflow (sql.rules)
12023 <-> DELETED WEB-CLIENT RealPlayer Helix G2 Control ActiveX clsid access (deleted.rules)
12027 <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules)
12031 <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules)
12032 <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules)
12033 <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules)
12034 <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules)
12035 <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules)
12036 <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules)
12037 <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules)
12038 <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules)
12039 <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules)
12040 <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules)
12041 <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules)
12042 <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules)
12043 <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules)
12044 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules)
12045 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules)
12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
12061 <-> SIP Request Line Equal To Zero (voip.rules)
12067 <-> POLICY Outbound Teredo traffic detected (policy.rules)
12072 <-> VOIP-SIP Response code not three digits (voip.rules)
12073 <-> VOIP-SIP Inbound 100 Trying Message (voip.rules)
12074 <-> VOIP-SIP Outbound 100 Trying Message (voip.rules)
12076 <-> DOS Ipswitch WS_FTP log server long unicode string (dos.rules)
12082 <-> ORACLE Oracle 9i TNS denial of service attempt (oracle.rules)
12112 <-> VOIP-SIP Sivus Scanner Detected (voip.rules)
12113 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules)
12167 <-> VOIP-SIP Multiple At Signs In SIP URI (voip.rules)
12170 <-> VOIP-SIP Inbound 408 Request Timeout Message (voip.rules)
12171 <-> VOIP-SIP Outbound 408 Request Timeout Message (voip.rules)
12172 <-> VOIP-SIP Inbound 501 Not Implemented Message (voip.rules)
12173 <-> VOIP-SIP Outbound 501 Not Implemented Message (voip.rules)
12174 <-> VOIP-SIP Inbound 604 Does Not Exist Anywhere Message (voip.rules)
12175 <-> VOIP-SIP Outbound 604 Does Not Exist Anywhere Message (voip.rules)
12176 <-> VOIP-SIP Inbound 415 Unsupported Media Type Message (voip.rules)
12177 <-> VOIP-SIP Outbound 415 Unsupported Media Type Message (voip.rules)
12178 <-> VOIP-SIP Inbound 481 Call/Leg Transaction Does Not Exist (voip.rules)
12179 <-> VOIP-SIP Outbound 481 Call/Leg Transaction Does Not Exist (voip.rules)
12180 <-> VOIP-SIP Inbound 404 Not Found (voip.rules)
12181 <-> VOIP-SIP Outbound 404 Not Found (voip.rules)
12182 <-> POLICY Adobe FLV file transfer (policy.rules)
12184 <-> MISC Microsoft Excel workbook workspace designation handling arbitrary code execution attempt (misc.rules)
12199 <-> DOS RIM BlackBerry SRP negative string size (dos.rules)
12209 <-> POLICY P2PTv TVAnt udp traffic detected (policy.rules)
12210 <-> POLICY P2PTv TVAnts TCP tracker connect traffic detected (policy.rules)
12211 <-> POLICY P2PTv TVAnts TCP connection traffic detected (policy.rules)
12212 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules)
12213 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules)
12215 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules)
12233 <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules)
12236 <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules)
12237 <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules)
12239 <-> BACKDOOR webcenter v1.0 Backdoor - init connection (backdoor.rules)
12241 <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules)
12243 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules)
12244 <-> BACKDOOR itadem trojan 3.0 runtime detection (backdoor.rules)
12245 <-> BACKDOOR furax 1.0 b3 runtime detection (backdoor.rules)
12247 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX clsid unicode access (web-client.rules)
12255 <-> WEB-CGI CSGuestbook setup attempt (web-cgi.rules)
12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules)
12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules)
12278 <-> POLICY Microsoft Media Player compressed skin download (policy.rules)
12285 <-> WEB-CLIENT Excel Workspace file download (web-client.rules)
12286 <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules)
12288 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - hijack ie searches (spyware-put.rules)
12289 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - get updates (spyware-put.rules)
12290 <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules)
12291 <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules)
12293 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - get cfg info (spyware-put.rules)
12296 <-> SPYWARE-PUT Hijacker 3search runtime detection - update (spyware-put.rules)
12297 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
12298 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
12299 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12300 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12301 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid access (web-client.rules)
12302 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid unicode access (web-client.rules)
12303 <-> POLICY Google Chat web client connection (policy.rules)
12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules)
12305 <-> POLICY Yahoo Messenger web client connection (policy.rules)
12306 <-> POLICY  Microsoft Messenger web client connection (policy.rules)
12353 <-> NETBIOS DCERPC DIRECT ca-alert alter context attempt (netbios.rules)
12354 <-> NETBIOS DCERPC DIRECT ca-alert little endian alter context attempt (netbios.rules)
12355 <-> NETBIOS DCERPC DIRECT ca-alert bind attempt (netbios.rules)
12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules)
12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules)
12360 <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules)
12361 <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules)
12362 <-> EXPLOIT Squid HTTP Proxy-Authorization overflow (exploit.rules)
12363 <-> SPYWARE-PUT Other-Technologies malware-stopper runtime detection (spyware-put.rules)
12364 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - get cfg information (spyware-put.rules)
12365 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - redirect searches (spyware-put.rules)
12366 <-> SPYWARE-PUT Hijacker proventactics 3.5 runtime detection - toolbar search function (spyware-put.rules)
12367 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie searches (spyware-put.rules)
12368 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - hijack ie side search (spyware-put.rules)
12369 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - collect user information (spyware-put.rules)
12370 <-> SPYWARE-PUT Hijacker imesh mediabar runtime detection - auto update (spyware-put.rules)
12371 <-> SPYWARE-PUT Hijacker sbu hotbar 4.8.4 runtime detection - user-agent string (spyware-put.rules)
12372 <-> SPYWARE-PUT Keylogger mg-shadow 2.0 runtime detection (spyware-put.rules)
12373 <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules)
12374 <-> BACKDOOR radmin 3.0 runtime detection - initial connection (backdoor.rules)
12375 <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules)
12376 <-> BACKDOOR radmin 3.0 runtime detection - login & remote control (backdoor.rules)
12377 <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules)
12378 <-> BACKDOOR shark 2.3.2 runtime detection (backdoor.rules)
12379 <-> SPYWARE-PUT Keylogger PaqKeylogger 5.1 runtime detection - ftp (spyware-put.rules)
12380 <-> WEB-CLIENT Oracle JInitiator ActiveX clsid access (web-client.rules)
12381 <-> WEB-CLIENT Oracle JInitiator ActiveX clsid unicode access (web-client.rules)
12382 <-> WEB-CLIENT EasyMail Objects ActiveX clsid access (web-client.rules)
12383 <-> WEB-CLIENT EasyMail Objects ActiveX clsid unicode access (web-client.rules)
12384 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX clsid access (web-client.rules)
12385 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX clsid unicode access (web-client.rules)
12386 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX function call access (web-client.rules)
12387 <-> WEB-CLIENT Yahoo Messenger YVerInfo ActiveX function call unicode access (web-client.rules)
12388 <-> WEB-CLIENT PPStream PowerPlayer ActiveX clsid access (web-client.rules)
12389 <-> WEB-CLIENT PPStream PowerPlayer ActiveX clsid unicode access (web-client.rules)
12390 <-> POLICY Yahoo Webmail client chat applet (policy.rules)
12391 <-> POLICY Google Webmail client chat applet (policy.rules)
12392 <-> IMAP GNU Mailutils request tag format string vulnerability (imap.rules)
12393 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid access (web-client.rules)
12394 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid unicode access (web-client.rules)
12395 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid access (web-client.rules)
12396 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid unicode access (web-client.rules)
12397 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid access (web-client.rules)
12398 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid unicode access (web-client.rules)
12399 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid access (web-client.rules)
12400 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid unicode access (web-client.rules)
12401 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid access (web-client.rules)
12402 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid unicode access (web-client.rules)
12403 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid access (web-client.rules)
12404 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid unicode access (web-client.rules)
12405 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid access (web-client.rules)
12406 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid unicode access (web-client.rules)
12407 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid access (web-client.rules)
12408 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid unicode access (web-client.rules)
12409 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid access (web-client.rules)
12410 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid unicode access (web-client.rules)
12411 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid access (web-client.rules)
12412 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid unicode access (web-client.rules)
12413 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX clsid access (web-client.rules)
12414 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX clsid unicode access (web-client.rules)
12415 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX function call access (web-client.rules)
12416 <-> WEB-CLIENT Earth Resource Mapper NCSView ActiveX function call unicode access (web-client.rules)
12417 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid access (web-client.rules)
12418 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid unicode access (web-client.rules)
12419 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call access (web-client.rules)
12420 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call unicode access (web-client.rules)
12421 <-> EXPLOIT RealNetworks Helix RTSP long transport header (exploit.rules)
12422 <-> EXPLOIT RealNetworks Helix RTSP long DESCRIBE URI (exploit.rules)
12423 <-> SMTP Microsoft CDO long header name (smtp.rules)
12424 <-> RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (rpc.rules)
12425 <-> POLICY Ruckus P2P client (policy.rules)
12426 <-> POLICY Ruckus P2P broadcast domain probe (policy.rules)
12427 <-> POLICY Ruckus encrypted authentication connection (policy.rules)
12428 <-> WEB-CLIENT GlobalLink glitemflat.dll ActiveX clsid access (web-client.rules)
12429 <-> WEB-CLIENT GlobalLink glitemflat.dll ActiveX clsid unicode access (web-client.rules)
12430 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX clsid access (web-client.rules)
12431 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX clsid unicode access (web-client.rules)
12432 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX function call access (web-client.rules)
12433 <-> WEB-CLIENT EDraw Office Viewer Component ActiveX function call unicode access (web-client.rules)
12434 <-> WEB-CLIENT BaoFeng Storm MPS.dll ActiveX clsid access (web-client.rules)
12435 <-> WEB-CLIENT BaoFeng Storm MPS.dll ActiveX clsid unicode access (web-client.rules)
12436 <-> MULTIMEDIA Youtube video player file request (multimedia.rules)
12437 <-> MULTIMEDIA Google video player request (multimedia.rules)
12438 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX clsid access (web-client.rules)
12439 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX clsid unicode access (web-client.rules)
12440 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX function call access (web-client.rules)
12441 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll ActiveX function call unicode access (web-client.rules)
12442 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll 2 ActiveX clsid access (web-client.rules)
12443 <-> WEB-CLIENT Ultra Crypto Component CryptoX.dll 2 ActiveX clsid unicode access (web-client.rules)
12444 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX clsid access (web-client.rules)
12445 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX clsid unicode access (web-client.rules)
12446 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX function call access (web-client.rules)
12447 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects ActiveX function call unicode access (web-client.rules)
12448 <-> WEB-CLIENT Microsoft Agent Control ActiveX clsid access (web-client.rules)
12449 <-> WEB-CLIENT Microsoft Agent Control ActiveX clsid unicode access (web-client.rules)
12450 <-> WEB-CLIENT Microsoft Agent Control ActiveX function call access (web-client.rules)
12451 <-> WEB-CLIENT Microsoft Agent Control ActiveX function call unicode access (web-client.rules)
12452 <-> WEB-CLIENT MS Agent File Provider ActiveX clsid access (web-client.rules)
12453 <-> WEB-CLIENT MS Agent File Provider ActiveX clsid unicode access (web-client.rules)
12454 <-> MISC asf file download (misc.rules)
12455 <-> POLICY Crystal reports download request (policy.rules)
12456 <-> POLICY Crystal reports download (policy.rules)
12457 <-> CHAT Microsoft Live chat video feed initiation (chat.rules)
12458 <-> POLICY portmapper sadmin port query (policy.rules)
12459 <-> WEB-CLIENT Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid access (web-client.rules)
12460 <-> WEB-CLIENT Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid unicode access (web-client.rules)
12461 <-> WEB-CLIENT Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid access (web-client.rules)
12462 <-> WEB-CLIENT Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid unicode access (web-client.rules)
12463 <-> EXPLOIT Crystal Reports RPT file handling buffer overflow attempt (exploit.rules)