Sourcefire VRT Rules Update

Date: 2007-06-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
11966 <-> WEB-CLIENT Microsoft Internet Explorer CSS tag memory corruption attempt (web-client.rules)
11967 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX function call unicode access (web-client.rules)
12009 <-> SQL Firebird SQL Fbserver Buffer Overflow (sql.rules)
12010 <-> WEB-CLIENT RKD Software BarCode ActiveX clsid access (web-client.rules)
12011 <-> WEB-CLIENT RKD Software BarCode ActiveX clsid unicode access (web-client.rules)
12012 <-> WEB-CLIENT RKD Software BarCode ActiveX function call access (web-client.rules)
12013 <-> WEB-CLIENT RKD Software BarCode ActiveX function call unicode access (web-client.rules)
12014 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)

Updated rules:
 144 <-> FTP ADMw0rm ftp login attempt (ftp.rules)
 228 <-> DDOS TFN client command BE (ddos.rules)
 251 <-> DDOS - TFN client command LE (ddos.rules)
 253 <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 254 <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 255 <-> DNS zone transfer TCP (dns.rules)
 256 <-> DNS named authors attempt (dns.rules)
 257 <-> DNS named version attempt (dns.rules)
 258 <-> DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
 259 <-> DNS EXPLOIT named overflow ADM (dns.rules)
 260 <-> DNS EXPLOIT named overflow ADMROCKS (dns.rules)
 261 <-> DNS EXPLOIT named overflow attempt (dns.rules)
 262 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 264 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 265 <-> DNS EXPLOIT x86 Linux overflow attempt ADMv2 (dns.rules)
 266 <-> DNS EXPLOIT x86 FreeBSD overflow attempt (dns.rules)
 267 <-> DNS EXPLOIT sparc overflow attempt (dns.rules)
 303 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 314 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 320 <-> FINGER cmd_rootsh backdoor attempt (finger.rules)
 321 <-> FINGER account enumeration attempt (finger.rules)
 322 <-> FINGER search query (finger.rules)
 323 <-> FINGER root query (finger.rules)
 324 <-> FINGER null request (finger.rules)
 326 <-> FINGER remote command execution attempt (finger.rules)
 327 <-> FINGER remote command pipe execution attempt (finger.rules)
 328 <-> FINGER bomb attempt (finger.rules)
 330 <-> FINGER redirection attempt (finger.rules)
 331 <-> FINGER cybercop query (finger.rules)
 332 <-> FINGER 0 query (finger.rules)
 333 <-> FINGER . query (finger.rules)
 334 <-> FTP .forward (ftp.rules)
 335 <-> FTP .rhosts (ftp.rules)
 336 <-> FTP CWD ~root attempt (ftp.rules)
 337 <-> FTP CEL overflow attempt (ftp.rules)
 353 <-> FTP adm scan (ftp.rules)
 354 <-> FTP iss scan (ftp.rules)
 355 <-> FTP pass wh00t (ftp.rules)
 356 <-> FTP passwd retrieval attempt (ftp.rules)
 357 <-> FTP piss scan (ftp.rules)
 358 <-> FTP saint scan (ftp.rules)
 359 <-> FTP satan scan (ftp.rules)
 360 <-> FTP serv-u directory transversal (ftp.rules)
 361 <-> FTP SITE EXEC attempt (ftp.rules)
 362 <-> FTP tar parameters (ftp.rules)
1079 <-> WEB-MISC WebDAV propfind access (web-misc.rules)
1229 <-> FTP CWD ... (ftp.rules)
1248 <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
1377 <-> FTP wu-ftp bad file completion attempt [ (ftp.rules)
1378 <-> FTP wu-ftp bad file completion attempt { (ftp.rules)
1379 <-> FTP STAT overflow attempt (ftp.rules)
1435 <-> DNS named authors attempt (dns.rules)
1529 <-> FTP SITE overflow attempt (ftp.rules)
1541 <-> FINGER version query (finger.rules)
1562 <-> FTP SITE CHOWN overflow attempt (ftp.rules)
1616 <-> DNS named version attempt (dns.rules)
1621 <-> FTP CMD overflow attempt (ftp.rules)
1622 <-> FTP RNFR ././ attempt (ftp.rules)
1623 <-> FTP invalid MODE (ftp.rules)
1624 <-> FTP PWD overflow attempt (ftp.rules)
1625 <-> FTP SYST overflow attempt (ftp.rules)
1672 <-> FTP CWD ~ attempt (ftp.rules)
1734 <-> FTP USER overflow attempt (ftp.rules)
1755 <-> IMAP partial body buffer overflow attempt (imap.rules)
1777 <-> FTP EXPLOIT STAT * dos attempt (ftp.rules)
1778 <-> FTP EXPLOIT STAT ? dos attempt (ftp.rules)
1842 <-> IMAP login buffer overflow attempt (imap.rules)
1844 <-> IMAP authenticate overflow attempt (imap.rules)
1845 <-> IMAP list literal overflow attempt (imap.rules)
1864 <-> FTP SITE NEWER attempt (ftp.rules)
1888 <-> FTP SITE CPWD overflow attempt (ftp.rules)
1902 <-> IMAP lsub literal overflow attempt (imap.rules)
1903 <-> IMAP rename overflow attempt (imap.rules)
1904 <-> IMAP find overflow attempt (imap.rules)
1919 <-> FTP CWD overflow attempt (ftp.rules)
1920 <-> FTP SITE NEWER overflow attempt (ftp.rules)
1921 <-> FTP SITE ZIPCHK overflow attempt (ftp.rules)
1927 <-> FTP authorized_keys (ftp.rules)
1928 <-> FTP shadow retrieval attempt (ftp.rules)
1930 <-> IMAP auth literal overflow attempt (imap.rules)
1942 <-> FTP RMDIR overflow attempt (ftp.rules)
1948 <-> DNS zone transfer UDP (dns.rules)
1971 <-> FTP SITE EXEC format string attempt (ftp.rules)
1972 <-> FTP PASS overflow attempt (ftp.rules)
1973 <-> FTP MKD overflow attempt (ftp.rules)
1974 <-> FTP REST overflow attempt (ftp.rules)
1975 <-> FTP DELE overflow attempt (ftp.rules)
1976 <-> FTP RMD overflow attempt (ftp.rules)
1992 <-> FTP LIST directory traversal attempt (ftp.rules)
1993 <-> IMAP login literal buffer overflow attempt (imap.rules)
2046 <-> IMAP partial body.peek buffer overflow attempt (imap.rules)
2105 <-> IMAP authenticate literal overflow attempt (imap.rules)
2106 <-> IMAP lsub overflow attempt (imap.rules)
2107 <-> IMAP create buffer overflow attempt (imap.rules)
2118 <-> IMAP list overflow attempt (imap.rules)
2119 <-> IMAP rename literal overflow attempt (imap.rules)
2120 <-> IMAP create literal buffer overflow attempt (imap.rules)
2125 <-> FTP CWD Root directory transversal attempt (ftp.rules)
2178 <-> FTP USER format string attempt (ftp.rules)
2179 <-> FTP PASS format string attempt (ftp.rules)
2272 <-> FTP LIST integer overflow attempt (ftp.rules)
2273 <-> IMAP login brute force attempt (imap.rules)
2330 <-> IMAP auth overflow attempt (imap.rules)
2332 <-> FTP MKDIR format string attempt (ftp.rules)
2333 <-> FTP RENAME format string attempt (ftp.rules)
2334 <-> FTP Yak! FTP server default account login attempt (ftp.rules)
2335 <-> FTP RMD / attempt (ftp.rules)
2338 <-> FTP LIST buffer overflow attempt (ftp.rules)
2340 <-> FTP SITE CHMOD overflow attempt (ftp.rules)
2343 <-> FTP STOR overflow attempt (ftp.rules)
2344 <-> FTP XCWD overflow attempt (ftp.rules)
2373 <-> FTP XMKD overflow attempt (ftp.rules)
2374 <-> FTP NLST overflow attempt (ftp.rules)
2389 <-> FTP RNTO overflow attempt (ftp.rules)
2390 <-> FTP STOU overflow attempt (ftp.rules)
2391 <-> FTP APPE overflow attempt (ftp.rules)
2392 <-> FTP RETR overflow attempt (ftp.rules)
2416 <-> FTP invalid MDTM command attempt (ftp.rules)
2417 <-> FTP format string attempt (ftp.rules)
2449 <-> FTP ALLO overflow attempt (ftp.rules)
2497 <-> IMAP SSLv3 invalid data version attempt (imap.rules)
2517 <-> IMAP PCT Client_Hello overflow attempt (imap.rules)
2529 <-> IMAP SSLv3 Client_Hello request (imap.rules)
2530 <-> IMAP SSLv3 Server_Hello request (imap.rules)
2531 <-> IMAP SSLv3 invalid Client_Hello attempt (imap.rules)
2546 <-> FTP MDTM overflow attempt (ftp.rules)
2574 <-> FTP RETR format string attempt (ftp.rules)
2664 <-> IMAP login format string attempt (imap.rules)
2665 <-> IMAP login literal format string attempt (imap.rules)
2921 <-> DNS UDP inverse query (dns.rules)
2922 <-> DNS TCP inverse query (dns.rules)
3007 <-> IMAP delete overflow attempt (imap.rules)
3008 <-> IMAP delete literal overflow attempt (imap.rules)
3058 <-> IMAP copy literal overflow attempt (imap.rules)
3065 <-> IMAP append literal overflow attempt (imap.rules)
3066 <-> IMAP append overflow attempt (imap.rules)
3067 <-> IMAP examine literal overflow attempt (imap.rules)
3068 <-> IMAP examine overflow attempt (imap.rules)
3069 <-> IMAP fetch literal overflow attempt (imap.rules)
3070 <-> IMAP fetch overflow attempt (imap.rules)
3071 <-> IMAP status literal overflow attempt (imap.rules)
3072 <-> IMAP status overflow attempt (imap.rules)
3073 <-> IMAP subscribe literal overflow attempt (imap.rules)
3074 <-> IMAP subscribe overflow attempt (imap.rules)
3075 <-> IMAP unsubscribe literal overflow attempt (imap.rules)
3076 <-> IMAP unsubscribe overflow attempt (imap.rules)
3077 <-> FTP RNFR overflow attempt (ftp.rules)
3151 <-> FINGER / execution attempt (finger.rules)
3153 <-> DNS TCP inverse query overflow (dns.rules)
3154 <-> DNS UDP inverse query overflow (dns.rules)
3441 <-> FTP PORT bounce attempt (ftp.rules)
3460 <-> FTP REST with numeric argument (ftp.rules)
3487 <-> IMAP SSLv2 Client_Hello request (imap.rules)
3488 <-> IMAP SSLv2 Client_Hello with pad request (imap.rules)
3489 <-> IMAP TLSv1 Client_Hello request (imap.rules)
3490 <-> IMAP TLSv1 Client_Hello via SSLv2 handshake request (imap.rules)
3491 <-> IMAP SSLv2 Server_Hello request (imap.rules)
3492 <-> IMAP TLSv1 Server_Hello request (imap.rules)
3523 <-> FTP SITE INDEX format string attempt (ftp.rules)
3532 <-> FTP ORACLE password buffer overflow attempt (ftp.rules)
3630 <-> FTP ORACLE TEST command buffer overflow attempt (ftp.rules)
3631 <-> FTP ORACLE user name buffer overflow attempt (ftp.rules)
4645 <-> IMAP search format string attempt (imap.rules)
4646 <-> IMAP search literal format string attempt (imap.rules)
4754 <-> NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4755 <-> NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4756 <-> NETBIOS DCERPC NCACN-IP-TCP v4 locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4757 <-> NETBIOS DCERPC NCACN-IP-TCP v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4758 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX andx overflow attempt (netbios.rules)
4759 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules)
4760 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX little endian overflow attempt (netbios.rules)
4761 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX overflow attempt (netbios.rules)
4762 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode andx overflow attempt (netbios.rules)
4763 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4764 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules)
4765 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules)
4766 <-> NETBIOS SMB locator nsi_binding_lookup_begin andx overflow attempt (netbios.rules)
4767 <-> NETBIOS SMB locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules)
4768 <-> NETBIOS SMB locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4769 <-> NETBIOS SMB locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4770 <-> NETBIOS SMB locator nsi_binding_lookup_begin unicode andx overflow attempt (netbios.rules)
4771 <-> NETBIOS SMB locator nsi_binding_lookup_begin unicode little endian andx overflow attempt (netbios.rules)
4772 <-> NETBIOS SMB locator nsi_binding_lookup_begin unicode little endian overflow attempt (netbios.rules)
4773 <-> NETBIOS SMB locator nsi_binding_lookup_begin unicode overflow attempt (netbios.rules)
4774 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX andx overflow attempt (netbios.rules)
4775 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules)
4776 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX little endian overflow attempt (netbios.rules)
4777 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX overflow attempt (netbios.rules)
4778 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode andx overflow attempt (netbios.rules)
4779 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4780 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules)
4781 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules)
4782 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin andx overflow attempt (netbios.rules)
4783 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules)
4784 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4785 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4786 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode andx overflow attempt (netbios.rules)
4787 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode little endian andx overflow attempt (netbios.rules)
4788 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode little endian overflow attempt (netbios.rules)
4789 <-> NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode overflow attempt (netbios.rules)
4790 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX andx overflow attempt (netbios.rules)
4791 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules)
4792 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX little endian overflow attempt (netbios.rules)
4793 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX overflow attempt (netbios.rules)
4794 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode andx overflow attempt (netbios.rules)
4795 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4796 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules)
4797 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules)
4798 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin andx overflow attempt (netbios.rules)
4799 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules)
4800 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4801 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4802 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode andx overflow attempt (netbios.rules)
4803 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode little endian andx overflow attempt (netbios.rules)
4804 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode little endian overflow attempt (netbios.rules)
4805 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode overflow attempt (netbios.rules)
4806 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX andx overflow attempt (netbios.rules)
4807 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules)
4808 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX little endian overflow attempt (netbios.rules)
4809 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX overflow attempt (netbios.rules)
4810 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode andx overflow attempt (netbios.rules)
4811 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4812 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules)
4813 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules)
4814 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin andx overflow attempt (netbios.rules)
4815 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules)
4816 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4817 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4818 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode andx overflow attempt (netbios.rules)
4819 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode little endian andx overflow attempt (netbios.rules)
4820 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode little endian overflow attempt (netbios.rules)
4821 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode overflow attempt (netbios.rules)
4822 <-> NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4823 <-> NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4824 <-> NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin little endian overflow attempt (netbios.rules)
4825 <-> NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4826 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt (netbios.rules)
4827 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt (netbios.rules)
4828 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian attempt (netbios.rules)
4829 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules)
4830 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt (netbios.rules)
4831 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian attempt (netbios.rules)
4832 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt (netbios.rules)
4833 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt (netbios.rules)
4834 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
4835 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian attempt (netbios.rules)
4836 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt (netbios.rules)
4837 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules)
4838 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian attempt (netbios.rules)
4839 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules)
4840 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt (netbios.rules)
4841 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt (netbios.rules)
4842 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian attempt (netbios.rules)
4843 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt (netbios.rules)
4844 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules)
4845 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian attempt (netbios.rules)
4846 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt (netbios.rules)
4847 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
4848 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt (netbios.rules)
4849 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
4850 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt (netbios.rules)
4851 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt (netbios.rules)
4852 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian attempt (netbios.rules)
4853 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian attempt (netbios.rules)
4854 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little endian attempt (netbios.rules)
4855 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian attempt (netbios.rules)
4856 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules)
4857 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode attempt (netbios.rules)
4858 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules)
4859 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules)
4860 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian andx attempt (netbios.rules)
4861 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt (netbios.rules)
4862 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules)
4863 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt (netbios.rules)
4864 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules)
4865 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt (netbios.rules)
4866 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules)
4867 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt (netbios.rules)
4868 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt (netbios.rules)
4869 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt (netbios.rules)
4870 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian andx attempt (netbios.rules)
4871 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt (netbios.rules)
4872 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt (netbios.rules)
4873 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules)
4874 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian andx attempt (netbios.rules)
4875 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt (netbios.rules)
4876 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx attempt (netbios.rules)
4877 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules)
4878 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt (netbios.rules)
4879 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules)
4880 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx attempt (netbios.rules)
4881 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules)
4882 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules)
4883 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt (netbios.rules)
4884 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX little endian andx attempt (netbios.rules)
4885 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt (netbios.rules)
4886 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little endian andx attempt (netbios.rules)
4887 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode little endian andx attempt (netbios.rules)
4888 <-> NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules)
4889 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules)
4918 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
4919 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
4920 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt (netbios.rules)
4921 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX dos attempt (netbios.rules)
4922 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules)
4923 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt (netbios.rules)
4924 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian dos attempt (netbios.rules)
4925 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt (netbios.rules)
4926 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt (netbios.rules)
4927 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt (netbios.rules)
4928 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules)
4929 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt (netbios.rules)
4930 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian dos attempt (netbios.rules)
4931 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt (netbios.rules)
4932 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian dos attempt (netbios.rules)
4933 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt (netbios.rules)
4934 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt (netbios.rules)
4935 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt (netbios.rules)
4936 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules)
4937 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian dos attempt (netbios.rules)
4938 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian dos attempt (netbios.rules)
4939 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian dos attempt (netbios.rules)
4940 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules)
4941 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
4942 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules)
4943 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX dos attempt (netbios.rules)
4944 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian dos attempt (netbios.rules)
4945 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian dos attempt (netbios.rules)
4946 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian dos attempt (netbios.rules)
4947 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode dos attempt (netbios.rules)
4948 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian dos attempt (netbios.rules)
4949 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt (netbios.rules)
4950 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules)
4951 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules)
4952 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt (netbios.rules)
4953 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt (netbios.rules)
4954 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode andx dos attempt (netbios.rules)
4955 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos attempt (netbios.rules)
4956 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian andx dos attempt (netbios.rules)
4957 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt (netbios.rules)
4958 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt (netbios.rules)
4959 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos attempt (netbios.rules)
4960 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode andx dos attempt (netbios.rules)
4961 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt (netbios.rules)
4962 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian andx dos attempt (netbios.rules)
4963 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt (netbios.rules)
4964 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt (netbios.rules)
4965 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt (netbios.rules)
4966 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt (netbios.rules)
4967 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos attempt (netbios.rules)
4968 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode andx dos attempt (netbios.rules)
4969 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt (netbios.rules)
4970 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little endian andx dos attempt (netbios.rules)
4971 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian andx dos attempt (netbios.rules)
4972 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode andx dos attempt (netbios.rules)
4973 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules)
4974 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules)
4975 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt (netbios.rules)
4976 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian andx dos attempt (netbios.rules)
4977 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian andx dos attempt (netbios.rules)
4978 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt (netbios.rules)
4979 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode andx dos attempt (netbios.rules)
4980 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian andx dos attempt (netbios.rules)
4981 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos attempt (netbios.rules)
5696 <-> IMAP delete directory traversal attempt (imap.rules)
5697 <-> IMAP examine directory traversal attempt (imap.rules)
5698 <-> IMAP list directory traversal attempt (imap.rules)
5699 <-> IMAP lsub directory traversal attempt (imap.rules)
5700 <-> IMAP rename directory traversal attempt (imap.rules)
5701 <-> IMAP status directory traversal attempt (imap.rules)
5702 <-> IMAP subscribe directory traversal attempt (imap.rules)
5703 <-> IMAP unsubscribe directory traversal attempt (imap.rules)
5704 <-> IMAP SELECT overflow attempt (imap.rules)
5705 <-> IMAP CAPABILITY overflow attempt (imap.rules)
6410 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6471 <-> EXPLOIT RealVNC password authentication bypass vulnerability attempt (exploit.rules)
7724 <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7725 <-> DELETED BACKDOOR reversable ver1.0 runtime detection - initial connection (deleted.rules)
8415 <-> FTP SIZE overflow attempt (ftp.rules)
8438 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8439 <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules)
8440 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8441 <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
8479 <-> FTP HELP overflow attempt (ftp.rules)
8480 <-> FTP PORT overflow attempt (ftp.rules)
8481 <-> FTP Microsoft NLST * dos attempt (ftp.rules)
8707 <-> FTP WZD-FTPD SITE arbitrary command execution attempt (ftp.rules)
8709 <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules)
8710 <-> DNS Windows NAT helper components udp denial of service attempt (dns.rules)
8723 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX clsid access (web-client.rules)
8724 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX clsid unicode access (web-client.rules)
9792 <-> FTP PASV overflow attempt (ftp.rules)
9813 <-> EXPLOIT Symantec NetBackup connect_options buffer overflow attempt (exploit.rules)
9820 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX function call access (web-client.rules)
10011 <-> IMAP Novell NetMail APPEND command buffer overflow attempt (imap.rules)
10130 <-> POLICY VERITAS NetBackup system execution function call access attempt (policy.rules)
10158 <-> DELETED NETBIOS SMB writex possible Snort dcerpc preprocessor overflow attempt (deleted.rules)
10159 <-> DELETED NETBIOS SMB-DS writex possible Snort dcerpc preprocessor overflow attempt (deleted.rules)
10160 <-> DELETED NETBIOS-DG SMB writex possible Snort dcerpc preprocessor overflow attempt (deleted.rules)
10188 <-> FTP Wsftp XMD5 overflow attempt (ftp.rules)
10482 <-> RPC portmap CA BrightStor ARCserve tcp request (rpc.rules)
10483 <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules)
10484 <-> RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (rpc.rules)
10485 <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules)
11004 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules)
11616 <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)
11834 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
11836 <-> MISC Visio version number anomaly (misc.rules)