Sourcefire VRT Rules Update
Date: 2008-04-30
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.
The format of the file is:
sid - Message (rule group)
New rules: 13716 <-> RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (rpc.rules) 13717 <-> RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (rpc.rules) 13719 <-> ORACLE database username buffer overflow (oracle.rules) Updated rules: 3555 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm alter context attempt (netbios.rules) 3557 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian alter context attempt (netbios.rules) 3559 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm bind attempt (netbios.rules) 3561 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian bind attempt (netbios.rules) 3562 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode andx bind attempt (deleted.rules) 3563 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode bind attempt (deleted.rules) 3564 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode little endian andx bind attempt (deleted.rules) 3565 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode little endian bind attempt (deleted.rules) 3566 <-> DELETED NETBIOS SMB mqqm andx bind attempt (deleted.rules) 3567 <-> DELETED NETBIOS SMB mqqm bind attempt (deleted.rules) 3568 <-> DELETED NETBIOS SMB mqqm little endian andx bind attempt (deleted.rules) 3569 <-> DELETED NETBIOS SMB mqqm little endian bind attempt (deleted.rules) 3570 <-> DELETED NETBIOS SMB mqqm unicode andx bind attempt (deleted.rules) 3571 <-> DELETED NETBIOS SMB mqqm unicode bind attempt (deleted.rules) 3572 <-> DELETED NETBIOS SMB mqqm unicode little endian andx bind attempt (deleted.rules) 3573 <-> DELETED NETBIOS SMB mqqm unicode little endian bind attempt (deleted.rules) 3574 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX andx bind attempt (deleted.rules) 3575 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX bind attempt (deleted.rules) 3576 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX little endian andx bind attempt (deleted.rules) 3577 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX little endian bind attempt (deleted.rules) 3578 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode andx bind attempt (deleted.rules) 3579 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode bind attempt (deleted.rules) 3580 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode little endian andx bind attempt (deleted.rules) 3581 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode little endian bind attempt (deleted.rules) 3582 <-> DELETED NETBIOS SMB-DS mqqm andx bind attempt (deleted.rules) 3583 <-> DELETED NETBIOS SMB-DS mqqm bind attempt (deleted.rules) 3584 <-> DELETED NETBIOS SMB-DS mqqm little endian andx bind attempt (deleted.rules) 3585 <-> DELETED NETBIOS SMB-DS mqqm little endian bind attempt (deleted.rules) 3586 <-> DELETED NETBIOS SMB-DS mqqm unicode andx bind attempt (deleted.rules) 3587 <-> DELETED NETBIOS SMB-DS mqqm unicode bind attempt (deleted.rules) 3588 <-> DELETED NETBIOS SMB-DS mqqm unicode little endian andx bind attempt (deleted.rules) 3589 <-> DELETED NETBIOS SMB-DS mqqm unicode little endian bind attempt (deleted.rules) 3590 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject overflow attempt (netbios.rules) 3591 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3594 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3597 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules) 3601 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject object call overflow attempt (netbios.rules) 3602 <-> DELETED NETBIOS SMB mqqm QMDeleteObject andx overflow attempt (deleted.rules) 3603 <-> DELETED NETBIOS SMB mqqm QMDeleteObject little endian andx overflow attempt (deleted.rules) 3604 <-> DELETED NETBIOS SMB mqqm QMDeleteObject little endian overflow attempt (deleted.rules) 3605 <-> DELETED NETBIOS SMB mqqm QMDeleteObject overflow attempt (deleted.rules) 3606 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode andx overflow attempt (deleted.rules) 3607 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode little endian andx overflow attempt (deleted.rules) 3608 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode little endian overflow attempt (deleted.rules) 3609 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode overflow attempt (deleted.rules) 3610 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX andx overflow attempt (deleted.rules) 3611 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian andx overflow attempt (deleted.rules) 3612 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian overflow attempt (deleted.rules) 3613 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX overflow attempt (deleted.rules) 3614 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode andx overflow attempt (deleted.rules) 3615 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian andx overflow attempt (deleted.rules) 3616 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian overflow attempt (deleted.rules) 3617 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode overflow attempt (deleted.rules) 3618 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject andx overflow attempt (deleted.rules) 3619 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt (deleted.rules) 3620 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject little endian overflow attempt (deleted.rules) 3621 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject overflow attempt (deleted.rules) 3622 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode andx overflow attempt (deleted.rules) 3623 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian andx overflow attempt (deleted.rules) 3624 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian overflow attempt (deleted.rules) 3625 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode overflow attempt (deleted.rules) 7037 <-> NETBIOS-DG SMB Trans mailslot heap overflow attempt (netbios.rules) 7038 <-> NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (netbios.rules) 7041 <-> NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (netbios.rules) 7042 <-> NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules) 7043 <-> DELETED NETBIOS SMB-DS Trans andx mailslot heap overflow attempt (deleted.rules) 7044 <-> DELETED NETBIOS SMB-DS Trans unicode andx mailslot heap overflow attempt (deleted.rules) 7045 <-> DELETED NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (deleted.rules) 7046 <-> DELETED NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (deleted.rules) 11196 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules) 12619 <-> EXPLOIT Microsoft Exchange ical/vcal malformed property (exploit.rules) 12973 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (netbios.rules) 12974 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (netbios.rules) 12975 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (netbios.rules) 12976 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (netbios.rules) 12977 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12978 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 12979 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12980 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 12981 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules) 12982 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules) 13210 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules) 13211 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 13212 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 13213 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules) 13214 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules) 13215 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules)
