Sourcefire VRT Rules Update
Date: 2007-09-04
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.
The format of the file is:
sid - Message (rule group)
Updated rules: 2048 <-> DELETED MISC rsyncd overflow attempt (deleted.rules) 3466 <-> WEB-MISC Authorization Basic overflow attempt (web-misc.rules) 9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules) 12190 <-> WEB-CLIENT Clever Internet Suite ActiveX clsid unicode access (web-client.rules) 12191 <-> WEB-CLIENT Clever Internet Suite ActiveX function call access (web-client.rules) 12192 <-> WEB-CLIENT Clever Internet Suite ActiveX function call unicode access (web-client.rules) 12200 <-> WEB-CLIENT VMWare IntraProcessLogging ActiveX clsid access (web-client.rules) 12201 <-> WEB-CLIENT VMWare IntraProcessLogging ActiveX clsid unicode access (web-client.rules) 12257 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid access (web-client.rules) 12258 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX clsid unicode access (web-client.rules) 12259 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call access (web-client.rules) 12260 <-> WEB-CLIENT Microsoft DirectX Media SDK ActiveX function call unicode access (web-client.rules) 12299 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules) 12300 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules) 12301 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid access (web-client.rules) 12302 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid unicode access (web-client.rules) 12303 <-> POLICY Google Chat web client connection (policy.rules) 12305 <-> POLICY Yahoo Messenger web client connection (policy.rules) 12306 <-> POLICY Microsoft Messenger web client connection (policy.rules) New rules: 201 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request (deleted.rules) 284 <-> POP2 x86 Linux overflow (pop2.rules) 285 <-> POP2 x86 Linux overflow (pop2.rules) 292 <-> EXPLOIT x86 Linux samba overflow (exploit.rules) 320 <-> FINGER cmd_rootsh backdoor attempt (finger.rules) 321 <-> FINGER account enumeration attempt (finger.rules) 322 <-> FINGER search query (finger.rules) 323 <-> FINGER root query (finger.rules) 324 <-> FINGER null request (finger.rules) 326 <-> FINGER remote command execution attempt (finger.rules) 327 <-> FINGER remote command pipe execution attempt (finger.rules) 328 <-> FINGER bomb attempt (finger.rules) 330 <-> FINGER redirection attempt (finger.rules) 331 <-> FINGER cybercop query (finger.rules) 332 <-> FINGER 0 query (finger.rules) 333 <-> FINGER . query (finger.rules) 465 <-> ICMP ISS Pinger (icmp.rules) 466 <-> ICMP L3retriever Ping (icmp.rules) 467 <-> ICMP Nemesis v1.1 Echo (icmp.rules) 469 <-> ICMP PING NMAP (icmp.rules) 471 <-> ICMP icmpenum v1.1.1 (icmp.rules) 472 <-> ICMP redirect host (icmp.rules) 473 <-> ICMP redirect net (icmp.rules) 474 <-> ICMP superscan echo (icmp.rules) 475 <-> ICMP traceroute ipopts (icmp.rules) 476 <-> ICMP webtrends scanner (icmp.rules) 477 <-> ICMP Source Quench (icmp.rules) 478 <-> ICMP Broadscan Smurf Scanner (icmp.rules) 480 <-> ICMP PING speedera (icmp.rules) 481 <-> ICMP TJPingPro1.1Build 2 Windows (icmp.rules) 482 <-> ICMP PING WhatsupGold Windows (icmp.rules) 483 <-> ICMP PING CyberKit 2.2 Windows (icmp.rules) 484 <-> ICMP PING Sniffer Pro/NetXRay network scan (icmp.rules) 485 <-> ICMP Destination Unreachable Communication Administratively Prohibited (icmp.rules) 486 <-> ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp.rules) 487 <-> ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp.rules) 488 <-> INFO Connection Closed MSG from Port 80 (info.rules) 489 <-> INFO FTP no password (info.rules) 490 <-> INFO battle-mail traffic (info.rules) 491 <-> INFO FTP Bad login (info.rules) 492 <-> INFO TELNET login failed (info.rules) 493 <-> INFO psyBNC access (info.rules) 518 <-> TFTP Put (tftp.rules) 519 <-> TFTP parent directory (tftp.rules) 520 <-> TFTP root directory (tftp.rules) 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules) 524 <-> BAD-TRAFFIC tcp port 0 traffic (bad-traffic.rules) 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules) 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules) 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules) 538 <-> DELETED NETBIOS SMB IPC$ unicode share access (deleted.rules) 601 <-> RSERVICES rlogin LinuxNIS (rservices.rules) 602 <-> RSERVICES rlogin bin (rservices.rules) 603 <-> RSERVICES rlogin echo++ (rservices.rules) 604 <-> RSERVICES rsh froot (rservices.rules) 605 <-> RSERVICES rlogin login failure (rservices.rules) 606 <-> RSERVICES rlogin root (rservices.rules) 607 <-> RSERVICES rsh bin (rservices.rules) 608 <-> RSERVICES rsh echo + + (rservices.rules) 609 <-> RSERVICES rsh froot (rservices.rules) 610 <-> RSERVICES rsh root (rservices.rules) 611 <-> RSERVICES rlogin login failure (rservices.rules) 613 <-> SCAN myscan (scan.rules) 616 <-> SCAN ident version request (scan.rules) 619 <-> SCAN cybercop os probe (scan.rules) 621 <-> SCAN FIN (scan.rules) 622 <-> SCAN ipEye SYN scan (scan.rules) 623 <-> SCAN NULL (scan.rules) 624 <-> SCAN SYN FIN (scan.rules) 625 <-> SCAN XMAS (scan.rules) 626 <-> SCAN cybercop os PA12 attempt (scan.rules) 627 <-> SCAN cybercop os SFU12 probe (scan.rules) 630 <-> SCAN synscan portscan (scan.rules) 631 <-> SMTP ehlo cybercop attempt (smtp.rules) 634 <-> SCAN Amanda client version request (scan.rules) 635 <-> SCAN XTACACS logout (scan.rules) 636 <-> SCAN cybercop udp bomb (scan.rules) 637 <-> SCAN Webtrends Scanner UDP Probe (scan.rules) 657 <-> SMTP chameleon overflow (smtp.rules) 667 <-> SMTP sendmail 8.6.10 exploit (smtp.rules) 718 <-> INFO TELNET login incorrect (info.rules) 721 <-> VIRUS OUTBOUND bad file attachment (virus.rules) 755 <-> DELETED Virus - Possible IROK Worm (deleted.rules) 774 <-> DELETED Virus - Possible CheckThis Trojan (deleted.rules) 786 <-> DELETED Virus - Possible NewApt.Worm - goal.exe (deleted.rules) 792 <-> DELETED Virus - Possible Resume Worm (deleted.rules) 893 <-> DELETED WEB-CGI MachineInfo access (deleted.rules) 1133 <-> SCAN cybercop os probe (scan.rules) 1225 <-> X11 MIT Magic Cookie detected (x11.rules) 1226 <-> X11 xopen (x11.rules) 1227 <-> DELETED X11 outbound client connection detected (deleted.rules) 1228 <-> SCAN nmap XMAS (scan.rules) 1264 <-> RPC portmap bootparam request TCP (rpc.rules) 1279 <-> RPC portmap snmpXdmi request UDP (rpc.rules) 1289 <-> TFTP GET Admin.dll (tftp.rules) 1295 <-> NETBIOS nimda RICHED20.DLL (netbios.rules) 1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules) 1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules) 1341 <-> DELETED WEB-ATTACKS /usr/bin/gcc command attempt (deleted.rules) 1353 <-> DELETED WEB-ATTACKS bin/nasm command attempt (deleted.rules) 1366 <-> DELETED WEB-ATTACKS mail command attempt (deleted.rules) 1369 <-> DELETED WEB-ATTACKS /bin/ls command attempt (deleted.rules) 1382 <-> EXPLOIT CHAT IRC Ettercap parse overflow attempt (exploit.rules) 1428 <-> MULTIMEDIA audio galaxy keepalive (multimedia.rules) 1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules) 1436 <-> MULTIMEDIA Quicktime User Agent access (multimedia.rules) 1437 <-> MULTIMEDIA Windows Media download (multimedia.rules) 1439 <-> MULTIMEDIA Shoutcast playlist redirection (multimedia.rules) 1440 <-> MULTIMEDIA Icecast playlist redirection (multimedia.rules) 1441 <-> TFTP GET nc.exe (tftp.rules) 1442 <-> TFTP GET shadow (tftp.rules) 1443 <-> TFTP GET passwd (tftp.rules) 1444 <-> TFTP Get (tftp.rules) 1538 <-> NNTP AUTHINFO USER overflow attempt (nntp.rules) 1541 <-> FINGER version query (finger.rules) 1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules) 1629 <-> OTHER-IDS SecureNetPro traffic (other-ids.rules) 1638 <-> SCAN SSH Version map attempt (scan.rules) 1683 <-> ORACLE all_tables access (oracle.rules) 1760 <-> OTHER-IDS ISS RealSecure 6 event collector connection attempt (other-ids.rules) 1761 <-> OTHER-IDS ISS RealSecure 6 daemon connection attempt (other-ids.rules) 1792 <-> NNTP return code buffer overflow attempt (nntp.rules) 1813 <-> ICMP digital island bandwidth query (icmp.rules) 1912 <-> RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules) 1917 <-> SCAN UPnP service discover attempt (scan.rules) 1918 <-> SCAN SolarWinds IP scan attempt (scan.rules) 1934 <-> POP2 FOLD overflow attempt (pop2.rules) 1935 <-> POP2 FOLD arbitrary file attempt (pop2.rules) 1941 <-> TFTP GET filename overflow attempt (tftp.rules) 1965 <-> RPC tooltalk TCP overflow attempt (rpc.rules) 1985 <-> BACKDOOR Doly 1.5 server response (backdoor.rules) 2016 <-> RPC portmap status request TCP (rpc.rules) 2027 <-> RPC yppasswd old password overflow attempt UDP (rpc.rules) 2082 <-> RPC portmap rpc.xfsmd request TCP (rpc.rules) 2113 <-> RSERVICES rexec username overflow attempt (rservices.rules) 2114 <-> RSERVICES rexec password overflow attempt (rservices.rules) 2164 <-> DELETED VIRUS OUTBOUND .reg file attachment (deleted.rules) 2175 <-> NETBIOS SMB winreg WriteAndX little endian bind attempt (netbios.rules) 2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules) 2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules) 2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules) 2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules) 2193 <-> NETBIOS SMB ISystemActivator WriteAndX unicode alter context attempt (netbios.rules) 2268 <-> SMTP MAIL FROM sendmail prescan too long addresses overflow (smtp.rules) 2337 <-> TFTP PUT filename overflow attempt (tftp.rules) 2339 <-> TFTP NULL command attempt (tftp.rules) 2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules) 2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules) 2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules) 2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules) 2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules) 2424 <-> NNTP sendsys overflow attempt (nntp.rules) 2425 <-> NNTP senduuname overflow attempt (nntp.rules) 2426 <-> NNTP version overflow attempt (nntp.rules) 2427 <-> NNTP checkgroups overflow attempt (nntp.rules) 2428 <-> NNTP ihave overflow attempt (nntp.rules) 2429 <-> NNTP sendme overflow attempt (nntp.rules) 2430 <-> NNTP newgroup overflow attempt (nntp.rules) 2431 <-> NNTP rmgroup overflow attempt (nntp.rules) 2432 <-> NNTP article post without path attempt (nntp.rules) 2462 <-> EXPLOIT IGMP IGAP account overflow attempt (exploit.rules) 2481 <-> NETBIOS SMB-DS winreg InitiateSystemShutdown WriteAndX unicode attempt (netbios.rules) 2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules) 2508 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 2636 <-> DELETED ORACLE snapshot.end_load ordered gname buffer overflow attempt (deleted.rules) 2671 <-> WEB-CLIENT bitmap BitmapOffset integer overflow attempt (web-client.rules) 2684 <-> ORACLE sys.ltutil.pushdeferredtxns buffer overflow attempt (oracle.rules) 2698 <-> ORACLE create file buffer overflow attempt (oracle.rules) 2713 <-> ORACLE dbms_offline_og.end_load buffer overflow attempt (oracle.rules) 2740 <-> ORACLE dbms_repcat.alter_priority_raw buffer overflow attempt (oracle.rules) 2747 <-> ORACLE dbms_repcat.begin_flavor_definition buffer overflow attempt (oracle.rules) 2759 <-> ORACLE dbms_repcat.create_snapshot_repgroup buffer overflow attempt (oracle.rules) 2760 <-> ORACLE dbms_repcat.define_column_group buffer overflow attempt (oracle.rules) 2773 <-> ORACLE dbms_repcat.drop_priority_nchar buffer overflow attempt (oracle.rules) 2802 <-> ORACLE dbms_repcat_rgt.check_ddl_text buffer overflow attempt (oracle.rules) 2809 <-> ORACLE dbms_repcat.unregister_mview_repgroup buffer overflow attempt (oracle.rules) 2816 <-> ORACLE sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt (oracle.rules) 2823 <-> ORACLE sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt (oracle.rules) 2832 <-> ORACLE sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt (oracle.rules) 2885 <-> ORACLE sys.dbms_repcat_conf.define_priority_group buffer overflow attempt (oracle.rules) 2902 <-> ORACLE sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt (oracle.rules) 2925 <-> INFO web bug 1x1 gif attempt (info.rules) 2927 <-> NNTP XPAT pattern overflow attempt (nntp.rules) 2928 <-> NETBIOS SMB-DS nddeapi little endian alter context attempt (netbios.rules) 2938 <-> NETBIOS SMB v4 nddeapi NDdeSetTrustedShareW WriteAndX overflow attempt (netbios.rules) 3018 <-> NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules) 3078 <-> NNTP SEARCH pattern overflow attempt (nntp.rules) 3093 <-> NETBIOS SMB-DS llsrpc WriteAndX unicode little endian bind attempt (netbios.rules) 3101 <-> NETBIOS SMB-DS llsrpc unicode bind attempt (netbios.rules) 3106 <-> NETBIOS SMB llsrpc unicode alter context attempt (netbios.rules) 3115 <-> NETBIOS SMB-DS llsrpc LlsrConnect WriteAndX unicode overflow attempt (netbios.rules) 3125 <-> NETBIOS SMB-DS llsrpc LlsrConnect WriteAndX overflow attempt (netbios.rules) 3151 <-> FINGER / execution attempt (finger.rules) 3206 <-> NETBIOS SMB-DS winreg little endian alter context attempt (netbios.rules) 3261 <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning little endian overflow attempt (netbios.rules) 3403 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance little endian object call attempt (netbios.rules) 3410 <-> NETBIOS SMB IActivation remoteactivation unicode little endian overflow attempt (netbios.rules) 3417 <-> NETBIOS SMB-DS v4 IActivation remoteactivation WriteAndX unicode overflow attempt (netbios.rules) 3424 <-> NETBIOS SMB v4 IActivation remoteactivation unicode overflow attempt (netbios.rules) 3438 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 3462 <-> SMTP Content-Encoding overflow attempt (smtp.rules) 3478 <-> EXPLOIT ARCserve backup TCP product info msg 0x9c client domain overflow (exploit.rules) 3493 <-> SMTP SSLv2 Client_Hello request (smtp.rules) 3495 <-> SMTP TLSv1 Client_Hello request (smtp.rules) 3522 <-> EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules) 3567 <-> NETBIOS SMB mqqm bind attempt (netbios.rules) 3619 <-> NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt (netbios.rules) 3626 <-> ICMP PATH MTU denial of service (icmp.rules) 3645 <-> NETBIOS SMB-DS Trans unicode data displacement null pointer DOS attempt (netbios.rules) 3650 <-> NETBIOS-DG SMB Trans unicode andx data displacement null pointer DOS attempt (netbios.rules) 3753 <-> DELETED NETBIOS SMB-DS veritas alter context attempt (deleted.rules) 3817 <-> TFTP GET transfer mode overflow attempt (tftp.rules) 3818 <-> TFTP PUT transfer mode overflow attempt (tftp.rules) 3837 <-> NETBIOS SMB umpnpmgr WriteAndX unicode andx alter context attempt (netbios.rules) 3857 <-> NETBIOS SMB umpnpmgr unicode little endian andx alter context attempt (netbios.rules) 3860 <-> NETBIOS SMB-DS umpnpmgr WriteAndX alter context attempt (netbios.rules) 3869 <-> NETBIOS SMB-DS umpnpmgr WriteAndX unicode andx alter context attempt (netbios.rules) 3894 <-> DELETED NETBIOS SMB-DS umpnpmgr unicode andx bind attempt (deleted.rules) 3922 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx bind attempt (deleted.rules) 3942 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx bind attempt (deleted.rules) 3952 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList andx attempt (netbios.rules) 3959 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (netbios.rules) 3979 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (netbios.rules) 3997 <-> NETBIOS SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (netbios.rules) 4007 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (netbios.rules) 4010 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_QueryResConfList little endian andx attempt (netbios.rules) 4032 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules) 4045 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules) 4064 <-> NETBIOS SMB umpnpmgr PNP_DetectResourceConflict WriteAndX little endian attempt (netbios.rules) 4073 <-> NETBIOS SMB umpnpmgr PNP_DetectResourceConflict unicode andx attempt (netbios.rules) 4082 <-> NETBIOS SMB v4 umpnpmgr PNP_DetectResourceConflict WriteAndX unicode attempt (netbios.rules) 4096 <-> NETBIOS SMB-DS umpnpmgr PNP_DetectResourceConflict WriteAndX little endian attempt (netbios.rules) 4103 <-> NETBIOS SMB-DS umpnpmgr PNP_DetectResourceConflict little endian andx attempt (netbios.rules) 4123 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt (netbios.rules) 4136 <-> WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules) 4148 <-> WEB-CLIENT DHTML Editing ActiveX Object Access (web-client.rules) 4162 <-> WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules) 4174 <-> WEB-CLIENT Symantec RuFSI registry Information Class ActiveX Object Access (web-client.rules) 4175 <-> WEB-CLIENT Office 2000/2002 Web Components PivotTable ActiveX Object Access (web-client.rules) 4182 <-> WEB-CLIENT MSN Chat v4.5, 4.6 ActiveX Object Access (web-client.rules) 4190 <-> WEB-CLIENT Kodak Thumbnail Image ActiveX Object Access (web-client.rules) 4197 <-> WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules) 4205 <-> WEB-CLIENT Microsoft Visual Database Tools Database Designer v7.0 ActiveX Object Access (web-client.rules) 4240 <-> NETBIOS DCERPC DIRECT msdtc little endian bind attempt (netbios.rules) 4260 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little endian attempt (netbios.rules) 4265 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx attempt (netbios.rules) 4275 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little endian andx attempt (netbios.rules) 4306 <-> NETBIOS SMB v4 umpnpmgr PNP_GetDeviceListSize WriteAndX little endian attempt (netbios.rules) 4366 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceListSize WriteAndX unicode attempt (netbios.rules) 4371 <-> NETBIOS SMB umpnpmgr PNP_GetDeviceListSize WriteAndX andx attempt (netbios.rules) 4382 <-> NETBIOS SMB spoolss andx alter context attempt (netbios.rules) 4404 <-> NETBIOS SMB spoolss WriteAndX unicode andx bind attempt (netbios.rules) 4452 <-> NETBIOS SMB-DS spoolss WriteAndX unicode andx alter context attempt (netbios.rules) 4459 <-> NETBIOS SMB-DS spoolss unicode little endian andx alter context attempt (netbios.rules) 4469 <-> NETBIOS SMB-DS spoolss little endian bind attempt (netbios.rules) 4516 <-> NETBIOS SMB netware_cs WriteAndX little endian bind attempt (netbios.rules) 4559 <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules) 4563 <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules) 4583 <-> NETBIOS SMB-DS netware_cs WriteAndX unicode andx bind attempt (netbios.rules) 4592 <-> NETBIOS SMB-DS netware_cs bind attempt (netbios.rules) 4636 <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode overflow attempt (netbios.rules) 4677 <-> ORACLE enterprise manager application server control GET parameter overflow attempt (oracle.rules) 4697 <-> NETBIOS SMB locator WriteAndX unicode bind attempt (netbios.rules) 4700 <-> NETBIOS SMB locator WriteAndX unicode little endian andx bind attempt (netbios.rules) 4711 <-> NETBIOS SMB locator unicode andx alter context attempt (netbios.rules) 4720 <-> NETBIOS SMB-DS locator WriteAndX andx bind attempt (netbios.rules) 4727 <-> NETBIOS SMB-DS locator WriteAndX unicode andx alter context attempt (netbios.rules) 4736 <-> NETBIOS SMB-DS locator andx bind attempt (netbios.rules) 4746 <-> NETBIOS SMB-DS locator unicode little endian alter context attempt (netbios.rules) 4765 <-> NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode overflow attempt (netbios.rules) 4799 <-> NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian andx overflow attempt (netbios.rules) 4807 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX little endian andx overflow attempt (netbios.rules) 4812 <-> NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX unicode little endian overflow attempt (netbios.rules) 4825 <-> NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin overflow attempt (netbios.rules) 4844 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode attempt (netbios.rules) 4864 <-> NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode andx attempt (netbios.rules) 4877 <-> NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode little endian andx attempt (netbios.rules) 4879 <-> NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt (netbios.rules) 4894 <-> WEB-CLIENT PSEnumVariant ActiveX Object Access (web-client.rules) 4905 <-> WEB-CLIENT Microsoft Repository Object ActiveX Object Access (web-client.rules) 4922 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt (netbios.rules) 4974 <-> NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt (netbios.rules) 5007 <-> NETBIOS SMB lsass little endian alter context attempt (netbios.rules) 5010 <-> NETBIOS SMB lsass WriteAndX unicode little endian alter context attempt (netbios.rules) 5026 <-> NETBIOS SMB-DS lsass WriteAndX unicode little endian bind attempt (netbios.rules) 5076 <-> NETBIOS-DG SMB lsass WriteAndX little endian andx bind attempt (netbios.rules) 5098 <-> NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5101 <-> NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5126 <-> NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5151 <-> NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5210 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5219 <-> NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5264 <-> NETBIOS SMB lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5307 <-> NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5320 <-> VIRUS Possible Sober virus set one call home attempt (virus.rules) 5321 <-> VIRUS Possible Sober virus set one NTP time check attempt (virus.rules) 5322 <-> VIRUS Possible Sober virus set two NTP time check attempt (virus.rules) 5323 <-> VIRUS Possible Sober virus set three NTP time check attempt (virus.rules) 5324 <-> VIRUS Possible Sober virus set two call home attempt (virus.rules) 5332 <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotRevoke little endian overflow attempt (netbios.rules) 5394 <-> NETBIOS SMB-DS llsrpc2 WriteAndX little endian andx bind attempt (netbios.rules) 5403 <-> NETBIOS SMB llsrpc unicode bind attempt (netbios.rules) 5434 <-> NETBIOS SMB llsrpc andx bind attempt (netbios.rules) 5456 <-> NETBIOS SMB llsrpc LlsrConnect WriteAndX little endian andx overflow attempt (netbios.rules) 5461 <-> NETBIOS SMB llsrpc LlsrConnect little endian andx overflow attempt (netbios.rules) 5472 <-> NETBIOS SMB v4 llsrpc LlsrConnect unicode andx overflow attempt (netbios.rules) 5479 <-> NETBIOS SMB v4 llsrpc LlsrConnect little endian andx overflow attempt (netbios.rules) 5497 <-> NETBIOS SMB-DS llsrpc2 LlsrLicenseRequestW WriteAndX little endian overflow attempt (netbios.rules) 5520 <-> NETBIOS SMB llsrpc2 LlsrLicenseRequestW WriteAndX andx overflow attempt (netbios.rules) 5585 <-> NETBIOS SMB v4 winreg OpenKey overflow attempt (netbios.rules) 5602 <-> NETBIOS SMB winreg OpenKey little endian andx overflow attempt (netbios.rules) 5624 <-> NETBIOS SMB v4 winreg OpenKey WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5634 <-> NETBIOS SMB-DS v4 winreg InitiateSystemShutdown unicode little endian attempt (netbios.rules) 5651 <-> NETBIOS SMB-DS winreg InitiateSystemShutdown unicode little endian andx attempt (netbios.rules) 5673 <-> NETBIOS SMB winreg InitiateSystemShutdown WriteAndX andx attempt (netbios.rules) 5685 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules) 5689 <-> SMTP TLSv1 Client_Hello request (smtp.rules) 5714 <-> SMTP x-unix-mode executable mail attachment (smtp.rules) 5729 <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules) 5739 <-> SMTP headers too long server response (smtp.rules) 5746 <-> SPYWARE-PUT Hijacker adultlinks runtime detection - load url (spyware-put.rules) 5778 <-> SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules) 5881 <-> SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules) 5893 <-> SPYWARE-PUT Trackware wordiq toolbar runtime detection - search keyword (spyware-put.rules) 5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules) 5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules) 6007 <-> WEB-CLIENT Microsoft DT DDS OrgChart GDD Layout ActiveX Object Access (web-client.rules) 6053 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules) 6224 <-> SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules) 6231 <-> DELETED SPYWARE-PUT Adware mirar runtime detection - search (deleted.rules) 6270 <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules) 6279 <-> SPYWARE-PUT Hijacker sidefind runtime detection (spyware-put.rules) 6353 <-> SPYWARE-PUT Hijacker adblock ie search assistant redirect detection (spyware-put.rules) 6368 <-> SPYWARE-PUT Adware flashtrack media/spoton runtime detection - update request (spyware-put.rules) 6370 <-> DELETED SPYWARE-PUT Adware flashtrack media runtime detection - download .exe (deleted.rules) 6379 <-> SPYWARE-PUT Hijacker adbars runtime detection - search in toolbar (spyware-put.rules) 6426 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW invalid uuid size attempt (netbios.rules) 6443 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW heap overflow attempt (netbios.rules) 6448 <-> NETBIOS DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt (netbios.rules) 6455 <-> NETBIOS DCERPC DIRECT msdtc BuildContext heap overflow attempt (netbios.rules) 6524 <-> NETBIOS SMB-DS rras alter context attempt (netbios.rules) 6562 <-> NETBIOS SMB rras unicode little endian andx alter context attempt (netbios.rules) 6567 <-> NETBIOS SMB-DS rras WriteAndX unicode little endian andx alter context attempt (netbios.rules) 6576 <-> NETBIOS SMB rras little endian andx bind attempt (netbios.rules) 6583 <-> NETBIOS SMB-DS rras WriteAndX unicode little endian andx bind attempt (netbios.rules) 6586 <-> NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6613 <-> NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6626 <-> NETBIOS SMB rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules) 6634 <-> NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules) 6635 <-> NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6647 <-> NETBIOS SMB v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules) 6664 <-> NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6671 <-> NETBIOS SMB rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules) 6690 <-> WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules) 6692 <-> WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules) 6714 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode little endian object call phonebook mode overflow attempt (netbios.rules) 6723 <-> NETBIOS SMB v4 rras RasRpcSetUserPreferences WriteAndX unicode little endian phonebook mode overflow attempt (netbios.rules) 6742 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode phonebook mode overflow attempt (netbios.rules) 6773 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences unicode andx phonebook mode overflow attempt (netbios.rules) 6864 <-> NETBIOS SMB v4 rras RasRpcSetUserPreferences WriteAndX andx area/country overflow attempt (netbios.rules) 6916 <-> NETBIOS SMB-DS v4 rras RasRpcSetUserPreferences callback number overflow attempt (netbios.rules) 6929 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences little endian object call callback number overflow attempt (netbios.rules) 6933 <-> NETBIOS SMB rras RasRpcSetUserPreferences little endian object call callback number overflow attempt (netbios.rules) 6976 <-> NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX andx object call callback number overflow attempt (netbios.rules) 6995 <-> NETBIOS SMB rras RasRpcSetUserPreferences WriteAndX andx callback number overflow attempt (netbios.rules) 7003 <-> WEB-CLIENT ADODB.Recordset ActiveX function call access (web-client.rules) 7014 <-> WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function call access (web-client.rules) 7117 <-> DELETED BACKDOOR y3k 1.2 runtime detection - icq notification (deleted.rules) 7232 <-> NETBIOS SMB-DS srvsvc NetrPathCanonicalize overflow attempt (netbios.rules) 7244 <-> NETBIOS SMB-DS v4 srvsvc NetrPathCanonicalize overflow attempt (netbios.rules) 7261 <-> NETBIOS SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt (netbios.rules) 7264 <-> NETBIOS SMB v4 srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow attempt (netbios.rules) 7302 <-> NETBIOS SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt (netbios.rules) 7336 <-> NETBIOS SMB-DS srvsvc WriteAndX unicode bind attempt (netbios.rules) 7365 <-> NETBIOS SMB srvsvc little endian andx alter context attempt (netbios.rules) 7397 <-> NETBIOS-DG SMB srvsvc little endian andx bind attempt (netbios.rules) 7408 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc little endian alter context attempt (netbios.rules) 7451 <-> WEB-CLIENT Stetch ActiveX CLSID unicode access (web-client.rules) 7482 <-> WEB-CLIENT WMT MuxDeMux Filter ActiveX CLSID access (web-client.rules) 7545 <-> SPYWARE-PUT Keylogger PerfectKeylogger runtime detection - flowbit set 2 (spyware-put.rules) 7556 <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules) 7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules) 7578 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - reference (spyware-put.rules) 7584 <-> SPYWARE-PUT Hacker-Tool clandestine runtime detection - flowbit set open (spyware-put.rules) 7598 <-> SPYWARE-PUT Snoopware 2-seek runtime detection - search in toolbar (spyware-put.rules) 7607 <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules) 7766 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules) 7797 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules) 7818 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules) 7886 <-> WEB-CLIENT AolCalSvr.ACDictionary ActiveX CLSID access (web-client.rules) 7896 <-> WEB-CLIENT AOL.PicEditCtrl ActiveX CLSID access (web-client.rules) 7928 <-> WEB-CLIENT file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (web-client.rules) 7976 <-> WEB-CLIENT ShellFolder for CD Burning ActiveX CLSID access (web-client.rules) 8027 <-> WEB-CLIENT Microsoft WBEM Event Subsystem ActiveX CLSID access (web-client.rules) 8051 <-> WEB-CLIENT WDM Instance Provider ActiveX CLSID access (web-client.rules) 8066 <-> WEB-CLIENT Windows Scripting Host Shell ActiveX CLSID access (web-client.rules) 8081 <-> SCAN UPnP service discover attempt (scan.rules) 8107 <-> NETBIOS SMB-DS webdav WriteAndX unicode little endian alter context attempt (netbios.rules) 8116 <-> NETBIOS SMB-DS webdav bind attempt (netbios.rules) 8129 <-> NETBIOS SMB webdav WriteAndX andx alter context attempt (netbios.rules) 8156 <-> NETBIOS SMB-DS webdav little endian andx bind attempt (netbios.rules) 8189 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX object call hostname overflow attempt (netbios.rules) 8204 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX little endian object call hostname overflow attempt (netbios.rules) 8205 <-> NETBIOS SMB v4 webdav DavrCreateConnection WriteAndX unicode andx hostname overflow attempt (netbios.rules) 8213 <-> NETBIOS SMB v4 webdav DavrCreateConnection WriteAndX little endian andx hostname overflow attempt (netbios.rules) 8236 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX little endian andx hostname overflow attempt (netbios.rules) 8243 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX andx object call hostname overflow attempt (netbios.rules) 8260 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX unicode little endian object call username overflow attempt (netbios.rules) 8272 <-> NETBIOS SMB-DS webdav DavrCreateConnection unicode object call username overflow attempt (netbios.rules) 8279 <-> NETBIOS SMB-DS v4 webdav DavrCreateConnection username overflow attempt (netbios.rules) 8335 <-> NETBIOS SMB webdav DavrCreateConnection WriteAndX little endian andx username overflow attempt (netbios.rules) 8348 <-> NETBIOS SMB-DS webdav DavrCreateConnection WriteAndX unicode little endian andx object call username overflow attempt (netbios.rules) 8357 <-> SPYWARE-PUT Keylogger spybuddy 3.72 runtime detection - send alert out through email (spyware-put.rules) 8360 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules) 8372 <-> WEB-CLIENT Outlook.Application ActiveX CLSID unicode access (web-client.rules) 8402 <-> WEB-CLIENT Windows Media Services DRM Storage ActiveX CLSID unicode access (web-client.rules) 8416 <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules) 8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules) 8450 <-> NETBIOS SMB Rename invalid buffer type attempt (netbios.rules) 8568 <-> NETBIOS SMB IActivation unicode andx alter context attempt (netbios.rules) 8579 <-> NETBIOS SMB IActivation WriteAndX little endian andx bind attempt (netbios.rules) 8606 <-> NETBIOS DCERPC NCACN-HTTP IActivation little endian bind attempt (netbios.rules) 8615 <-> NETBIOS SMB IActivation remoteactivation unicode overflow attempt (netbios.rules) 8617 <-> NETBIOS SMB-DS IActivation remoteactivation overflow attempt (netbios.rules) 8631 <-> NETBIOS SMB IActivation remoteactivation unicode object call overflow attempt (netbios.rules) 8653 <-> NETBIOS SMB-DS v4 IActivation remoteactivation unicode little endian andx overflow attempt (netbios.rules) 8664 <-> NETBIOS SMB-DS IActivation remoteactivation WriteAndX unicode andx overflow attempt (netbios.rules) 8679 <-> NETBIOS SMB IActivation remoteactivation unicode andx object call overflow attempt (netbios.rules) 8680 <-> NETBIOS SMB-DS IActivation remoteactivation WriteAndX unicode andx object call overflow attempt (netbios.rules) 8740 <-> WEB-CLIENT DWUSWebAgent.WebAgent.1 ActiveX function call access (web-client.rules) 8755 <-> WEB-CLIENT LM.AutoEffectBvr.1 ActiveX function call access (web-client.rules) 8766 <-> WEB-CLIENT DirectAnimation.DAView.1 ActiveX CLSID unicode access (web-client.rules) 8784 <-> WEB-CLIENT DirectAnimation.DAString.1 ActiveX CLSID unicode access (web-client.rules) 8792 <-> WEB-CLIENT DirectAnimation.DAPoint2.1 ActiveX CLSID access (web-client.rules) 8795 <-> WEB-CLIENT DirectAnimation.DAPath4.1 ActiveX CLSID access (web-client.rules) 8813 <-> WEB-CLIENT DirectAnimation.DALineStyle.1 ActiveX CLSID access (web-client.rules) 8815 <-> WEB-CLIENT DirectAnimation.DALineStyle.1 ActiveX function call access (web-client.rules) 8821 <-> WEB-CLIENT DirectAnimation.DAImage.1 ActiveX function call access (web-client.rules) 8831 <-> WEB-CLIENT DirectAnimation.DACamera.1 ActiveX CLSID access (web-client.rules) 8864 <-> NETBIOS SMB wkssvc unicode little endian alter context attempt (netbios.rules) 8873 <-> NETBIOS SMB-DS wkssvc unicode little endian bind attempt (netbios.rules) 8901 <-> NETBIOS SMB wkssvc WriteAndX unicode little endian andx bind attempt (netbios.rules) 8926 <-> NETBIOS SMB wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules) 8969 <-> NETBIOS SMB-DS wkssvc NetrAddAlternateComputerName WriteAndX little endian overflow attempt (netbios.rules) 8989 <-> NETBIOS SMB wkssvc NetrAddAlternateComputerName little endian andx overflow attempt (netbios.rules) 9008 <-> NETBIOS SMB-DS wkssvc NetrAddAlternateComputerName andx object call overflow attempt (netbios.rules) 9029 <-> NETBIOS SMB-DS wkssvc NetrJoinDomain2 unicode object call overflow attempt (netbios.rules) 9032 <-> NETBIOS SMB-DS wkssvc NetrJoinDomain2 WriteAndX little endian object call overflow attempt (netbios.rules) 9042 <-> NETBIOS SMB wkssvc NetrJoinDomain2 WriteAndX little endian overflow attempt (netbios.rules) 9045 <-> NETBIOS SMB wkssvc NetrJoinDomain2 WriteAndX unicode overflow attempt (netbios.rules) 9053 <-> NETBIOS SMB-DS v4 wkssvc NetrJoinDomain2 overflow attempt (netbios.rules) 9101 <-> NETBIOS SMB-DS v4 wkssvc NetrJoinDomain2 andx overflow attempt (netbios.rules) 9125 <-> NETBIOS DCERPC DIRECT wkssvc NetrJoinDomain2 little endian overflow attempt (netbios.rules) 9135 <-> NETBIOS SMB-DS netware_cs NwrOpenEnumNdsStubTrees_Any object call overflow attempt (netbios.rules) 9169 <-> NETBIOS SMB v4 netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules) 9235 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation WriteAndX unicode object call overflow attempt (netbios.rules) 9265 <-> NETBIOS SMB netware_cs NwGetConnectionInformation WriteAndX unicode overflow attempt (netbios.rules) 9271 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation little endian object call overflow attempt (netbios.rules) 9273 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation unicode little endian object call overflow attempt (netbios.rules) 9315 <-> NETBIOS SMB-DS netware_cs NwGetConnectionInformation andx overflow attempt (netbios.rules) 9361 <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules) 9415 <-> SPECIFIC-THREATS plexus.a smtp propagation detection (specific-threats.rules) 9426 <-> SPECIFIC-THREATS mydoom.ap attachment (specific-threats.rules) 9474 <-> NETBIOS SMB ISystemActivator WriteAndX little endian andx alter context attempt (netbios.rules) 9479 <-> NETBIOS SMB-DS ISystemActivator WriteAndX little endian andx alter context attempt (netbios.rules) 9540 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance object call attempt (netbios.rules) 9549 <-> NETBIOS SMB-DS ISystemActivator RemoteCreateInstance unicode andx object call attempt (netbios.rules) 9621 <-> TFTP 3COM server transport mode buffer overflow attempt (tftp.rules) 9630 <-> WEB-CLIENT Citrix.ICAClient ActiveX clsid unicode access (web-client.rules) 9634 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (exploit.rules) 9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules) 9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules) 9691 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules) 9764 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 little endian overflow attempt (netbios.rules) 9772 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 overflow attempt (netbios.rules) 9797 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX function call access (web-client.rules) 9822 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid unicode access (web-client.rules) 9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules) 9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules) 9856 <-> NETBIOS SMB-DS tapisrv unicode little endian alter context attempt (netbios.rules) 9878 <-> NETBIOS SMB-DS tapisrv little endian bind attempt (netbios.rules) 9922 <-> NETBIOS SMB-DS v4 tapisrv ClientRequest WriteAndX little endian LSetAppPriority overflow attempt (netbios.rules) 9931 <-> NETBIOS SMB-DS tapisrv ClientRequest WriteAndX little endian LSetAppPriority overflow attempt (netbios.rules) 9952 <-> NETBIOS SMB tapisrv ClientRequest WriteAndX unicode object call LSetAppPriority overflow attempt (netbios.rules) 9966 <-> NETBIOS SMB-DS v4 tapisrv ClientRequest little endian andx LSetAppPriority overflow attempt (netbios.rules) 9976 <-> NETBIOS SMB-DS tapisrv ClientRequest andx LSetAppPriority overflow attempt (netbios.rules) 9995 <-> NETBIOS SMB-DS tapisrv ClientRequest WriteAndX little endian andx object call LSetAppPriority overflow attempt (netbios.rules) 10022 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup object call attempt (netbios.rules) 10025 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules) 10032 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath_Function_45 attempt (netbios.rules) 10049 <-> NETBIOS DCERPC DIRECT brightstor-arc2 little endian bind attempt (netbios.rules) 10051 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 ASDBLoginToComputer little endian overflow attempt (netbios.rules) 10057 <-> NETBIOS DCERPC DIRECT brightstor-arc2 ASDBLoginToComputer little endian overflow attempt (netbios.rules) 10121 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGCBHandleFromGroupName little endian overflow attempt (netbios.rules) 10133 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules) 10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access (web-client.rules) 10177 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid unicode access (web-client.rules) 10189 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid access (web-client.rules) 10206 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetRealTimeScanConfigInfo object call attempt (netbios.rules) 10218 <-> NETBIOS SMB svcctl unicode alter context attempt (netbios.rules) 10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (netbios.rules) 10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (netbios.rules) 10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (netbios.rules) 10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (netbios.rules) 10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (netbios.rules) 10289 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (netbios.rules) 10293 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules) 10313 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10320 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (netbios.rules) 10331 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules) 10338 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10340 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules) 10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules) 10359 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules) 10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules) 10423 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid access (web-client.rules) 10434 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call unicode access (web-client.rules) 10489 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 attempt (netbios.rules) 10490 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 little endian object call attempt (netbios.rules) 10492 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 16 attempt (netbios.rules) 10552 <-> NETBIOS SMB-DS v4 dns R_DnssrvUpdateRecord2 WriteAndX andx overflow attempt (netbios.rules) 10600 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx object call overflow attempt (deleted.rules) 10637 <-> DELETED NETBIOS SMB v4 dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules) 10669 <-> NETBIOS SMB-DS v4 dns R_DnssrvUpdateRecord2 unicode andx overflow attempt (netbios.rules) 10700 <-> NETBIOS SMB-DS dns unicode andx bind attempt (netbios.rules) 10746 <-> DELETED NETBIOS SMB dns andx alter context attempt (deleted.rules) 10792 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx bind attempt (deleted.rules) 10796 <-> DELETED NETBIOS DCERPC NCACN-HTTP dns little endian alter context attempt (deleted.rules) 10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules) 10810 <-> NETBIOS SMB-DS dns R_DnssrvEnumRecords WriteAndX little endian andx object call overflow attempt (netbios.rules) 10819 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules) 10946 <-> NETBIOS SMB-DS v4 dns R_DnssrvEnumRecords unicode andx overflow attempt (netbios.rules) 11038 <-> NETBIOS SMB rpcss unicode andx alter context attempt (netbios.rules) 11059 <-> NETBIOS SMB-DS rpcss unicode andx bind attempt (netbios.rules) 11072 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss bind attempt (netbios.rules) 11086 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules) 11115 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian object call attempt (netbios.rules) 11121 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules) 11155 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode andx object call attempt (netbios.rules) 11160 <-> NETBIOS SMB rpcss _RemoteGetClassObject andx object call attempt (netbios.rules) 11164 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian andx object call attempt (netbios.rules) 11181 <-> WEB-CLIENT Excel Viewer ActiveX clsid access (web-client.rules) 11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules) 11230 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid access (web-client.rules) 11241 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call access (web-client.rules) 11250 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid access (web-client.rules) 11257 <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules) 11283 <-> WEB-CLIENT FlexLabel ActiveX function call unicode access (web-client.rules) 11330 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode alter context attempt (netbios.rules) 11355 <-> NETBIOS SMB-DS lsarpc WriteAndX bind attempt (netbios.rules) 11371 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian bind attempt (netbios.rules) 11416 <-> NETBIOS SMB-DS lsarpc unicode little endian andx bind attempt (netbios.rules) 11438 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian bind attempt (netbios.rules) 11448 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11474 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11477 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11484 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11491 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules) 11497 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules) 11590 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11594 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11604 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11610 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11620 <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX function call access (web-client.rules) 11677 <-> WEB-CLIENT Provideo Camimage Class ISSCamControl ActiveX clsid access (web-client.rules) 11690 <-> NETBIOS SMB nddeapi WriteAndX bind attempt (netbios.rules) 11702 <-> NETBIOS SMB-DS nddeapi unicode little endian bind attempt (netbios.rules) 11751 <-> NETBIOS SMB nddeapi NDdeSetTrustedShareW unicode little endian overflow attempt (netbios.rules) 11774 <-> NETBIOS SMB v4 nddeapi NDdeSetTrustedShareW andx overflow attempt (netbios.rules) 11780 <-> NETBIOS SMB nddeapi NDdeSetTrustedShareW WriteAndX little endian andx overflow attempt (netbios.rules) 11792 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW andx overflow attempt (netbios.rules) 11795 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW WriteAndX unicode andx overflow attempt (netbios.rules) 11809 <-> NETBIOS SMB-DS nddeapi NDdeSetTrustedShareW WriteAndX andx object call overflow attempt (netbios.rules) 11829 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call unicode access (web-client.rules) 11845 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11857 <-> NETBIOS SMB spoolss AddPrinter little endian overflow attempt (netbios.rules) 11874 <-> NETBIOS SMB-DS spoolss AddPrinter unicode overflow attempt (netbios.rules) 11884 <-> NETBIOS SMB spoolss AddPrinter little endian object call overflow attempt (netbios.rules) 11917 <-> NETBIOS SMB v4 spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules) 11944 <-> WEB-CLIENT HP ModemUtil ActiveX clsid unicode access (web-client.rules) 11967 <-> WEB-CLIENT Microsoft Office Data Source Control 11.0 ActiveX function call unicode access (web-client.rules) 12020 <-> WEB-CLIENT NCTsoft NCTAudioFile2 NCTWMAFile ActiveX clsid unicode access (web-client.rules) 12044 <-> ORACLE Oracle Web Cache denial of service attempt (oracle.rules) 12047 <-> SPYWARE-PUT Adware yayad runtime detection (spyware-put.rules) 12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules) 12079 <-> EXPLOIT CA BrightStor LGServer Stack buffer overflow (exploit.rules) 12082 <-> ORACLE Oracle 9i TNS denial of service attempt (oracle.rules) 12091 <-> WEB-CLIENT EldoS SecureBlackbox PGPBBox ActiveX clsid access (web-client.rules) 12094 <-> WEB-CLIENT EldoS SecureBlackbox PGPBBox ActiveX function call unicode access (web-client.rules) 12096 <-> WEB-CLIENT Zenturi ProgramChecker ActiveX clsid unicode access (web-client.rules) 12119 <-> WEB-CLIENT Zenturi ProgramChecker SASATL ActiveX function call unicode access (web-client.rules) 12128 <-> SPYWARE-PUT Keylogger remotekeylog.b runtime detection - init connection (spyware-put.rules) 12189 <-> WEB-CLIENT Clever Internet Suite ActiveX clsid access (web-client.rules) 12207 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (web-client.rules) 12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules) 12243 <-> BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (backdoor.rules) 12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules) 12345 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object call attempt (netbios.rules) 12353 <-> NETBIOS DCERPC DIRECT ca-alert alter context attempt (netbios.rules) 12354 <-> NETBIOS DCERPC DIRECT ca-alert little endian alter context attempt (netbios.rules) 12355 <-> NETBIOS DCERPC DIRECT ca-alert bind attempt (netbios.rules) 12356 <-> NETBIOS DCERPC DIRECT ca-alert little endian bind attempt (netbios.rules) 12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules) 12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules) 12359 <-> EXPLOIT Asterisk data length field overflow (exploit.rules) 12360 <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules) 12361 <-> SPYWARE-PUT Infostealer.Monstres runtime detection (spyware-put.rules) 12362 <-> EXPLOIT Squid HTTP Proxy-Authorization overflow (exploit.rules)
