Sourcefire VRT Rules Update

Date: 2007-09-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

Updated rules:
2048 <-> DELETED MISC rsyncd overflow attempt (deleted.rules)
3466 <-> WEB-MISC Authorization Basic overflow attempt (web-misc.rules)
9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules)
12190 <-> WEB-CLIENT Clever Internet Suite ActiveX clsid unicode access (web-client.rules)
12191 <-> WEB-CLIENT Clever Internet Suite ActiveX function call access (web-client.rules)
12192 <-> WEB-CLIENT Clever Internet Suite ActiveX function call unicode access (web-client.rules)
12200 <-> WEB-CLIENT VMWare IntraProcessLogging ActiveX clsid access (web-client.rules)
12201 <-> WEB-CLIENT VMWare IntraProcessLogging ActiveX clsid unicode access (web-client.rules)
12257 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid access (web-client.rules)
12258 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid unicode access (web-client.rules)
12259 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call access (web-client.rules)
12260 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call unicode access (web-client.rules)
12299 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12300 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12301 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid access (web-client.rules)
12302 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid unicode access (web-client.rules)
12303 <-> POLICY Google Chat web client connection (policy.rules)
12305 <-> POLICY Yahoo Messenger web client connection (policy.rules)
12306 <-> POLICY  Microsoft Messenger web client connection (policy.rules)

New rules:
 201 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request (deleted.rules)
 284 <-> POP2 x86 Linux overflow (pop2.rules)
 285 <-> POP2 x86 Linux overflow (pop2.rules)
 292 <-> EXPLOIT x86 Linux samba overflow (exploit.rules)
 320 <-> FINGER cmd_rootsh backdoor attempt (finger.rules)
 321 <-> FINGER account enumeration attempt (finger.rules)
 322 <-> FINGER search query (finger.rules)
 323 <-> FINGER root query (finger.rules)
 324 <-> FINGER null request (finger.rules)
 326 <-> FINGER remote command execution attempt (finger.rules)
 327 <-> FINGER remote command pipe execution attempt (finger.rules)
 328 <-> FINGER bomb attempt (finger.rules)
 330 <-> FINGER redirection attempt (finger.rules)
 331 <-> FINGER cybercop query (finger.rules)
 332 <-> FINGER 0 query (finger.rules)
 333 <-> FINGER . query (finger.rules)
 465 <-> ICMP ISS Pinger (icmp.rules)
 466 <-> ICMP L3retriever Ping (icmp.rules)
 467 <-> ICMP Nemesis v1.1 Echo (icmp.rules)
 469 <-> ICMP PING NMAP (icmp.rules)
 471 <-> ICMP icmpenum v1.1.1 (icmp.rules)
 472 <-> ICMP redirect host (icmp.rules)
 473 <-> ICMP redirect net (icmp.rules)
 474 <-> ICMP superscan echo (icmp.rules)
 475 <-> ICMP traceroute ipopts (icmp.rules)
 476 <-> ICMP webtrends scanner (icmp.rules)
 477 <-> ICMP Source Quench (icmp.rules)
 478 <-> ICMP Broadscan Smurf Scanner (icmp.rules)
 480 <-> ICMP PING speedera (icmp.rules)
 481 <-> ICMP TJPingPro1.1Build 2 Windows (icmp.rules)
 482 <-> ICMP PING WhatsupGold Windows (icmp.rules)
 483 <-> ICMP PING CyberKit 2.2 Windows (icmp.rules)
 484 <-> ICMP PING Sniffer Pro/NetXRay network scan (icmp.rules)
 485 <-> ICMP Destination Unreachable Communication Administratively Prohibited (icmp.rules)
 486 <-> ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp.rules)
 487 <-> ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp.rules)
 488 <-> INFO Connection Closed MSG from Port 80 (info.rules)
 489 <-> INFO FTP no password (info.rules)
 490 <-> INFO battle-mail traffic (info.rules)
 491 <-> INFO FTP Bad login (info.rules)
 492 <-> INFO TELNET login failed (info.rules)
 493 <-> INFO psyBNC access (info.rules)
 518 <-> TFTP Put (tftp.rules)
 519 <-> TFTP parent directory (tftp.rules)
 520 <-> TFTP root directory (tftp.rules)
 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules)
 524 <-> BAD-TRAFFIC tcp port 0 traffic (bad-traffic.rules)
 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules)
 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules)
 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules)
 538 <-> DELETED NETBIOS SMB IPC$ unicode share access (deleted.rules)
 601 <-> RSERVICES rlogin LinuxNIS (rservices.rules)
 602 <-> RSERVICES rlogin bin (rservices.rules)
 603 <-> RSERVICES rlogin echo++ (rservices.rules)
 604 <-> RSERVICES rsh froot (rservices.rules)
 605 <-> RSERVICES rlogin login failure (rservices.rules)
 606 <-> RSERVICES rlogin root (rservices.rules)
 607 <-> RSERVICES rsh bin (rservices.rules)
 608 <-> RSERVICES rsh echo + + (rservices.rules)
 609 <-> RSERVICES rsh froot (rservices.rules)
 610 <-> RSERVICES rsh root (rservices.rules)
 611 <-> RSERVICES rlogin login failure (rservices.rules)
 613 <-> SCAN myscan (scan.rules)
 616 <-> SCAN ident version request (scan.rules)
 619 <-> SCAN cybercop os probe (scan.rules)
 621 <-> SCAN FIN (scan.rules)
 622 <-> SCAN ipEye SYN scan (scan.rules)
 623 <-> SCAN NULL (scan.rules)
 624 <-> SCAN SYN FIN (scan.rules)
 625 <-> SCAN XMAS (scan.rules)
 626 <-> SCAN cybercop os PA12 attempt (scan.rules)
 627 <-> SCAN cybercop os SFU12 probe (scan.rules)
 630 <-> SCAN synscan portscan (scan.rules)
 631 <-> SMTP ehlo cybercop attempt (smtp.rules)
 634 <-> SCAN Amanda client version request (scan.rules)
 635 <-> SCAN XTACACS logout (scan.rules)
 636 <-> SCAN cybercop udp bomb (scan.rules)
 637 <-> SCAN Webtrends Scanner UDP Probe (scan.rules)
 657 <-> SMTP chameleon overflow (smtp.rules)
 667 <-> SMTP sendmail 8.6.10 exploit (smtp.rules)
 718 <-> INFO TELNET login incorrect (info.rules)
 721 <-> VIRUS OUTBOUND bad file attachment (virus.rules)
 755 <-> DELETED Virus - Possible IROK Worm (deleted.rules)
 774 <-> DELETED Virus - Possible CheckThis Trojan (deleted.rules)
 786 <-> DELETED Virus - Possible NewApt.Worm - goal.exe (deleted.rules)
 792 <-> DELETED Virus - Possible Resume Worm (deleted.rules)
 893 <-> DELETED WEB-CGI MachineInfo access (deleted.rules)
1133 <-> SCAN cybercop os probe (scan.rules)
1225 <-> X11 MIT Magic Cookie detected (x11.rules)
1226 <-> X11 xopen (x11.rules)
1227 <-> DELETED X11 outbound client connection detected (deleted.rules)
1228 <-> SCAN nmap XMAS (scan.rules)
1264 <-> RPC portmap bootparam request TCP (rpc.rules)
1279 <-> RPC portmap snmpXdmi request UDP (rpc.rules)
1289 <-> TFTP GET Admin.dll (tftp.rules)
1295 <-> NETBIOS nimda RICHED20.DLL (netbios.rules)
1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules)
1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules)
1341 <-> DELETED WEB-ATTACKS /usr/bin/gcc command attempt (deleted.rules)
1353 <-> DELETED WEB-ATTACKS bin/nasm command attempt (deleted.rules)
1366 <-> DELETED WEB-ATTACKS mail command attempt (deleted.rules)
1369 <-> DELETED WEB-ATTACKS /bin/ls command attempt (deleted.rules)
1382 <-> EXPLOIT CHAT IRC Ettercap parse overflow attempt (exploit.rules)
1428 <-> MULTIMEDIA audio galaxy keepalive (multimedia.rules)
1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules)
1436 <-> MULTIMEDIA Quicktime User Agent access (multimedia.rules)
1437 <-> MULTIMEDIA Windows Media download (multimedia.rules)
1439 <-> MULTIMEDIA Shoutcast playlist redirection (multimedia.rules)
1440 <-> MULTIMEDIA Icecast playlist redirection (multimedia.rules)
1441 <-> TFTP GET nc.exe (tftp.rules)
1442 <-> TFTP GET shadow (tftp.rules)
1443 <-> TFTP GET passwd (tftp.rules)
1444 <-> TFTP Get (tftp.rules)
1538 <-> NNTP AUTHINFO USER overflow attempt (nntp.rules)
1541 <-> FINGER version query (finger.rules)
1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules)
1629 <-> OTHER-IDS SecureNetPro traffic (other-ids.rules)
1638 <-> SCAN SSH Version map attempt (scan.rules)
1683 <-> ORACLE all_tables access (oracle.rules)
1760 <-> OTHER-IDS ISS RealSecure 6 event collector connection attempt (other-ids.rules)
1761 <-> OTHER-IDS ISS RealSecure 6 daemon connection attempt (other-ids.rules)
1792 <-> NNTP return code buffer overflow attempt (nntp.rules)
1813 <-> ICMP digital island bandwidth query (icmp.rules)
1912 <-> RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules)
1917 <-> SCAN UPnP service discover attempt (scan.rules)
1918 <-> SCAN SolarWinds IP scan attempt (scan.rules)
1934 <-> POP2 FOLD overflow attempt (pop2.rules)
1935 <-> POP2 FOLD arbitrary file attempt (pop2.rules)
1941 <-> TFTP GET filename overflow attempt (tftp.rules)
1965 <-> RPC tooltalk TCP overflow attempt (rpc.rules)
1985 <-> BACKDOOR Doly 1.5 server response (backdoor.rules)
2016 <-> RPC portmap status request TCP (rpc.rules)
2027 <-> RPC yppasswd old password overflow attempt UDP (rpc.rules)
2082 <-> RPC portmap rpc.xfsmd request TCP (rpc.rules)
2113 <-> RSERVICES rexec username overflow attempt (rservices.rules)
2114 <-> RSERVICES rexec password overflow attempt (rservices.rules)
2164 <-> DELETED VIRUS OUTBOUND .reg file attachment (deleted.rules)
2175 <-> NETBIOS SMB winreg WriteAndX little endian bind attempt (netbios.rules)
2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules)
2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules)
2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules)
2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules)
2193 <-> NETBIOS SMB ISystemActivator WriteAndX unicode alter context attempt (netbios.rules)
2268 <-> SMTP MAIL FROM sendmail prescan too long addresses overflow (smtp.rules)
2337 <-> TFTP PUT filename overflow attempt (tftp.rules)
2339 <-> TFTP NULL command attempt (tftp.rules)
2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules)
2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules)
2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules)
2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules)
2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules)
2424 <-> NNTP sendsys overflow attempt (nntp.rules)
2425 <-> NNTP senduuname overflow attempt (nntp.rules)
2426 <-> NNTP version overflow attempt (nntp.rules)
2427 <-> NNTP checkgroups overflow attempt (nntp.rules)
2428 <-> NNTP ihave overflow attempt (nntp.rules)
2429 <-> NNTP sendme overflow attempt (nntp.rules)
2430 <-> NNTP newgroup overflow attempt (nntp.rules)
2431 <-> NNTP rmgroup overflow attempt (nntp.rules)
2432 <-> NNTP article post without path attempt (nntp.rules)
2462 <-> EXPLOIT IGMP IGAP account overflow attempt (exploit.rules)
2481 <-> NETBIOS SMB-DS winreg InitiateSystemShutdown WriteAndX unicode attempt (netbios.rules)
2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules)
2508 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules)
2636 <-> DELETED ORACLE snapshot.end_load ordered gname buffer overflow attempt (deleted.rules)
2671 <-> WEB-CLIENT bitmap BitmapOffset integer overflow attempt (web-client.rules)
2684 <-> ORACLE sys.ltutil.pushdeferredtxns buffer overflow attempt (oracle.rules)
2698 <-> ORACLE create file buffer overflow attempt (oracle.rules)
2713 <-> ORACLE dbms_offline_og.end_load buffer overflow attempt (oracle.rules)
2740 <-> ORACLE dbms_repcat.alter_priority_raw buffer overflow attempt (oracle.rules)
2747 <-> ORACLE dbms_repcat.begin_flavor_definition buffer overflow attempt (oracle.rules)
2759 <-> ORACLE dbms_repcat.create_snapshot_repgroup buffer overflow attempt (oracle.rules)
2760 <-> ORACLE dbms_repcat.define_column_group buffer overflow attempt (oracle.rules)
2773 <-> ORACLE dbms_repcat.drop_priority_nchar buffer overflow attempt (oracle.rules)
2802 <-> ORACLE dbms_repcat_rgt.check_ddl_text buffer overflow attempt (oracle.rules)
2809 <-> ORACLE dbms_repcat.unregister_mview_repgroup buffer overflow attempt (oracle.rules)
2816 <-> ORACLE sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt (oracle.rules)
2823 <-> ORACLE sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt (oracle.rules)
2832 <-> ORACLE sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt (oracle.rules)
2885 <-> ORACLE sys.dbms_repcat_conf.define_priority_group buffer overflow attempt (oracle.rules)
2902 <-> ORACLE sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt (oracle.rules)
2925 <-> INFO web bug 1x1 gif attempt (info.rules)
2927 <-> NNTP XPAT pattern overflow attempt (nntp.rules)
2928 <-> NETBIOS SMB-DS nddeapi little endian alter context attempt (netbios.rules)
2938 <-> NETBIOS SMB v4 nddeapi NDdeSetTrustedShareW WriteAndX overflow attempt (netbios.rules)
3018 <-> NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules)
3078 <-> NNTP SEARCH pattern overflow attempt (nntp.rules)
3093 <-> NETBIOS SMB-DS llsrpc WriteAndX unicode little endian bind attempt (netbios.rules)
3101 <-> NETBIOS SMB-DS llsrpc unicode bind attempt (netbios.rules)
3106 <-> NETBIOS SMB llsrpc unicode alter context attempt (netbios.rules)
3115 <-> NETBIOS SMB-DS llsrpc LlsrConnect WriteAndX unicode overflow attempt (netbios.rules)
3125 <-> NETBIOS SMB-DS llsrpc LlsrConnect WriteAndX overflow attempt (netbios.rules)
3151 <-> FINGER / execution attempt (finger.rules)
3206 <-> NETBIOS SMB-DS winreg little endian alter context attempt (netbios.rules)
3261 <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning little endian overflow attempt (netbios.rules)
3403 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance little endian object call attempt (netbios.rules)
3410 <-> NETBIOS SMB IActivation remoteactivation unicode little endian overflow attempt (netbios.rules)
3417 <-> NETBIOS SMB-DS v4 IActivation remoteactivation WriteAndX unicode overflow attempt (netbios.rules)
3424 <-> NETBIOS SMB v4 IActivation remoteactivation unicode overflow attempt (netbios.rules)
3438 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
3462 <-> SMTP Content-Encoding overflow attempt (smtp.rules)
3478 <-> EXPLOIT ARCserve backup TCP product info msg 0x9c client domain overflow (exploit.rules)
3493 <-> SMTP SSLv2 Client_Hello request (smtp.rules)
3495 <-> SMTP TLSv1 Client_Hello request (smtp.rules)
3522 <-> EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules)
3567 <-> NETBIOS SMB mqqm bind attempt (netbios.rules)
3619 <-> NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt (netbios.rules)
3626 <-> ICMP PATH MTU denial of service (icmp.rules)
3645 <-> NETBIOS SMB-DS Trans unicode data displacement null pointer DOS attempt (netbios.rules)
3650 <-> NETBIOS-DG SMB Trans unicode andx data displacement null pointer DOS attempt (netbios.rules)
3753 <-> DELETED NETBIOS SMB-DS veritas alter context attempt (deleted.rules)
3817 <-> TFTP GET transfer mode overflow attempt (tftp.rules)
3818 <-> TFTP PUT transfer mode overflow attempt (tftp.rules)
3837 <-> NETBIOS SMB umpnpmgr WriteAndX unicode andx alter context attempt (netbios.rules)
3857 <-> NETBIOS SMB umpnpmgr unicode little endian andx alter context attempt (netbios.rules)
3860 <-> NETBIOS SMB-DS umpnpmgr WriteAndX alter context attempt (netbios.rules)
3869 <-> NETBIOS SMB-DS umpnpmgr WriteAndX unicode andx alter context attempt (netbios.rules)
3894 <-> DELETED NETBIOS SMB-DS umpnpmgr unicode andx bind attempt (deleted.rules)
3922 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx bind attempt (deleted.rules)
3942 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx bind attempt (deleted.rules)
3952 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList andx attempt (netbios.rules)
3959 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (netbios.rules)
3979 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (netbios.rules)
3997 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (netbios.rules)
4007 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (netbios.rules)
4010 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList little endian andx attempt (netbios.rules)
4032 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules)
4045 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules)
4064 <-> NETBIOS SMB umpnpmgr PNP_DetectResourceConflict WriteAndX little endian attempt (netbios.rules)
4073 <-> NETBIOS SMB umpnpmgr PNP_DetectResourceConflict unicode andx attempt (netbios.rules)
4082 <-> NETBIOS SMB v4 umpnpmgr PNP_DetectResourceConflict WriteAndX unicode attempt (netbios.rules)
4096 <-> NETBIOS SMB-DS umpnpmgr PNP_DetectResourceConflict WriteAndX little endian attempt (netbios.rules)
4103 <-> NETBIOS SMB-DS umpnpmgr PNP_DetectResourceConflict little endian andx attempt (netbios.rules)
4123 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt (netbios.rules)
4136 <-> WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules)
4148 <-> WEB-CLIENT DHTML Editing ActiveX Object Access (web-client.rules)
4162 <-> WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4174 <-> WEB-CLIENT Symantec RuFSI registry Information Class ActiveX Object Access (web-client.rules)
4175 <-> WEB-CLIENT Office 2000/2002 Web Components PivotTable ActiveX Object Access (web-client.rules)
4182 <-> WEB-CLIENT MSN Chat v4.5, 4.6 ActiveX Object Access (web-client.rules)
4190 <-> WEB-CLIENT Kodak Thumbnail Image ActiveX Object Access (web-client.rules)
4197 <-> WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4205 <-> WEB-CLIENT Microsoft Visual Database Tools Database Designer v7.0 ActiveX Object Access (web-client.rules)
4240 <-> NETBIOS DCERPC DIRECT msdtc little endian bind attempt (netbios.rules)
4260 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian attempt (netbios.rules)
4265 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx attempt (netbios.rules)
4275 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian andx attempt (netbios.rules)
4306 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceListSize WriteAndX little endian attempt (netbios.rules)
4366 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceListSize WriteAndX unicode attempt (netbios.rules)
4371 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceListSize WriteAndX andx attempt (netbios.rules)
4382 <-> NETBIOS SMB spoolss andx alter context attempt (netbios.rules)
4404 <-> NETBIOS SMB spoolss WriteAndX unicode andx bind attempt (netbios.rules)
4452 <-> NETBIOS SMB-DS spoolss WriteAndX unicode andx alter context attempt (netbios.rules)
4459 <-> NETBIOS SMB-DS spoolss unicode little endian andx alter context attempt (netbios.rules)
4469 <-> NETBIOS SMB-DS spoolss little endian bind attempt (netbios.rules)
4516 <-> NETBIOS SMB netware_cs WriteAndX little endian bind attempt (netbios.rules)
4559 <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules)
4563 <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules)
4583 <-> NETBIOS SMB-DS netware_cs WriteAndX unicode andx bind attempt (netbios.rules)
4592 <-> NETBIOS SMB-DS netware_cs bind attempt (netbios.rules)
4636 <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode overflow attempt (netbios.rules)
4677 <-> ORACLE enterprise manager application server control GET parameter overflow attempt (oracle.rules)
4697 <-> NETBIOS SMB locator WriteAndX unicode bind attempt (netbios.rules)
4700 <-> NETBIOS SMB locator WriteAndX unicode little endian andx bind attempt (netbios.rules)
4711 <-> NETBIOS SMB locator unicode andx alter context attempt (netbios.rules)
4720 <-> NETBIOS SMB-DS locator WriteAndX andx bind attempt (netbios.rules)
4727 <-> NETBIOS SMB-DS locator WriteAndX unicode andx alter context attempt (netbios.rules)
4736 <-> NETBIOS SMB-DS locator andx bind attempt (netbios.rules)
4746 <-> NETBIOS SMB-DS locator unicode little endian alter context attempt (netbios.rules)
4765 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules)
4799 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules)
4807 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules)
4812 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules)
4825 <-> NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
4844 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules)
4864 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules)
4877 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules)
4879 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules)
4894 <-> WEB-CLIENT PSEnumVariant ActiveX Object Access (web-client.rules)
4905 <-> WEB-CLIENT Microsoft Repository Object ActiveX Object Access (web-client.rules)
4922 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules)
4974 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules)
5007 <-> NETBIOS SMB lsass little endian alter context attempt (netbios.rules)
5010 <-> NETBIOS SMB lsass WriteAndX unicode little endian alter context attempt (netbios.rules)
5026 <-> NETBIOS SMB-DS lsass WriteAndX unicode little endian bind attempt (netbios.rules)
5076 <-> NETBIOS-DG SMB lsass WriteAndX little endian andx bind attempt (netbios.rules)
5098 <-> NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules)
5101 <-> NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules)
5126 <-> NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules)
5151 <-> NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules)
5210 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules)
5219 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules)
5264 <-> NETBIOS SMB lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules)
5307 <-> NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules)
5320 <-> VIRUS Possible Sober virus set one call home attempt (virus.rules)
5321 <-> VIRUS Possible Sober virus set one NTP time check attempt (virus.rules)
5322 <-> VIRUS Possible Sober virus set two NTP time check attempt (virus.rules)
5323 <-> VIRUS Possible Sober virus set three NTP time check attempt (virus.rules)
5324 <-> VIRUS Possible Sober virus set two call home attempt (virus.rules)
5332 <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotRevoke little endian overflow attempt (netbios.rules)
5394 <-> NETBIOS SMB-DS llsrpc2 WriteAndX little endian andx bind attempt (netbios.rules)
5403 <-> NETBIOS SMB llsrpc unicode bind attempt (netbios.rules)
5434 <-> NETBIOS SMB llsrpc andx bind attempt (netbios.rules)
5456 <-> NETBIOS SMB llsrpc LlsrConnect WriteAndX little endian andx overflow attempt (netbios.rules)
5461 <-> NETBIOS SMB llsrpc LlsrConnect little endian andx overflow attempt (netbios.rules)
5472 <-> NETBIOS SMB v4 llsrpc LlsrConnect unicode andx overflow attempt (netbios.rules)
5479 <-> NETBIOS SMB v4 llsrpc LlsrConnect little endian andx overflow attempt (netbios.rules)
5497 <-> NETBIOS SMB-DS llsrpc2 LlsrLicenseRequestW WriteAndX little endian overflow attempt (netbios.rules)
5520 <-> NETBIOS SMB llsrpc2 LlsrLicenseRequestW WriteAndX andx overflow attempt (netbios.rules)
5585 <-> NETBIOS SMB v4 winreg OpenKey overflow attempt (netbios.rules)
5602 <-> NETBIOS SMB winreg OpenKey little endian andx overflow attempt (netbios.rules)
5624 <-> NETBIOS SMB v4 winreg OpenKey WriteAndX unicode little endian andx overflow attempt (netbios.rules)
5634 <-> NETBIOS SMB-DS v4 winreg InitiateSystemShutdown unicode little endian attempt (netbios.rules)
5651 <-> NETBIOS SMB-DS winreg InitiateSystemShutdown unicode little endian andx attempt (netbios.rules)
5673 <-> NETBIOS SMB winreg InitiateSystemShutdown WriteAndX andx attempt (netbios.rules)
5685 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
5689 <-> SMTP TLSv1 Client_Hello request (smtp.rules)
5714 <-> SMTP x-unix-mode executable mail attachment (smtp.rules)
5729 <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
5739 <-> SMTP headers too long server response (smtp.rules)
5746 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules)
5778 <-> SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules)
5881 <-> SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules)
5893 <-> SPYWARE-PUT Trackware wordiq toolbar runtime detection - search keyword (spyware-put.rules)
5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules)
5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules)
6007 <-> WEB-CLIENT Microsoft DT DDS OrgChart GDD Layout ActiveX Object Access (web-client.rules)
6053 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
6224 <-> SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules)
6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules)
6270 <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules)
6279 <-> SPYWARE-PUT Hijacker sidefind runtime detection (spyware-put.rules)
6353 <-> SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules)
6368 <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - update request (spyware-put.rules)
6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules)
6379 <-> SPYWARE-PUT Hijacker adbars runtime detection - search in toolbar (spyware-put.rules)
6426 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW invalid uuid size attempt (netbios.rules)
6443 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW heap overflow attempt (netbios.rules)
6448 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt (netbios.rules)
6455 <-> NETBIOS DCERPC DIRECT msdtc BuildContext heap overflow attempt (netbios.rules)
6524 <-> NETBIOS SMB-DS rras alter context attempt (netbios.rules)
6562 <-> NETBIOS SMB rras unicode little endian andx alter context attempt (netbios.rules)
6567 <-> NETBIOS SMB-DS rras WriteAndX unicode little endian andx alter context attempt (netbios.rules)
6576 <-> NETBIOS SMB rras little endian andx bind attempt (netbios.rules)
6583 <-> NETBIOS SMB-DS rras WriteAndX unicode little endian andx bind attempt (netbios.rules)
6586 <-> NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6613 <-> NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules)
6626 <-> NETBIOS SMB rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules)
6634 <-> NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules)
6635 <-> NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6647 <-> NETBIOS SMB v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules)
6664 <-> NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules)
6671 <-> NETBIOS SMB rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules)
6690 <-> WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules)
6692 <-> WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules)
6714 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode little endian object call phonebook mode overflow attempt (netbios.rules)
6723 <-> NETBIOS SMB v4 rras RasRpcSetUserPreferences WriteAndX unicode little endian phonebook mode overflow attempt (netbios.rules)
6742 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode phonebook mode overflow attempt (netbios.rules)
6773 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences unicode andx phonebook mode overflow attempt (netbios.rules)
6864 <-> NETBIOS SMB v4 rras RasRpcSetUserPreferences WriteAndX andx area/country overflow attempt (netbios.rules)
6916 <-> NETBIOS SMB-DS v4 rras RasRpcSetUserPreferences callback number overflow attempt (netbios.rules)
6929 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences little endian object call callback number overflow attempt (netbios.rules)
6933 <-> NETBIOS SMB rras RasRpcSetUserPreferences little endian object call callback number overflow attempt (netbios.rules)
6976 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX andx object call callback number overflow attempt (netbios.rules)
6995 <-> NETBIOS SMB rras RasRpcSetUserPreferences WriteAndX andx callback number overflow attempt (netbios.rules)
7003 <-> WEB-CLIENT ADODB.Recordset ActiveX function call access (web-client.rules)
7014 <-> WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function call access (web-client.rules)
7117 <-> DELETED BACKDOOR y3k 1.2 runtime detection - icq notification (deleted.rules)
7232 <-> NETBIOS SMB-DS srvsvc NetrPathCanonicalize overflow attempt (netbios.rules)
7244 <-> NETBIOS SMB-DS v4 srvsvc NetrPathCanonicalize overflow attempt (netbios.rules)
7261 <-> NETBIOS SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt (netbios.rules)
7264 <-> NETBIOS SMB v4 srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow attempt (netbios.rules)
7302 <-> NETBIOS SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt (netbios.rules)
7336 <-> NETBIOS SMB-DS srvsvc WriteAndX unicode bind attempt (netbios.rules)
7365 <-> NETBIOS SMB srvsvc little endian andx alter context attempt (netbios.rules)
7397 <-> NETBIOS-DG SMB srvsvc little endian andx bind attempt (netbios.rules)
7408 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc little endian alter context attempt (netbios.rules)
7451 <-> WEB-CLIENT Stetch ActiveX CLSID unicode access (web-client.rules)
7482 <-> WEB-CLIENT WMT MuxDeMux Filter ActiveX CLSID access (web-client.rules)
7545 <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (spyware-put.rules)
7556 <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules)
7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules)
7578 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules)
7584 <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set open (spyware-put.rules)
7598 <-> SPYWARE-PUT Snoopware 2-seek runtime detection - search in toolbar (spyware-put.rules)
7607 <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules)
7766 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules)
7797 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
7818 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
7886 <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID access (web-client.rules)
7896 <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID access (web-client.rules)
7928 <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (web-client.rules)
7976 <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID access (web-client.rules)
8027 <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID access (web-client.rules)
8051 <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID access (web-client.rules)
8066 <-> WEB-CLIENT Windows Scripting Host Shell ActiveX CLSID access (web-client.rules)
8081 <-> SCAN UPnP service discover attempt (scan.rules)
8107 <-> NETBIOS SMB-DS webdav WriteAndX unicode little endian alter context attempt (netbios.rules)
8116 <-> NETBIOS SMB-DS webdav bind attempt (netbios.rules)
8129 <-> NETBIOS SMB webdav WriteAndX andx alter context attempt (netbios.rules)
8156 <-> NETBIOS SMB-DS webdav little endian andx bind attempt (netbios.rules)
8189 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX object call hostname overflow attempt (netbios.rules)
8204 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX little endian object call hostname overflow attempt (netbios.rules)
8205 <-> NETBIOS SMB v4 webdav DavrCreateConnection WriteAndX unicode andx hostname overflow attempt (netbios.rules)
8213 <-> NETBIOS SMB v4 webdav DavrCreateConnection WriteAndX little endian andx hostname overflow attempt (netbios.rules)
8236 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX little endian andx hostname overflow attempt (netbios.rules)
8243 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX andx object call hostname overflow attempt (netbios.rules)
8260 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX unicode little endian object call username overflow attempt (netbios.rules)
8272 <-> NETBIOS SMB-DS webdav DavrCreateConnection unicode object call username overflow attempt (netbios.rules)
8279 <-> NETBIOS SMB-DS v4 webdav DavrCreateConnection username overflow attempt (netbios.rules)
8335 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX little endian andx username overflow attempt (netbios.rules)
8348 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX unicode little endian andx object call username overflow attempt (netbios.rules)
8357 <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection - send alert out through email (spyware-put.rules)
8360 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules)
8372 <-> WEB-CLIENT Outlook.Application ActiveX CLSID unicode access (web-client.rules)
8402 <-> WEB-CLIENT Windows Media Services DRM Storage ActiveX CLSID unicode access (web-client.rules)
8416 <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules)
8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8450 <-> NETBIOS SMB Rename invalid buffer type attempt (netbios.rules)
8568 <-> NETBIOS SMB IActivation unicode andx alter context attempt (netbios.rules)
8579 <-> NETBIOS SMB IActivation WriteAndX little endian andx bind attempt (netbios.rules)
8606 <-> NETBIOS DCERPC NCACN-HTTP IActivation little endian bind attempt (netbios.rules)
8615 <-> NETBIOS SMB IActivation remoteactivation unicode overflow attempt (netbios.rules)
8617 <-> NETBIOS SMB-DS IActivation remoteactivation overflow attempt (netbios.rules)
8631 <-> NETBIOS SMB IActivation remoteactivation unicode object call overflow attempt (netbios.rules)
8653 <-> NETBIOS SMB-DS v4 IActivation remoteactivation unicode little endian andx overflow attempt (netbios.rules)
8664 <-> NETBIOS SMB-DS IActivation remoteactivation WriteAndX unicode andx overflow attempt (netbios.rules)
8679 <-> NETBIOS SMB IActivation remoteactivation unicode andx object call overflow attempt (netbios.rules)
8680 <-> NETBIOS SMB-DS IActivation remoteactivation WriteAndX unicode andx object call overflow attempt (netbios.rules)
8740 <-> WEB-CLIENT DWUSWebAgent.WebAgent.1 ActiveX function call access (web-client.rules)
8755 <-> WEB-CLIENT LM.AutoEffectBvr.1 ActiveX function call access (web-client.rules)
8766 <-> WEB-CLIENT DirectAnimation.DAView.1 ActiveX CLSID unicode access (web-client.rules)
8784 <-> WEB-CLIENT DirectAnimation.DAString.1 ActiveX CLSID unicode access (web-client.rules)
8792 <-> WEB-CLIENT DirectAnimation.DAPoint2.1 ActiveX CLSID access (web-client.rules)
8795 <-> WEB-CLIENT DirectAnimation.DAPath4.1 ActiveX CLSID access (web-client.rules)
8813 <-> WEB-CLIENT DirectAnimation.DALineStyle.1 ActiveX CLSID access (web-client.rules)
8815 <-> WEB-CLIENT DirectAnimation.DALineStyle.1 ActiveX function call access (web-client.rules)
8821 <-> WEB-CLIENT DirectAnimation.DAImage.1 ActiveX function call access (web-client.rules)
8831 <-> WEB-CLIENT DirectAnimation.DACamera.1 ActiveX CLSID access (web-client.rules)
8864 <-> NETBIOS SMB wkssvc unicode little endian alter context attempt (netbios.rules)
8873 <-> NETBIOS SMB-DS wkssvc unicode little endian bind attempt (netbios.rules)
8901 <-> NETBIOS SMB wkssvc WriteAndX unicode little endian andx bind attempt (netbios.rules)
8926 <-> NETBIOS SMB wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules)
8969 <-> NETBIOS SMB-DS wkssvc NetrAddAlternateComputerName WriteAndX little endian overflow attempt (netbios.rules)
8989 <-> NETBIOS SMB wkssvc NetrAddAlternateComputerName little endian andx overflow attempt (netbios.rules)
9008 <-> NETBIOS SMB-DS wkssvc NetrAddAlternateComputerName andx object call overflow attempt (netbios.rules)
9029 <-> NETBIOS SMB-DS wkssvc NetrJoinDomain2 unicode object call overflow attempt (netbios.rules)
9032 <-> NETBIOS SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian object call overflow attempt (netbios.rules)
9042 <-> NETBIOS SMB wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt (netbios.rules)
9045 <-> NETBIOS SMB wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt (netbios.rules)
9053 <-> NETBIOS SMB-DS v4 wkssvc NetrJoinDomain2 overflow attempt (netbios.rules)
9101 <-> NETBIOS SMB-DS v4 wkssvc NetrJoinDomain2 andx overflow attempt (netbios.rules)
9125 <-> NETBIOS DCERPC DIRECT wkssvc NetrJoinDomain2 little endian overflow attempt (netbios.rules)
9135 <-> NETBIOS SMB-DS netware_cs NwrOpenEnumNdsStubTrees_Any object call overflow attempt (netbios.rules)
9169 <-> NETBIOS SMB v4 netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules)
9235 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation WriteAndX unicode object call overflow attempt (netbios.rules)
9265 <-> NETBIOS SMB netware_cs NwGetConnectionInformation WriteAndX unicode overflow attempt (netbios.rules)
9271 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation little endian object call overflow attempt (netbios.rules)
9273 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation unicode little endian object call overflow attempt (netbios.rules)
9315 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation andx overflow attempt (netbios.rules)
9361 <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules)
9415 <-> SPECIFIC-THREATS plexus.a smtp propagation detection (specific-threats.rules)
9426 <-> SPECIFIC-THREATS mydoom.ap attachment (specific-threats.rules)
9474 <-> NETBIOS SMB ISystemActivator WriteAndX little endian andx alter context attempt (netbios.rules)
9479 <-> NETBIOS SMB-DS ISystemActivator WriteAndX little endian andx alter context attempt (netbios.rules)
9540 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance object call attempt (netbios.rules)
9549 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance unicode andx object call attempt (netbios.rules)
9621 <-> TFTP 3COM server transport mode buffer overflow attempt (tftp.rules)
9630 <-> WEB-CLIENT Citrix.ICAClient ActiveX clsid unicode access (web-client.rules)
9634 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (exploit.rules)
9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules)
9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules)
9691 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules)
9764 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 little endian overflow attempt (netbios.rules)
9772 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 overflow attempt (netbios.rules)
9797 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX function call access (web-client.rules)
9822 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid unicode access (web-client.rules)
9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules)
9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules)
9856 <-> NETBIOS SMB-DS tapisrv unicode little endian alter context attempt (netbios.rules)
9878 <-> NETBIOS SMB-DS tapisrv little endian bind attempt (netbios.rules)
9922 <-> NETBIOS SMB-DS v4 tapisrv ClientRequest WriteAndX little endian LSetAppPriority overflow attempt (netbios.rules)
9931 <-> NETBIOS SMB-DS tapisrv ClientRequest WriteAndX little endian LSetAppPriority overflow attempt (netbios.rules)
9952 <-> NETBIOS SMB tapisrv ClientRequest WriteAndX unicode object call LSetAppPriority overflow attempt (netbios.rules)
9966 <-> NETBIOS SMB-DS v4 tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt (netbios.rules)
9976 <-> NETBIOS SMB-DS tapisrv ClientRequest andx LSetAppPriority overflow attempt (netbios.rules)
9995 <-> NETBIOS SMB-DS tapisrv ClientRequest WriteAndX little endian andx object call LSetAppPriority overflow attempt (netbios.rules)
10022 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup object call attempt (netbios.rules)
10025 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
10032 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath_Function_45 attempt (netbios.rules)
10049 <-> NETBIOS DCERPC DIRECT brightstor-arc2 little endian bind attempt (netbios.rules)
10051 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 ASDBLoginToComputer little endian overflow attempt (netbios.rules)
10057 <-> NETBIOS DCERPC DIRECT brightstor-arc2 ASDBLoginToComputer little endian overflow attempt (netbios.rules)
10121 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGCBHandleFromGroupName little endian overflow attempt (netbios.rules)
10133 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access (web-client.rules)
10177 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid unicode access (web-client.rules)
10189 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid access (web-client.rules)
10206 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetRealTimeScanConfigInfo object call attempt (netbios.rules)
10218 <-> NETBIOS SMB svcctl unicode alter context attempt (netbios.rules)
10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (netbios.rules)
10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (netbios.rules)
10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (netbios.rules)
10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (netbios.rules)
10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (netbios.rules)
10289 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (netbios.rules)
10293 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules)
10313 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10320 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (netbios.rules)
10331 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules)
10338 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10340 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules)
10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules)
10359 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules)
10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules)
10423 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid access (web-client.rules)
10434 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call unicode access (web-client.rules)
10489 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 attempt (netbios.rules)
10490 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 little endian object call attempt (netbios.rules)
10492 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 16 attempt (netbios.rules)
10552 <-> NETBIOS SMB-DS v4 dns R_DnssrvUpdateRecord2 WriteAndX andx overflow attempt (netbios.rules)
10600 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx object call overflow attempt (deleted.rules)
10637 <-> DELETED NETBIOS SMB v4 dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules)
10669 <-> NETBIOS SMB-DS v4 dns R_DnssrvUpdateRecord2 unicode andx overflow attempt (netbios.rules)
10700 <-> NETBIOS SMB-DS dns unicode andx bind attempt (netbios.rules)
10746 <-> DELETED NETBIOS SMB dns andx alter context attempt (deleted.rules)
10792 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx bind attempt (deleted.rules)
10796 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian alter context attempt (deleted.rules)
10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules)
10810 <-> NETBIOS SMB-DS dns R_DnssrvEnumRecords WriteAndX little endian andx object call overflow attempt (netbios.rules)
10819 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules)
10946 <-> NETBIOS SMB-DS v4 dns R_DnssrvEnumRecords unicode andx overflow attempt (netbios.rules)
11038 <-> NETBIOS SMB rpcss unicode andx alter context attempt (netbios.rules)
11059 <-> NETBIOS SMB-DS rpcss unicode andx bind attempt (netbios.rules)
11072 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss bind attempt (netbios.rules)
11086 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules)
11115 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian object call attempt (netbios.rules)
11121 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules)
11155 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode andx object call attempt (netbios.rules)
11160 <-> NETBIOS SMB rpcss _RemoteGetClassObject andx object call attempt (netbios.rules)
11164 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian andx object call attempt (netbios.rules)
11181 <-> WEB-CLIENT Excel Viewer ActiveX clsid access (web-client.rules)
11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules)
11230 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid access (web-client.rules)
11241 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call access (web-client.rules)
11250 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid access (web-client.rules)
11257 <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules)
11283 <-> WEB-CLIENT FlexLabel ActiveX function call unicode access (web-client.rules)
11330 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode alter context attempt (netbios.rules)
11355 <-> NETBIOS SMB-DS lsarpc WriteAndX bind attempt (netbios.rules)
11371 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian bind attempt (netbios.rules)
11416 <-> NETBIOS SMB-DS lsarpc unicode little endian andx bind attempt (netbios.rules)
11438 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian bind attempt (netbios.rules)
11448 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11474 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11477 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11484 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11491 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules)
11497 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules)
11590 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11594 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11604 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11610 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11620 <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX function call access (web-client.rules)
11677 <-> WEB-CLIENT Provideo Camimage Class ISSCamControl ActiveX clsid access (web-client.rules)
11690 <-> NETBIOS SMB nddeapi WriteAndX bind attempt (netbios.rules)
11702 <-> NETBIOS SMB-DS nddeapi unicode little endian bind attempt (netbios.rules)
11751 <-> NETBIOS SMB nddeapi NDdeSetTrustedShareW unicode little endian overflow attempt (netbios.rules)
11774 <-> NETBIOS SMB v4 nddeapi NDdeSetTrustedShareW andx overflow attempt (netbios.rules)
11780 <-> NETBIOS SMB nddeapi NDdeSetTrustedShareW WriteAndX little endian andx overflow attempt (netbios.rules)
11792 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW andx overflow attempt (netbios.rules)
11795 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW WriteAndX unicode andx overflow attempt (netbios.rules)
11809 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW WriteAndX andx object call overflow attempt (netbios.rules)
11829 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call unicode access (web-client.rules)
11845 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules)
11857 <-> NETBIOS SMB spoolss AddPrinter little endian overflow attempt (netbios.rules)
11874 <-> NETBIOS SMB-DS spoolss AddPrinter unicode overflow attempt (netbios.rules)
11884 <-> NETBIOS SMB spoolss AddPrinter little endian object call overflow attempt (netbios.rules)
11917 <-> NETBIOS SMB v4 spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules)
11944 <-> WEB-CLIENT HP ModemUtil ActiveX clsid unicode access (web-client.rules)
11967 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX function call unicode access (web-client.rules)
12020 <-> WEB-CLIENT NCTsoft NCTAudioFile2 NCTWMAFile ActiveX clsid unicode access (web-client.rules)
12044 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules)
12047 <-> SPYWARE-PUT Adware yayad runtime detection (spyware-put.rules)
12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
12079 <-> EXPLOIT CA BrightStor LGServer Stack buffer overflow (exploit.rules)
12082 <-> ORACLE Oracle 9i TNS denial of service attempt (oracle.rules)
12091 <-> WEB-CLIENT EldoS SecureBlackbox PGPBBox ActiveX clsid access (web-client.rules)
12094 <-> WEB-CLIENT EldoS SecureBlackbox PGPBBox ActiveX function call unicode access (web-client.rules)
12096 <-> WEB-CLIENT Zenturi ProgramChecker ActiveX clsid unicode access (web-client.rules)
12119 <-> WEB-CLIENT Zenturi ProgramChecker SASATL ActiveX function call unicode access (web-client.rules)
12128 <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - init connection (spyware-put.rules)
12189 <-> WEB-CLIENT Clever Internet Suite ActiveX clsid access (web-client.rules)
12207 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (web-client.rules)
12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules)
12243 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules)
12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules)
12345 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object call attempt (netbios.rules)
12353 <-> NETBIOS DCERPC DIRECT ca-alert alter context attempt (netbios.rules)
12354 <-> NETBIOS DCERPC DIRECT ca-alert little endian alter context attempt (netbios.rules)
12355 <-> NETBIOS DCERPC DIRECT ca-alert bind attempt (netbios.rules)
12356 <-> NETBIOS DCERPC DIRECT ca-alert little endian bind attempt (netbios.rules)
12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules)
12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules)
12359 <-> EXPLOIT Asterisk data length field overflow (exploit.rules)
12360 <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules)
12361 <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules)
12362 <-> EXPLOIT Squid HTTP Proxy-Authorization overflow (exploit.rules)