Sourcefire VRT Rules Update
Date: 2007-08-14
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.
The format of the file is:
sid - Message (rule group)
New rules: 12224 <-> SPYWARE-PUT Adware enbrowser snackman runtime detection (spyware-put.rules) 12225 <-> SPYWARE-PUT Adware zango2007 toolbar runtime detection (spyware-put.rules) 12226 <-> SPYWARE-PUT Keylogger overspy runtime detection (spyware-put.rules) 12227 <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - search (spyware-put.rules) 12228 <-> SPYWARE-PUT Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (spyware-put.rules) 12229 <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules) 12230 <-> SPYWARE-PUT Hacker-Tool hippynotify 2.0 runtime detection (spyware-put.rules) 12231 <-> SPYWARE-PUT Adware vroomsearch runtime detection (spyware-put.rules) 12232 <-> SPYWARE-PUT Adware errorsafe runtime detection (spyware-put.rules) 12233 <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules) 12234 <-> BACKDOOR theef 2.10 runtime detection - connect with no password (backdoor.rules) 12235 <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules) 12236 <-> BACKDOOR theef 2.10 runtime detection - connect with password (backdoor.rules) 12237 <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules) 12238 <-> BACKDOOR theef 2.10 runtime detection - ftp (backdoor.rules) 12239 <-> BACKDOOR webcenter v1.0 Backdoor - init connection (backdoor.rules) 12240 <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules) 12241 <-> BACKDOOR genie 1.7 runtime detection - init connection (backdoor.rules) 12242 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules) 12243 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules) 12244 <-> BACKDOOR itadem trojan 3.0 runtime detection (backdoor.rules) 12245 <-> BACKDOOR furax 1.0 b3 runtime detection (backdoor.rules) 12246 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX clsid access (web-client.rules) 12247 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX clsid unicode access (web-client.rules) 12248 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX function call access (web-client.rules) 12249 <-> WEB-CLIENT Symantec NavComUI AxSysListView32 ActiveX function call unicode access (web-client.rules) 12250 <-> WEB-CLIENT Symantec NavComUI AxSysListView32OAA ActiveX clsid access (web-client.rules) 12251 <-> WEB-CLIENT Symantec NavComUI AxSysListView32OAA ActiveX clsid unicode access (web-client.rules) 12252 <-> WEB-CLIENT Symantec NavComUI AxSysListView32OAA ActiveX function call access (web-client.rules) 12253 <-> WEB-CLIENT Symantec NavComUI AxSysListView32OAA ActiveX function call unicode access (web-client.rules) 12254 <-> EXPLOIT CA message queuing erroneous length field (exploit.rules) 12255 <-> WEB-CGI CSGuestbook setup attempt (web-cgi.rules) 12256 <-> WEB-CLIENT Excel malformed FBI record (web-client.rules) 12257 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid access (web-client.rules) 12258 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid unicode access (web-client.rules) 12259 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call access (web-client.rules) 12260 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call unicode access (web-client.rules) 12261 <-> WEB-CLIENT Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (web-client.rules) 12262 <-> WEB-CLIENT Microsoft Visual Basic 6 PDWizard.File ActiveX clsid unicode access (web-client.rules) 12263 <-> WEB-CLIENT Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (web-client.rules) 12264 <-> WEB-CLIENT Microsoft Visual Basic 6 PDWizard.File ActiveX function call unicode access (web-client.rules) 12265 <-> WEB-CLIENT Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (web-client.rules) 12266 <-> WEB-CLIENT Microsoft Visual Basic 6 SearchHelper ActiveX clsid unicode access (web-client.rules) 12267 <-> WEB-CLIENT Microsoft Visual Basic 6 SearchHelper ActiveX function call access (web-client.rules) 12268 <-> WEB-CLIENT Microsoft Visual Basic 6 SearchHelper ActiveX function call unicode access (web-client.rules) 12269 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-client.rules) 12270 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX clsid unicode access (web-client.rules) 12271 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call access (web-client.rules) 12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules) 12273 <-> WEB-CLIENT Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (web-client.rules) 12274 <-> WEB-CLIENT Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid unicode access (web-client.rules) 12275 <-> WEB-CLIENT Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (web-client.rules) 12276 <-> WEB-CLIENT Microsoft Visual Basic 6 TypeLibInfo ActiveX function call unicode access (web-client.rules) 12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules) 12278 <-> POLICY Microsoft Media Player compressed skin download (policy.rules) 12279 <-> WEB-CLIENT Microsoft XML substringData integer overflow attept (web-client.rules) 12280 <-> WEB-CLIENT VML source file memory corruption (web-client.rules) 12281 <-> WEB-CLIENT VML source file memory corruption (web-client.rules) 12282 <-> WEB-CLIENT VML source file memory corruption (web-client.rules) 12283 <-> WEB-CLIENT xlw file download (web-client.rules) 12284 <-> WEB-CLIENT Excel rtWnDesk record memory corruption exploit attempt (web-client.rules) Updated rules: 518 <-> TFTP Put (tftp.rules) 519 <-> TFTP parent directory (tftp.rules) 520 <-> TFTP root directory (tftp.rules) 569 <-> RPC snmpXdmi overflow attempt TCP (rpc.rules) 572 <-> RPC DOS ttdbserv Solaris (rpc.rules) 574 <-> RPC mountd TCP export request (rpc.rules) 575 <-> RPC portmap admind request UDP (rpc.rules) 576 <-> RPC portmap amountd request UDP (rpc.rules) 577 <-> RPC portmap bootparam request UDP (rpc.rules) 578 <-> RPC portmap cmsd request UDP (rpc.rules) 579 <-> RPC portmap mountd request UDP (rpc.rules) 580 <-> RPC portmap nisd request UDP (rpc.rules) 581 <-> RPC portmap pcnfsd request UDP (rpc.rules) 582 <-> RPC portmap rexd request UDP (rpc.rules) 583 <-> RPC portmap rstatd request UDP (rpc.rules) 584 <-> RPC portmap rusers request UDP (rpc.rules) 585 <-> RPC portmap sadmind request UDP (rpc.rules) 586 <-> RPC portmap selection_svc request UDP (rpc.rules) 587 <-> RPC portmap status request UDP (rpc.rules) 588 <-> RPC portmap ttdbserv request UDP (rpc.rules) 589 <-> RPC portmap yppasswd request UDP (rpc.rules) 590 <-> RPC portmap ypserv request UDP (rpc.rules) 591 <-> RPC portmap ypupdated request TCP (rpc.rules) 593 <-> RPC portmap snmpXdmi request TCP (rpc.rules) 595 <-> RPC portmap espd request TCP (rpc.rules) 598 <-> RPC portmap listing TCP 111 (rpc.rules) 599 <-> RPC portmap listing TCP 32771 (rpc.rules) 612 <-> RPC rusers query UDP (rpc.rules) 709 <-> TELNET 4Dgifts SGI account attempt (telnet.rules) 710 <-> TELNET EZsetup account attempt (telnet.rules) 711 <-> TELNET SGI telnetd format bug (telnet.rules) 712 <-> TELNET ld_library_path (telnet.rules) 713 <-> TELNET livingston DOS (telnet.rules) 714 <-> TELNET resolv_host_conf (telnet.rules) 715 <-> TELNET Attempted SU from wrong group (telnet.rules) 717 <-> TELNET not on console (telnet.rules) 719 <-> TELNET root login (telnet.rules) 803 <-> WEB-CGI HyperSeek hsx.cgi directory traversal attempt (web-cgi.rules) 804 <-> WEB-CGI SWSoft ASPSeek Overflow attempt (web-cgi.rules) 805 <-> WEB-CGI webspeed access (web-cgi.rules) 806 <-> WEB-CGI yabb directory traversal attempt (web-cgi.rules) 807 <-> WEB-CGI /wwwboard/passwd.txt access (web-cgi.rules) 808 <-> WEB-CGI webdriver access (web-cgi.rules) 809 <-> WEB-CGI whois_raw.cgi arbitrary command execution attempt (web-cgi.rules) 810 <-> WEB-CGI whois_raw.cgi access (web-cgi.rules) 811 <-> WEB-CGI websitepro path access (web-cgi.rules) 812 <-> WEB-CGI webplus version access (web-cgi.rules) 813 <-> WEB-CGI webplus directory traversal (web-cgi.rules) 815 <-> WEB-CGI websendmail access (web-cgi.rules) 817 <-> WEB-CGI dcboard.cgi invalid user addition attempt (web-cgi.rules) 818 <-> WEB-CGI dcforum.cgi access (web-cgi.rules) 819 <-> WEB-CGI mmstdod.cgi access (web-cgi.rules) 820 <-> WEB-CGI anaconda directory transversal attempt (web-cgi.rules) 821 <-> WEB-CGI imagemap.exe overflow attempt (web-cgi.rules) 823 <-> WEB-CGI cvsweb.cgi access (web-cgi.rules) 824 <-> WEB-CGI php.cgi access (web-cgi.rules) 825 <-> WEB-CGI glimpse access (web-cgi.rules) 826 <-> WEB-CGI htmlscript access (web-cgi.rules) 827 <-> WEB-CGI info2www access (web-cgi.rules) 828 <-> WEB-CGI maillist.pl access (web-cgi.rules) 829 <-> WEB-CGI nph-test-cgi access (web-cgi.rules) 832 <-> WEB-CGI perl.exe access (web-cgi.rules) 833 <-> WEB-CGI rguest.exe access (web-cgi.rules) 834 <-> WEB-CGI rwwwshell.pl access (web-cgi.rules) 835 <-> WEB-CGI test-cgi access (web-cgi.rules) 836 <-> WEB-CGI textcounter.pl access (web-cgi.rules) 837 <-> WEB-CGI uploader.exe access (web-cgi.rules) 838 <-> WEB-CGI webgais access (web-cgi.rules) 839 <-> WEB-CGI finger access (web-cgi.rules) 840 <-> WEB-CGI perlshop.cgi access (web-cgi.rules) 842 <-> WEB-CGI aglimpse access (web-cgi.rules) 843 <-> WEB-CGI anform2 access (web-cgi.rules) 844 <-> WEB-CGI args.bat access (web-cgi.rules) 845 <-> WEB-CGI AT-admin.cgi access (web-cgi.rules) 846 <-> WEB-CGI bnbform.cgi access (web-cgi.rules) 847 <-> WEB-CGI campas access (web-cgi.rules) 848 <-> WEB-CGI view-source directory traversal (web-cgi.rules) 849 <-> WEB-CGI view-source access (web-cgi.rules) 850 <-> WEB-CGI wais.pl access (web-cgi.rules) 851 <-> WEB-CGI files.pl access (web-cgi.rules) 852 <-> WEB-CGI wguest.exe access (web-cgi.rules) 853 <-> WEB-CGI wrap access (web-cgi.rules) 854 <-> WEB-CGI classifieds.cgi access (web-cgi.rules) 856 <-> WEB-CGI environ.cgi access (web-cgi.rules) 857 <-> WEB-CGI faxsurvey access (web-cgi.rules) 858 <-> WEB-CGI filemail access (web-cgi.rules) 859 <-> WEB-CGI man.sh access (web-cgi.rules) 860 <-> WEB-CGI snork.bat access (web-cgi.rules) 861 <-> WEB-CGI w3-msql access (web-cgi.rules) 862 <-> WEB-CGI csh access (web-cgi.rules) 863 <-> WEB-CGI day5datacopier.cgi access (web-cgi.rules) 864 <-> WEB-CGI day5datanotifier.cgi access (web-cgi.rules) 865 <-> WEB-CGI ksh access (web-cgi.rules) 866 <-> WEB-CGI post-query access (web-cgi.rules) 867 <-> WEB-CGI visadmin.exe access (web-cgi.rules) 868 <-> WEB-CGI rsh access (web-cgi.rules) 869 <-> WEB-CGI dumpenv.pl access (web-cgi.rules) 870 <-> WEB-CGI snorkerz.cmd access (web-cgi.rules) 871 <-> WEB-CGI survey.cgi access (web-cgi.rules) 872 <-> WEB-CGI tcsh access (web-cgi.rules) 875 <-> WEB-CGI win-c-sample.exe access (web-cgi.rules) 877 <-> WEB-CGI rksh access (web-cgi.rules) 878 <-> WEB-CGI w3tvars.pm access (web-cgi.rules) 879 <-> WEB-CGI admin.pl access (web-cgi.rules) 880 <-> WEB-CGI LWGate access (web-cgi.rules) 881 <-> WEB-CGI archie access (web-cgi.rules) 882 <-> WEB-CGI calendar access (web-cgi.rules) 883 <-> WEB-CGI flexform access (web-cgi.rules) 884 <-> WEB-CGI formmail access (web-cgi.rules) 885 <-> WEB-CGI bash access (web-cgi.rules) 886 <-> WEB-CGI phf access (web-cgi.rules) 887 <-> WEB-CGI www-sql access (web-cgi.rules) 888 <-> WEB-CGI wwwadmin.pl access (web-cgi.rules) 889 <-> WEB-CGI ppdscgi.exe access (web-cgi.rules) 890 <-> WEB-CGI sendform.cgi access (web-cgi.rules) 891 <-> WEB-CGI upload.pl access (web-cgi.rules) 892 <-> WEB-CGI AnyForm2 access (web-cgi.rules) 894 <-> WEB-CGI bb-hist.sh access (web-cgi.rules) 895 <-> WEB-CGI redirect access (web-cgi.rules) 896 <-> WEB-CGI way-board access (web-cgi.rules) 897 <-> WEB-CGI pals-cgi access (web-cgi.rules) 898 <-> WEB-CGI commerce.cgi access (web-cgi.rules) 899 <-> WEB-CGI Amaya templates sendtemp.pl directory traversal attempt (web-cgi.rules) 900 <-> WEB-CGI webspirs.cgi directory traversal attempt (web-cgi.rules) 901 <-> WEB-CGI webspirs.cgi access (web-cgi.rules) 902 <-> WEB-CGI tstisapi.dll access (web-cgi.rules) 1051 <-> WEB-CGI technote main.cgi file directory traversal attempt (web-cgi.rules) 1052 <-> WEB-CGI technote print.cgi directory traversal attempt (web-cgi.rules) 1053 <-> WEB-CGI ads.cgi command execution attempt (web-cgi.rules) 1088 <-> WEB-CGI eXtropia webstore directory traversal (web-cgi.rules) 1089 <-> WEB-CGI shopping cart directory traversal (web-cgi.rules) 1090 <-> WEB-CGI Allaire Pro Web Shell attempt (web-cgi.rules) 1092 <-> WEB-CGI Armada Style Master Index directory traversal (web-cgi.rules) 1093 <-> WEB-CGI cached_feed.cgi moreover shopping cart directory traversal (web-cgi.rules) 1097 <-> WEB-CGI Talentsoft Web+ exploit attempt (web-cgi.rules) 1106 <-> WEB-CGI Poll-it access (web-cgi.rules) 1149 <-> WEB-CGI count.cgi access (web-cgi.rules) 1163 <-> WEB-CGI webdist.cgi access (web-cgi.rules) 1172 <-> WEB-CGI bigconf.cgi access (web-cgi.rules) 1174 <-> WEB-CGI /cgi-bin/jj access (web-cgi.rules) 1185 <-> WEB-CGI bizdbsearch attempt (web-cgi.rules) 1194 <-> WEB-CGI sojourn.cgi File attempt (web-cgi.rules) 1195 <-> WEB-CGI sojourn.cgi access (web-cgi.rules) 1196 <-> WEB-CGI SGI InfoSearch fname attempt (web-cgi.rules) 1204 <-> WEB-CGI ax-admin.cgi access (web-cgi.rules) 1205 <-> WEB-CGI axs.cgi access (web-cgi.rules) 1206 <-> WEB-CGI cachemgr.cgi access (web-cgi.rules) 1208 <-> WEB-CGI responder.cgi access (web-cgi.rules) 1211 <-> WEB-CGI web-map.cgi access (web-cgi.rules) 1215 <-> WEB-CGI ministats admin access (web-cgi.rules) 1219 <-> WEB-CGI dfire.cgi access (web-cgi.rules) 1222 <-> WEB-CGI pals-cgi arbitrary file access attempt (web-cgi.rules) 1252 <-> TELNET bsd telnet exploit response (telnet.rules) 1253 <-> TELNET bsd exploit client finishing (telnet.rules) 1262 <-> RPC portmap admind request TCP (rpc.rules) 1263 <-> RPC portmap amountd request TCP (rpc.rules) 1264 <-> RPC portmap bootparam request TCP (rpc.rules) 1265 <-> RPC portmap cmsd request TCP (rpc.rules) 1266 <-> RPC portmap mountd request TCP (rpc.rules) 1267 <-> RPC portmap nisd request TCP (rpc.rules) 1268 <-> RPC portmap pcnfsd request TCP (rpc.rules) 1269 <-> RPC portmap rexd request TCP (rpc.rules) 1270 <-> RPC portmap rstatd request TCP (rpc.rules) 1271 <-> RPC portmap rusers request TCP (rpc.rules) 1272 <-> RPC portmap sadmind request TCP (rpc.rules) 1273 <-> RPC portmap selection_svc request TCP (rpc.rules) 1274 <-> RPC portmap ttdbserv request TCP (rpc.rules) 1275 <-> RPC portmap yppasswd request TCP (rpc.rules) 1276 <-> RPC portmap ypserv request TCP (rpc.rules) 1277 <-> RPC portmap ypupdated request UDP (rpc.rules) 1279 <-> RPC portmap snmpXdmi request UDP (rpc.rules) 1280 <-> RPC portmap listing UDP 111 (rpc.rules) 1281 <-> RPC portmap listing UDP 32771 (rpc.rules) 1289 <-> TFTP GET Admin.dll (tftp.rules) 1293 <-> DELETED NETBIOS nimda .eml (deleted.rules) 1294 <-> DELETED NETBIOS nimda .nws (deleted.rules) 1295 <-> NETBIOS nimda RICHED20.DLL (netbios.rules) 1304 <-> WEB-CGI txt2html.cgi access (web-cgi.rules) 1305 <-> WEB-CGI txt2html.cgi directory traversal attempt (web-cgi.rules) 1306 <-> WEB-CGI store.cgi product directory traversal attempt (web-cgi.rules) 1307 <-> WEB-CGI store.cgi access (web-cgi.rules) 1308 <-> WEB-CGI sendmessage.cgi access (web-cgi.rules) 1309 <-> WEB-CGI zsh access (web-cgi.rules) 1392 <-> WEB-CGI lastlines.cgi access (web-cgi.rules) 1395 <-> WEB-CGI zml.cgi attempt (web-cgi.rules) 1396 <-> WEB-CGI zml.cgi access (web-cgi.rules) 1397 <-> WEB-CGI wayboard attempt (web-cgi.rules) 1405 <-> WEB-CGI AHG search.cgi access (web-cgi.rules) 1406 <-> WEB-CGI agora.cgi access (web-cgi.rules) 1409 <-> SNMP community string buffer overflow attempt (snmp.rules) 1410 <-> WEB-CGI dcboard.cgi access (web-cgi.rules) 1411 <-> SNMP public access udp (snmp.rules) 1412 <-> SNMP public access tcp (snmp.rules) 1413 <-> SNMP private access udp (snmp.rules) 1414 <-> SNMP private access tcp (snmp.rules) 1415 <-> SNMP Broadcast request (snmp.rules) 1416 <-> SNMP broadcast trap (snmp.rules) 1417 <-> SNMP request udp (snmp.rules) 1418 <-> SNMP request tcp (snmp.rules) 1419 <-> SNMP trap udp (snmp.rules) 1420 <-> SNMP trap tcp (snmp.rules) 1421 <-> SNMP AgentX/tcp request (snmp.rules) 1422 <-> SNMP community string buffer overflow attempt with evasion (snmp.rules) 1426 <-> SNMP PROTOS test-suite-req-app attempt (snmp.rules) 1427 <-> SNMP PROTOS test-suite-trap-app attempt (snmp.rules) 1430 <-> TELNET Solaris memory mismanagement exploit attempt (telnet.rules) 1441 <-> TFTP GET nc.exe (tftp.rules) 1442 <-> TFTP GET shadow (tftp.rules) 1443 <-> TFTP GET passwd (tftp.rules) 1444 <-> TFTP Get (tftp.rules) 1451 <-> WEB-CGI NPH-publish access (web-cgi.rules) 1452 <-> WEB-CGI args.cmd access (web-cgi.rules) 1453 <-> WEB-CGI AT-generated.cgi access (web-cgi.rules) 1454 <-> WEB-CGI wwwwais access (web-cgi.rules) 1455 <-> WEB-CGI calendar.pl access (web-cgi.rules) 1456 <-> WEB-CGI calender_admin.pl access (web-cgi.rules) 1457 <-> WEB-CGI user_update_admin.pl access (web-cgi.rules) 1458 <-> WEB-CGI user_update_passwd.pl access (web-cgi.rules) 1459 <-> WEB-CGI bb-histlog.sh access (web-cgi.rules) 1460 <-> WEB-CGI bb-histsvc.sh access (web-cgi.rules) 1461 <-> WEB-CGI bb-rep.sh access (web-cgi.rules) 1462 <-> WEB-CGI bb-replog.sh access (web-cgi.rules) 1465 <-> WEB-CGI auktion.cgi access (web-cgi.rules) 1466 <-> WEB-CGI cgiforum.pl access (web-cgi.rules) 1467 <-> WEB-CGI directorypro.cgi access (web-cgi.rules) 1468 <-> WEB-CGI Web Shopper shopper.cgi attempt (web-cgi.rules) 1469 <-> WEB-CGI Web Shopper shopper.cgi access (web-cgi.rules) 1470 <-> WEB-CGI listrec.pl access (web-cgi.rules) 1471 <-> WEB-CGI mailnews.cgi access (web-cgi.rules) 1472 <-> WEB-CGI book.cgi access (web-cgi.rules) 1473 <-> WEB-CGI newsdesk.cgi access (web-cgi.rules) 1474 <-> WEB-CGI cal_make.pl access (web-cgi.rules) 1475 <-> WEB-CGI mailit.pl access (web-cgi.rules) 1476 <-> WEB-CGI sdbsearch.cgi access (web-cgi.rules) 1478 <-> WEB-CGI swc access (web-cgi.rules) 1479 <-> WEB-CGI ttawebtop.cgi arbitrary file attempt (web-cgi.rules) 1480 <-> WEB-CGI ttawebtop.cgi access (web-cgi.rules) 1481 <-> WEB-CGI upload.cgi access (web-cgi.rules) 1482 <-> WEB-CGI view_source access (web-cgi.rules) 1483 <-> WEB-CGI ustorekeeper.pl access (web-cgi.rules) 1488 <-> WEB-CGI store.cgi directory traversal attempt (web-cgi.rules) 1494 <-> WEB-CGI SIX webboard generate.cgi attempt (web-cgi.rules) 1495 <-> WEB-CGI SIX webboard generate.cgi access (web-cgi.rules) 1496 <-> WEB-CGI spin_client.cgi access (web-cgi.rules) 1501 <-> WEB-CGI a1stats a1disp3.cgi directory traversal attempt (web-cgi.rules) 1502 <-> WEB-CGI a1stats a1disp3.cgi access (web-cgi.rules) 1503 <-> WEB-CGI admentor admin.asp access (web-cgi.rules) 1505 <-> WEB-CGI alchemy http server PRN arbitrary command execution attempt (web-cgi.rules) 1506 <-> WEB-CGI alchemy http server NUL arbitrary command execution attempt (web-cgi.rules) 1507 <-> WEB-CGI alibaba.pl arbitrary command execution attempt (web-cgi.rules) 1508 <-> WEB-CGI alibaba.pl access (web-cgi.rules) 1509 <-> WEB-CGI AltaVista Intranet Search directory traversal attempt (web-cgi.rules) 1510 <-> WEB-CGI test.bat arbitrary command execution attempt (web-cgi.rules) 1511 <-> WEB-CGI test.bat access (web-cgi.rules) 1512 <-> WEB-CGI input.bat arbitrary command execution attempt (web-cgi.rules) 1513 <-> WEB-CGI input.bat access (web-cgi.rules) 1514 <-> WEB-CGI input2.bat arbitrary command execution attempt (web-cgi.rules) 1515 <-> WEB-CGI input2.bat access (web-cgi.rules) 1516 <-> WEB-CGI envout.bat arbitrary command execution attempt (web-cgi.rules) 1517 <-> WEB-CGI envout.bat access (web-cgi.rules) 1531 <-> WEB-CGI bb-hist.sh attempt (web-cgi.rules) 1532 <-> WEB-CGI bb-hostscv.sh attempt (web-cgi.rules) 1533 <-> WEB-CGI bb-hostscv.sh access (web-cgi.rules) 1534 <-> WEB-CGI agora.cgi attempt (web-cgi.rules) 1535 <-> WEB-CGI bizdbsearch access (web-cgi.rules) 1536 <-> WEB-CGI calendar_admin.pl arbitrary command execution attempt (web-cgi.rules) 1537 <-> WEB-CGI calendar_admin.pl access (web-cgi.rules) 1539 <-> WEB-CGI /cgi-bin/ls access (web-cgi.rules) 1542 <-> WEB-CGI cgimail access (web-cgi.rules) 1543 <-> WEB-CGI cgiwrap access (web-cgi.rules) 1547 <-> WEB-CGI csSearch.cgi arbitrary command execution attempt (web-cgi.rules) 1548 <-> WEB-CGI csSearch.cgi access (web-cgi.rules) 1554 <-> WEB-CGI dbman db.cgi access (web-cgi.rules) 1555 <-> WEB-CGI DCShop access (web-cgi.rules) 1556 <-> WEB-CGI DCShop orders.txt access (web-cgi.rules) 1557 <-> WEB-CGI DCShop auth_user_file.txt access (web-cgi.rules) 1565 <-> WEB-CGI eshop.pl arbitrary commane execution attempt (web-cgi.rules) 1566 <-> WEB-CGI eshop.pl access (web-cgi.rules) 1569 <-> WEB-CGI loadpage.cgi directory traversal attempt (web-cgi.rules) 1570 <-> WEB-CGI loadpage.cgi access (web-cgi.rules) 1571 <-> WEB-CGI dcforum.cgi directory traversal attempt (web-cgi.rules) 1572 <-> WEB-CGI commerce.cgi arbitrary file access attempt (web-cgi.rules) 1573 <-> WEB-CGI cgiforum.pl attempt (web-cgi.rules) 1574 <-> WEB-CGI directorypro.cgi attempt (web-cgi.rules) 1590 <-> WEB-CGI faqmanager.cgi arbitrary file access attempt (web-cgi.rules) 1591 <-> WEB-CGI faqmanager.cgi access (web-cgi.rules) 1592 <-> WEB-CGI /fcgi-bin/echo.exe access (web-cgi.rules) 1593 <-> WEB-CGI FormHandler.cgi external site redirection attempt (web-cgi.rules) 1594 <-> WEB-CGI FormHandler.cgi access (web-cgi.rules) 1597 <-> WEB-CGI guestbook.cgi access (web-cgi.rules) 1598 <-> WEB-CGI Home Free search.cgi directory traversal attempt (web-cgi.rules) 1599 <-> WEB-CGI search.cgi access (web-cgi.rules) 1600 <-> WEB-CGI htsearch arbitrary configuration file attempt (web-cgi.rules) 1601 <-> WEB-CGI htsearch arbitrary file read attempt (web-cgi.rules) 1602 <-> WEB-CGI htsearch access (web-cgi.rules) 1606 <-> WEB-CGI icat access (web-cgi.rules) 1607 <-> WEB-CGI HyperSeek hsx.cgi access (web-cgi.rules) 1608 <-> WEB-CGI htmlscript attempt (web-cgi.rules) 1610 <-> WEB-CGI formmail arbitrary command execution attempt (web-cgi.rules) 1611 <-> WEB-CGI eXtropia webstore access (web-cgi.rules) 1617 <-> WEB-CGI Bugzilla doeditvotes.cgi access (web-cgi.rules) 1628 <-> WEB-CGI FormHandler.cgi directory traversal attempt attempt (web-cgi.rules) 1637 <-> WEB-CGI yabb access (web-cgi.rules) 1642 <-> WEB-CGI document.d2w access (web-cgi.rules) 1643 <-> WEB-CGI db2www access (web-cgi.rules) 1644 <-> WEB-CGI test-cgi attempt (web-cgi.rules) 1645 <-> WEB-CGI testcgi access (web-cgi.rules) 1646 <-> WEB-CGI test.cgi access (web-cgi.rules) 1648 <-> WEB-CGI perl.exe command attempt (web-cgi.rules) 1649 <-> WEB-CGI perl command attempt (web-cgi.rules) 1650 <-> WEB-CGI tst.bat access (web-cgi.rules) 1651 <-> WEB-CGI environ.pl access (web-cgi.rules) 1652 <-> WEB-CGI campas attempt (web-cgi.rules) 1654 <-> WEB-CGI cart32.exe access (web-cgi.rules) 1655 <-> WEB-CGI pfdispaly.cgi arbitrary command execution attempt (web-cgi.rules) 1656 <-> WEB-CGI pfdispaly.cgi access (web-cgi.rules) 1657 <-> WEB-CGI pagelog.cgi directory traversal attempt (web-cgi.rules) 1658 <-> WEB-CGI pagelog.cgi access (web-cgi.rules) 1668 <-> WEB-CGI /cgi-bin/ access (web-cgi.rules) 1669 <-> WEB-CGI /cgi-dos/ access (web-cgi.rules) 1700 <-> WEB-CGI imagemap.exe access (web-cgi.rules) 1701 <-> WEB-CGI calendar-admin.pl access (web-cgi.rules) 1702 <-> WEB-CGI Amaya templates sendtemp.pl access (web-cgi.rules) 1703 <-> WEB-CGI auktion.cgi directory traversal attempt (web-cgi.rules) 1704 <-> WEB-CGI cal_make.pl directory traversal attempt (web-cgi.rules) 1705 <-> WEB-CGI echo.bat arbitrary command execution attempt (web-cgi.rules) 1706 <-> WEB-CGI echo.bat access (web-cgi.rules) 1707 <-> WEB-CGI hello.bat arbitrary command execution attempt (web-cgi.rules) 1708 <-> WEB-CGI hello.bat access (web-cgi.rules) 1709 <-> WEB-CGI ad.cgi access (web-cgi.rules) 1710 <-> WEB-CGI bbs_forum.cgi access (web-cgi.rules) 1711 <-> WEB-CGI bsguest.cgi access (web-cgi.rules) 1712 <-> WEB-CGI bslist.cgi access (web-cgi.rules) 1713 <-> WEB-CGI cgforum.cgi access (web-cgi.rules) 1714 <-> WEB-CGI newdesk access (web-cgi.rules) 1715 <-> WEB-CGI register.cgi access (web-cgi.rules) 1716 <-> WEB-CGI gbook.cgi access (web-cgi.rules) 1717 <-> WEB-CGI simplestguest.cgi access (web-cgi.rules) 1718 <-> WEB-CGI statsconfig.pl access (web-cgi.rules) 1719 <-> WEB-CGI talkback.cgi directory traversal attempt (web-cgi.rules) 1720 <-> WEB-CGI talkback.cgi access (web-cgi.rules) 1721 <-> WEB-CGI adcycle access (web-cgi.rules) 1722 <-> WEB-CGI MachineInfo access (web-cgi.rules) 1723 <-> WEB-CGI emumail.cgi NULL attempt (web-cgi.rules) 1724 <-> WEB-CGI emumail.cgi access (web-cgi.rules) 1727 <-> WEB-CGI SGI InfoSearch fname access (web-cgi.rules) 1730 <-> WEB-CGI ustorekeeper.pl directory traversal attempt (web-cgi.rules) 1731 <-> WEB-CGI a1stats access (web-cgi.rules) 1732 <-> RPC portmap rwalld request UDP (rpc.rules) 1733 <-> RPC portmap rwalld request TCP (rpc.rules) 1746 <-> RPC portmap cachefsd request UDP (rpc.rules) 1747 <-> RPC portmap cachefsd request TCP (rpc.rules) 1762 <-> WEB-CGI phf arbitrary command execution attempt (web-cgi.rules) 1763 <-> WEB-CGI Nortel Contivity cgiproc DOS attempt (web-cgi.rules) 1764 <-> WEB-CGI Nortel Contivity cgiproc DOS attempt (web-cgi.rules) 1765 <-> WEB-CGI Nortel Contivity cgiproc access (web-cgi.rules) 1787 <-> WEB-CGI csPassword.cgi access (web-cgi.rules) 1788 <-> WEB-CGI csPassword password.cgi.tmp access (web-cgi.rules) 1805 <-> WEB-CGI Oracle reports CGI access (web-cgi.rules) 1822 <-> WEB-CGI alienform.cgi directory traversal attempt (web-cgi.rules) 1823 <-> WEB-CGI AlienForm af.cgi directory traversal attempt (web-cgi.rules) 1824 <-> WEB-CGI alienform.cgi access (web-cgi.rules) 1825 <-> WEB-CGI AlienForm af.cgi access (web-cgi.rules) 1850 <-> WEB-CGI way-board.cgi access (web-cgi.rules) 1862 <-> WEB-CGI mrtg.cgi directory traversal attempt (web-cgi.rules) 1865 <-> WEB-CGI webdist.cgi arbitrary command attempt (web-cgi.rules) 1868 <-> WEB-CGI story.pl arbitrary file read attempt (web-cgi.rules) 1869 <-> WEB-CGI story.pl access (web-cgi.rules) 1870 <-> WEB-CGI siteUserMod.cgi access (web-cgi.rules) 1875 <-> WEB-CGI cgicso access (web-cgi.rules) 1876 <-> WEB-CGI nph-publish.cgi access (web-cgi.rules) 1877 <-> WEB-CGI printenv access (web-cgi.rules) 1878 <-> WEB-CGI sdbsearch.cgi access (web-cgi.rules) 1879 <-> WEB-CGI book.cgi arbitrary command execution attempt (web-cgi.rules) 1890 <-> RPC status GHBN format string attack (rpc.rules) 1891 <-> RPC status GHBN format string attack (rpc.rules) 1892 <-> SNMP null community string attempt (snmp.rules) 1893 <-> SNMP missing community string attempt (snmp.rules) 1905 <-> RPC AMD UDP amqproc_mount plog overflow attempt (rpc.rules) 1906 <-> RPC AMD TCP amqproc_mount plog overflow attempt (rpc.rules) 1907 <-> RPC CMSD UDP CMSD_CREATE buffer overflow attempt (rpc.rules) 1908 <-> RPC CMSD TCP CMSD_CREATE buffer overflow attempt (rpc.rules) 1909 <-> RPC CMSD TCP CMSD_INSERT buffer overflow attempt (rpc.rules) 1910 <-> RPC CMSD udp CMSD_INSERT buffer overflow attempt (rpc.rules) 1911 <-> RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules) 1912 <-> RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules) 1913 <-> RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules) 1914 <-> RPC STATD TCP stat mon_name format string exploit attempt (rpc.rules) 1915 <-> RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules) 1916 <-> RPC STATD TCP monitor mon_name format string exploit attempt (rpc.rules) 1922 <-> RPC portmap proxy attempt TCP (rpc.rules) 1923 <-> RPC portmap proxy attempt UDP (rpc.rules) 1924 <-> RPC mountd UDP export request (rpc.rules) 1925 <-> RPC mountd TCP exportall request (rpc.rules) 1926 <-> RPC mountd UDP exportall request (rpc.rules) 1931 <-> WEB-CGI rpc-nlog.pl access (web-cgi.rules) 1932 <-> WEB-CGI rpc-smb.pl access (web-cgi.rules) 1933 <-> WEB-CGI cart.cgi access (web-cgi.rules) 1941 <-> TFTP GET filename overflow attempt (tftp.rules) 1949 <-> RPC portmap SET attempt TCP 111 (rpc.rules) 1950 <-> RPC portmap SET attempt UDP 111 (rpc.rules) 1951 <-> RPC mountd TCP mount request (rpc.rules) 1952 <-> RPC mountd UDP mount request (rpc.rules) 1953 <-> RPC AMD TCP pid request (rpc.rules) 1954 <-> RPC AMD UDP pid request (rpc.rules) 1955 <-> RPC AMD TCP version request (rpc.rules) 1956 <-> RPC AMD UDP version request (rpc.rules) 1957 <-> RPC sadmind UDP PING (rpc.rules) 1958 <-> RPC sadmind TCP PING (rpc.rules) 1959 <-> RPC portmap NFS request UDP (rpc.rules) 1960 <-> RPC portmap NFS request TCP (rpc.rules) 1961 <-> RPC portmap RQUOTA request UDP (rpc.rules) 1962 <-> RPC portmap RQUOTA request TCP (rpc.rules) 1963 <-> RPC RQUOTA getquota overflow attempt UDP (rpc.rules) 1964 <-> RPC tooltalk UDP overflow attempt (rpc.rules) 1965 <-> RPC tooltalk TCP overflow attempt (rpc.rules) 1994 <-> WEB-CGI vpasswd.cgi access (web-cgi.rules) 1995 <-> WEB-CGI alya.cgi access (web-cgi.rules) 1996 <-> WEB-CGI viralator.cgi access (web-cgi.rules) 2001 <-> WEB-CGI smartsearch.cgi access (web-cgi.rules) 2005 <-> RPC portmap kcms_server request UDP (rpc.rules) 2006 <-> RPC portmap kcms_server request TCP (rpc.rules) 2007 <-> RPC kcms_server directory traversal attempt (rpc.rules) 2014 <-> RPC portmap UNSET attempt TCP 111 (rpc.rules) 2015 <-> RPC portmap UNSET attempt UDP 111 (rpc.rules) 2016 <-> RPC portmap status request TCP (rpc.rules) 2017 <-> RPC portmap espd request UDP (rpc.rules) 2018 <-> RPC mountd TCP dump request (rpc.rules) 2019 <-> RPC mountd UDP dump request (rpc.rules) 2020 <-> RPC mountd TCP unmount request (rpc.rules) 2021 <-> RPC mountd UDP unmount request (rpc.rules) 2022 <-> RPC mountd TCP unmountall request (rpc.rules) 2023 <-> RPC mountd UDP unmountall request (rpc.rules) 2024 <-> RPC RQUOTA getquota overflow attempt TCP (rpc.rules) 2025 <-> RPC yppasswd username overflow attempt UDP (rpc.rules) 2026 <-> RPC yppasswd username overflow attempt TCP (rpc.rules) 2027 <-> RPC yppasswd old password overflow attempt UDP (rpc.rules) 2028 <-> RPC yppasswd old password overflow attempt TCP (rpc.rules) 2029 <-> RPC yppasswd new password overflow attempt UDP (rpc.rules) 2030 <-> RPC yppasswd new password overflow attempt TCP (rpc.rules) 2031 <-> RPC yppasswd user update UDP (rpc.rules) 2032 <-> RPC yppasswd user update TCP (rpc.rules) 2033 <-> RPC ypserv maplist request UDP (rpc.rules) 2034 <-> RPC ypserv maplist request TCP (rpc.rules) 2035 <-> RPC portmap network-status-monitor request UDP (rpc.rules) 2036 <-> RPC portmap network-status-monitor request TCP (rpc.rules) 2037 <-> RPC network-status-monitor mon-callback request UDP (rpc.rules) 2038 <-> RPC network-status-monitor mon-callback request TCP (rpc.rules) 2045 <-> RPC snmpXdmi overflow attempt UDP (rpc.rules) 2051 <-> WEB-CGI cached_feed.cgi moreover shopping cart access (web-cgi.rules) 2052 <-> WEB-CGI overflow.cgi access (web-cgi.rules) 2053 <-> WEB-CGI process_bug.cgi access (web-cgi.rules) 2054 <-> WEB-CGI enter_bug.cgi arbitrary command attempt (web-cgi.rules) 2055 <-> WEB-CGI enter_bug.cgi access (web-cgi.rules) 2079 <-> RPC portmap nlockmgr request UDP (rpc.rules) 2080 <-> RPC portmap nlockmgr request TCP (rpc.rules) 2081 <-> RPC portmap rpc.xfsmd request UDP (rpc.rules) 2082 <-> RPC portmap rpc.xfsmd request TCP (rpc.rules) 2083 <-> RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules) 2084 <-> RPC rpc.xfsmd xfs_export attempt TCP (rpc.rules) 2085 <-> WEB-CGI parse_xml.cgi access (web-cgi.rules) 2086 <-> WEB-CGI streaming server parse_xml.cgi access (web-cgi.rules) 2088 <-> RPC ypupdated arbitrary command attempt UDP (rpc.rules) 2089 <-> RPC ypupdated arbitrary command attempt TCP (rpc.rules) 2092 <-> RPC portmap proxy integer overflow attempt UDP (rpc.rules) 2093 <-> RPC portmap proxy integer overflow attempt TCP (rpc.rules) 2094 <-> RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules) 2095 <-> RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (rpc.rules) 2115 <-> WEB-CGI album.pl access (web-cgi.rules) 2116 <-> WEB-CGI chipcfg.cgi access (web-cgi.rules) 2127 <-> WEB-CGI ikonboard.cgi access (web-cgi.rules) 2128 <-> WEB-CGI swsrv.cgi access (web-cgi.rules) 2184 <-> RPC mountd TCP mount path overflow attempt (rpc.rules) 2185 <-> RPC mountd UDP mount path overflow attempt (rpc.rules) 2194 <-> WEB-CGI CSMailto.cgi access (web-cgi.rules) 2195 <-> WEB-CGI alert.cgi access (web-cgi.rules) 2196 <-> WEB-CGI catgy.cgi access (web-cgi.rules) 2197 <-> WEB-CGI cvsview2.cgi access (web-cgi.rules) 2198 <-> WEB-CGI cvslog.cgi access (web-cgi.rules) 2199 <-> WEB-CGI multidiff.cgi access (web-cgi.rules) 2200 <-> WEB-CGI dnewsweb.cgi access (web-cgi.rules) 2201 <-> WEB-CGI download.cgi access (web-cgi.rules) 2202 <-> WEB-CGI edit_action.cgi access (web-cgi.rules) 2203 <-> WEB-CGI everythingform.cgi access (web-cgi.rules) 2204 <-> WEB-CGI ezadmin.cgi access (web-cgi.rules) 2205 <-> WEB-CGI ezboard.cgi access (web-cgi.rules) 2206 <-> WEB-CGI ezman.cgi access (web-cgi.rules) 2207 <-> WEB-CGI fileseek.cgi access (web-cgi.rules) 2208 <-> WEB-CGI fom.cgi access (web-cgi.rules) 2209 <-> WEB-CGI getdoc.cgi access (web-cgi.rules) 2210 <-> WEB-CGI global.cgi access (web-cgi.rules) 2211 <-> WEB-CGI guestserver.cgi access (web-cgi.rules) 2212 <-> WEB-CGI imageFolio.cgi access (web-cgi.rules) 2213 <-> WEB-CGI mailfile.cgi access (web-cgi.rules) 2214 <-> WEB-CGI mailview.cgi access (web-cgi.rules) 2215 <-> WEB-CGI nsManager.cgi access (web-cgi.rules) 2216 <-> WEB-CGI readmail.cgi access (web-cgi.rules) 2217 <-> WEB-CGI printmail.cgi access (web-cgi.rules) 2218 <-> WEB-CGI service.cgi access (web-cgi.rules) 2219 <-> WEB-CGI setpasswd.cgi access (web-cgi.rules) 2220 <-> WEB-CGI simplestmail.cgi access (web-cgi.rules) 2221 <-> WEB-CGI ws_mail.cgi access (web-cgi.rules) 2222 <-> WEB-CGI nph-exploitscanget.cgi access (web-cgi.rules) 2223 <-> WEB-CGI csNews.cgi access (web-cgi.rules) 2224 <-> WEB-CGI psunami.cgi access (web-cgi.rules) 2225 <-> WEB-CGI gozila.cgi access (web-cgi.rules) 2255 <-> RPC sadmind query with root credentials attempt TCP (rpc.rules) 2256 <-> RPC sadmind query with root credentials attempt UDP (rpc.rules) 2323 <-> WEB-CGI quickstore.cgi access (web-cgi.rules) 2337 <-> TFTP PUT filename overflow attempt (tftp.rules) 2339 <-> TFTP NULL command attempt (tftp.rules) 2387 <-> WEB-CGI view_broadcast.cgi access (web-cgi.rules) 2388 <-> WEB-CGI streaming server view_broadcast.cgi access (web-cgi.rules) 2396 <-> WEB-CGI CCBill whereami.cgi arbitrary command execution attempt (web-cgi.rules) 2397 <-> WEB-CGI CCBill whereami.cgi access (web-cgi.rules) 2406 <-> TELNET APC SmartSlot default admin account attempt (telnet.rules) 2433 <-> WEB-CGI MDaemon form2raw.cgi overflow attempt (web-cgi.rules) 2434 <-> WEB-CGI MDaemon form2raw.cgi access (web-cgi.rules) 2436 <-> WEB-CLIENT Microsoft wmf metafile access (web-client.rules) 2567 <-> WEB-CGI Emumail init.emu access (web-cgi.rules) 2568 <-> WEB-CGI Emumail emumail.fcgi access (web-cgi.rules) 2663 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules) 2668 <-> WEB-CGI processit access (web-cgi.rules) 2669 <-> WEB-CGI ibillpm.pl access (web-cgi.rules) 2670 <-> WEB-CGI pgpmail.pl access (web-cgi.rules) 3062 <-> WEB-CGI NetScreen SA 5000 delhomepage.cgi access (web-cgi.rules) 3131 <-> WEB-CGI mailman directory traversal attempt (web-cgi.rules) 3147 <-> TELNET login buffer overflow attempt (telnet.rules) 3274 <-> TELNET login buffer non-evasive overflow attempt (telnet.rules) 3463 <-> WEB-CGI awstats access (web-cgi.rules) 3464 <-> WEB-CGI awstats.pl command execution attempt (web-cgi.rules) 3465 <-> WEB-CGI RiSearch show.pl proxy attempt (web-cgi.rules) 3468 <-> WEB-CGI math_sum.mscgi access (web-cgi.rules) 3469 <-> WEB-CGI Ipswitch WhatsUp Gold dos attempt (web-cgi.rules) 3533 <-> TELNET client LINEMODE SLC overflow attempt (telnet.rules) 3537 <-> TELNET client ENV OPT escape overflow attempt (telnet.rules) 3638 <-> WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules) 3674 <-> WEB-CGI db4web_c directory traversal attempt (web-cgi.rules) 3687 <-> TELNET client ENV OPT USERVAR information disclosure (telnet.rules) 3688 <-> TELNET client ENV OPT VAR information disclosure (telnet.rules) 3690 <-> WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules) 3813 <-> WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules) 3817 <-> TFTP GET transfer mode overflow attempt (tftp.rules) 3818 <-> TFTP PUT transfer mode overflow attempt (tftp.rules) 4128 <-> WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules) 5318 <-> WEB-CLIENT wmf file arbitrary code execution attempt (web-client.rules) 5692 <-> P2P Skype client successful install (p2p.rules) 5693 <-> P2P Skype client start up get latest version attempt (p2p.rules) 5694 <-> P2P Skype client setup get newest version attempt (p2p.rules) 5998 <-> P2P Skype client login startup (p2p.rules) 5999 <-> P2P Skype client login (p2p.rules) 6000 <-> DELETED P2P Skype client login startup (deleted.rules) 6001 <-> DELETED P2P Skype client login (deleted.rules) 7829 <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules) 8084 <-> WEB-CGI CVSTrac filediff function access (web-cgi.rules) 9621 <-> TFTP 3COM server transport mode buffer overflow attempt (tftp.rules) 9623 <-> RPC UNIX authentication machinename string overflow attempt TCP (rpc.rules) 9624 <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules) 9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules) 10132 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules) 10133 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules) 10136 <-> TELNET Solaris login environment variable authentication bypass attempt (telnet.rules) 10172 <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules) 10408 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules) 10409 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10410 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules) 10411 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10464 <-> TELNET kerberos login environment variable authentication bypass attempt (telnet.rules) 10482 <-> RPC portmap CA BrightStor ARCserve tcp request (rpc.rules) 10483 <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules) 10484 <-> RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (rpc.rules) 10485 <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules) 10999 <-> WEB-CGI chetcpasswd access (web-cgi.rules) 11288 <-> RPC portmap mountd tcp request (rpc.rules) 11289 <-> RPC portmap mountd tcp zero-length payload denial of service attempt (rpc.rules) 11817 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules) 12046 <-> RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (rpc.rules) 12056 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules) 12057 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules) 12075 <-> RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (rpc.rules) 12185 <-> RPC portmap 2112 tcp request (rpc.rules) 12186 <-> RPC portmap 2112 udp request (rpc.rules) 12187 <-> RPC portmap 2112 tcp rename_principal attempt (rpc.rules) 12188 <-> RPC portmap 2112 udp rename_principal attempt (rpc.rules) 12198 <-> SNMP MS Windows getbulk request (snmp.rules) 12203 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid access (web-client.rules) 12204 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid unicode access (web-client.rules) 12205 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call access (web-client.rules) 12206 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call unicode access (web-client.rules) 12219 <-> WEB-CLIENT SMIL RealPlayer wallclock parsing buffer overflow (web-client.rules)
