Sourcefire VRT Rules Update
Date: 2007-10-26
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 12672 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - get ads (spyware-put.rules) 12673 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules) 12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules) 12675 <-> BACKDOOR Versi TheTheef Detection (backdoor.rules) 12676 <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules) 12677 <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules) 12678 <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules) 12679 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules) 12680 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt - TCP (voip.rules) 12681 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules) 12682 <-> VOIP-SIP From header field buffer overflow attempt - TCP (voip.rules) 12683 <-> VOIP-SIP From header field buffer overflow attempt - UDP (voip.rules) 12684 <-> BACKDOOR Sygate Remote Administration Engine (backdoor.rules) 12685 <-> EXPLOIT IBM Tivoli Storage Manger Express CAD Host buffer overflow (exploit.rules) 12686 <-> POLICY AIM Express Usage (policy.rules) 12687 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules) 12688 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules) Updated rules: 113 <-> DELETED BACKDOOR DeepThroat access (deleted.rules) 116 <-> DELETED BACKDOOR BackOrifice access (deleted.rules) 122 <-> DELETED BACKDOOR DeepThroat 3.1 System Info Client Request (deleted.rules) 124 <-> DELETED BACKDOOR DeepThroat 3.1 FTP Status Client Request (deleted.rules) 125 <-> DELETED BACKDOOR DeepThroat 3.1 E-Mail Info From Server (deleted.rules) 126 <-> DELETED BACKDOOR DeepThroat 3.1 E-Mail Info Client Request (deleted.rules) 127 <-> DELETED BACKDOOR DeepThroat 3.1 Server Status From Server (deleted.rules) 128 <-> DELETED BACKDOOR DeepThroat 3.1 Server Status Client Request (deleted.rules) 129 <-> DELETED BACKDOOR DeepThroat 3.1 Drive Info From Server (deleted.rules) 130 <-> DELETED BACKDOOR DeepThroat 3.1 System Info From Server (deleted.rules) 131 <-> DELETED BACKDOOR DeepThroat 3.1 Drive Info Client Request (deleted.rules) 132 <-> DELETED BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server (deleted.rules) 133 <-> DELETED BACKDOOR DeepThroat 3.1 Cached Passwords Client Request (deleted.rules) 134 <-> DELETED BACKDOOR DeepThroat 3.1 RAS Passwords Client Request (deleted.rules) 135 <-> DELETED BACKDOOR DeepThroat 3.1 Server Password Change Client Request (deleted.rules) 136 <-> DELETED BACKDOOR DeepThroat 3.1 Server Password Remove Client Request (deleted.rules) 137 <-> DELETED BACKDOOR DeepThroat 3.1 Rehash Client Request (deleted.rules) 138 <-> DELETED BACKDOOR DeepThroat 3.1 Server Rehash Client Request (deleted.rules) 140 <-> DELETED BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request (deleted.rules) 142 <-> DELETED BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request (deleted.rules) 143 <-> DELETED BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request (deleted.rules) 148 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger Active on Network (deleted.rules) 149 <-> DELETED BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network (deleted.rules) 150 <-> DELETED BACKDOOR DeepThroat 3.1 Server Active on Network (deleted.rules) 151 <-> DELETED BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network (deleted.rules) 154 <-> DELETED BACKDOOR DeepThroat 3.1 Wrong Password (deleted.rules) 156 <-> DELETED BACKDOOR DeepThroat 3.1 Visible Window List Client Request (deleted.rules) 161 <-> BACKDOOR Matrix 2.0 Client connect (backdoor.rules) 162 <-> BACKDOOR Matrix 2.0 Server access (backdoor.rules) 164 <-> DELETED BACKDOOR DeepThroat 3.1 Server Active on Network (deleted.rules) 165 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger on Server ON (deleted.rules) 166 <-> DELETED BACKDOOR DeepThroat 3.1 Show Picture Client Request (deleted.rules) 167 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request (deleted.rules) 168 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request (deleted.rules) 169 <-> DELETED BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request (deleted.rules) 170 <-> DELETED BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request (deleted.rules) 171 <-> DELETED BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request (deleted.rules) 172 <-> DELETED BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request (deleted.rules) 173 <-> DELETED BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request (deleted.rules) 174 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request (deleted.rules) 175 <-> DELETED BACKDOOR DeepThroat 3.1 Resolution Change Client Request (deleted.rules) 176 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request (deleted.rules) 177 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger on Server OFF (deleted.rules) 179 <-> DELETED BACKDOOR DeepThroat 3.1 FTP Server Port Client Request (deleted.rules) 180 <-> DELETED BACKDOOR DeepThroat 3.1 Process List Client request (deleted.rules) 181 <-> DELETED BACKDOOR DeepThroat 3.1 Close Port Scan Client Request (deleted.rules) 182 <-> DELETED BACKDOOR DeepThroat 3.1 Registry Add Client Request (deleted.rules) 186 <-> DELETED BACKDOOR DeepThroat 3.1 Monitor on/off Client Request (deleted.rules) 187 <-> DELETED BACKDOOR DeepThroat 3.1 Delete File Client Request (deleted.rules) 188 <-> DELETED BACKDOOR DeepThroat 3.1 Kill Window Client Request (deleted.rules) 189 <-> DELETED BACKDOOR DeepThroat 3.1 Disable Window Client Request (deleted.rules) 190 <-> DELETED BACKDOOR DeepThroat 3.1 Enable Window Client Request (deleted.rules) 191 <-> DELETED BACKDOOR DeepThroat 3.1 Change Window Title Client Request (deleted.rules) 192 <-> DELETED BACKDOOR DeepThroat 3.1 Hide Window Client Request (deleted.rules) 193 <-> DELETED BACKDOOR DeepThroat 3.1 Show Window Client Request (deleted.rules) 194 <-> DELETED BACKDOOR DeepThroat 3.1 Send Text to Window Client Request (deleted.rules) 195 <-> BACKDOOR DeepThroat 3.1 Server Response (backdoor.rules) 196 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request (deleted.rules) 197 <-> DELETED BACKDOOR DeepThroat 3.1 Create Directory Client Request (deleted.rules) 198 <-> DELETED BACKDOOR DeepThroat 3.1 All Window List Client Request (deleted.rules) 199 <-> DELETED BACKDOOR DeepThroat 3.1 Play Sound Client Request (deleted.rules) 200 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Normal Client Request (deleted.rules) 201 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request (deleted.rules) 202 <-> DELETED BACKDOOR DeepThroat 3.1 Get NET File Client Request (deleted.rules) 203 <-> DELETED BACKDOOR DeepThroat 3.1 Find File Client Request (deleted.rules) 204 <-> DELETED BACKDOOR DeepThroat 3.1 Find File Client Request (deleted.rules) 205 <-> DELETED BACKDOOR DeepThroat 3.1 HUP Modem Client Request (deleted.rules) 206 <-> DELETED BACKDOOR DeepThroat 3.1 CD ROM Open Client Request (deleted.rules) 207 <-> DELETED BACKDOOR DeepThroat 3.1 CD ROM Close Client Request (deleted.rules) 223 <-> DDOS Trin00 Daemon to Master PONG message detected (ddos.rules) 231 <-> DDOS Trin00 Daemon to Master message detected (ddos.rules) 232 <-> DDOS Trin00 Daemon to Master *HELLO* message detected (ddos.rules) 237 <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules) 238 <-> DDOS TFN server response (ddos.rules) 239 <-> DDOS shaft handler to agent (ddos.rules) 240 <-> DDOS shaft agent to handler (ddos.rules) 243 <-> DDOS mstream agent to handler (ddos.rules) 244 <-> DDOS mstream handler to agent (ddos.rules) 245 <-> DDOS mstream handler ping to agent (ddos.rules) 246 <-> DDOS mstream agent pong to handler (ddos.rules) 252 <-> DELETED DNS named iquery attempt (deleted.rules) 253 <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules) 254 <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules) 256 <-> DNS named authors attempt (dns.rules) 271 <-> DOS UDP echo+chargen bomb (dos.rules) 279 <-> DOS Bay/Nortel Nautica Marlin (dos.rules) 281 <-> DOS Ascend Route (dos.rules) 312 <-> EXPLOIT ntpdx overflow attempt (exploit.rules) 313 <-> EXPLOIT ntalkd x86 Linux overflow (exploit.rules) 314 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules) 315 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules) 316 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules) 317 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules) 318 <-> DELETED EXPLOIT bootp x86 bsd overfow (deleted.rules) 319 <-> DELETED EXPLOIT bootp x86 linux overflow (deleted.rules) 516 <-> MISC SNMP NT UserList (misc.rules) 517 <-> MISC xdmcp query (misc.rules) 518 <-> TFTP Put (tftp.rules) 519 <-> TFTP parent directory (tftp.rules) 520 <-> TFTP root directory (tftp.rules) 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules) 566 <-> POLICY PCAnywhere server response (policy.rules) 575 <-> RPC portmap admind request UDP (rpc.rules) 576 <-> RPC portmap amountd request UDP (rpc.rules) 577 <-> RPC portmap bootparam request UDP (rpc.rules) 578 <-> RPC portmap cmsd request UDP (rpc.rules) 579 <-> RPC portmap mountd request UDP (rpc.rules) 580 <-> RPC portmap nisd request UDP (rpc.rules) 581 <-> RPC portmap pcnfsd request UDP (rpc.rules) 582 <-> RPC portmap rexd request UDP (rpc.rules) 583 <-> RPC portmap rstatd request UDP (rpc.rules) 584 <-> RPC portmap rusers request UDP (rpc.rules) 585 <-> RPC portmap sadmind request UDP (rpc.rules) 586 <-> RPC portmap selection_svc request UDP (rpc.rules) 587 <-> RPC portmap status request UDP (rpc.rules) 590 <-> RPC portmap ypserv request UDP (rpc.rules) 592 <-> DELETED RPC rstatd query (deleted.rules) 634 <-> SCAN Amanda client-version request (scan.rules) 1277 <-> RPC portmap ypupdated request UDP (rpc.rules) 1279 <-> RPC portmap snmpXdmi request UDP (rpc.rules) 1280 <-> RPC portmap listing UDP 111 (rpc.rules) 1281 <-> RPC portmap listing UDP 32771 (rpc.rules) 1289 <-> TFTP GET Admin.dll (tftp.rules) 1296 <-> DELETED RPC portmap request yppasswdd (deleted.rules) 1299 <-> DELETED RPC portmap tooltalk request UDP (deleted.rules) 1384 <-> MISC UPnP malformed advertisement (misc.rules) 1409 <-> SNMP community string buffer overflow attempt (snmp.rules) 1411 <-> SNMP public access udp (snmp.rules) 1413 <-> SNMP private access udp (snmp.rules) 1415 <-> SNMP Broadcast request (snmp.rules) 1416 <-> SNMP broadcast trap (snmp.rules) 1417 <-> SNMP request udp (snmp.rules) 1419 <-> SNMP trap udp (snmp.rules) 1422 <-> SNMP community string buffer overflow attempt with evasion (snmp.rules) 1441 <-> TFTP GET nc.exe (tftp.rules) 1442 <-> TFTP GET shadow (tftp.rules) 1443 <-> TFTP GET passwd (tftp.rules) 1444 <-> TFTP Get (tftp.rules) 1504 <-> MISC AFS access (misc.rules) 1616 <-> DNS named version attempt (dns.rules) 1732 <-> RPC portmap rwalld request UDP (rpc.rules) 1746 <-> RPC portmap cachefsd request UDP (rpc.rules) 1771 <-> POLICY IPSec PGPNet connection attempt (policy.rules) 1853 <-> BACKDOOR win-trin00 connection attempt (backdoor.rules) 1867 <-> MISC xdmcp info query (misc.rules) 1890 <-> RPC status GHBN format string attack (rpc.rules) 1905 <-> RPC AMD UDP amqproc_mount plog overflow attempt (rpc.rules) 1907 <-> RPC CMSD UDP CMSD_CREATE buffer overflow attempt (rpc.rules) 1910 <-> RPC CMSD udp CMSD_INSERT buffer overflow attempt (rpc.rules) 1911 <-> RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules) 1913 <-> RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules) 1915 <-> RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules) 1923 <-> RPC portmap proxy attempt UDP (rpc.rules) 1924 <-> RPC mountd UDP export request (rpc.rules) 1926 <-> RPC mountd UDP exportall request (rpc.rules) 1939 <-> MISC bootp hardware address length overflow (misc.rules) 1940 <-> MISC bootp invalid hardware type (misc.rules) 1941 <-> TFTP GET filename overflow attempt (tftp.rules) 1948 <-> DNS zone transfer UDP (dns.rules) 1950 <-> RPC portmap SET attempt UDP 111 (rpc.rules) 1952 <-> RPC mountd UDP mount request (rpc.rules) 1954 <-> RPC AMD UDP pid request (rpc.rules) 1956 <-> RPC AMD UDP version request (rpc.rules) 1964 <-> RPC tooltalk UDP overflow attempt (rpc.rules) 1966 <-> MISC GlobalSunTech Access Point Information Disclosure attempt (misc.rules) 1980 <-> BACKDOOR DeepThroat 3.1 Connection attempt (backdoor.rules) 1981 <-> BACKDOOR DeepThroat 3.1 Connection attempt [3150] (backdoor.rules) 1982 <-> BACKDOOR DeepThroat 3.1 Server Response [3150] (backdoor.rules) 1983 <-> BACKDOOR DeepThroat 3.1 Connection attempt [4120] (backdoor.rules) 1984 <-> BACKDOOR DeepThroat 3.1 Server Response [4120] (backdoor.rules) 2003 <-> MS-SQL Worm propagation attempt (sql.rules) 2005 <-> RPC portmap kcms_server request UDP (rpc.rules) 2015 <-> RPC portmap UNSET attempt UDP 111 (rpc.rules) 2017 <-> RPC portmap espd request UDP (rpc.rules) 2019 <-> RPC mountd UDP dump request (rpc.rules) 2021 <-> RPC mountd UDP unmount request (rpc.rules) 2023 <-> RPC mountd UDP unmountall request (rpc.rules) 2025 <-> RPC yppasswd username overflow attempt UDP (rpc.rules) 2027 <-> RPC yppasswd old password overflow attempt UDP (rpc.rules) 2029 <-> RPC yppasswd new password overflow attempt UDP (rpc.rules) 2031 <-> RPC yppasswd user update UDP (rpc.rules) 2033 <-> RPC ypserv maplist request UDP (rpc.rules) 2035 <-> RPC portmap network-status-monitor request UDP (rpc.rules) 2037 <-> RPC network-status-monitor mon-callback request UDP (rpc.rules) 2039 <-> MISC bootp hostname format string attempt (misc.rules) 2040 <-> POLICY xtacacs login attempt (policy.rules) 2041 <-> MISC xtacacs failed login response (misc.rules) 2042 <-> POLICY xtacacs accepted login response (policy.rules) 2045 <-> RPC snmpXdmi overflow attempt UDP (rpc.rules) 2049 <-> MS-SQL ping attempt (sql.rules) 2079 <-> RPC portmap nlockmgr request UDP (rpc.rules) 2081 <-> RPC portmap rpc.xfsmd request UDP (rpc.rules) 2083 <-> RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules) 2092 <-> RPC portmap proxy integer overflow attempt UDP (rpc.rules) 2094 <-> RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules) 2185 <-> RPC mountd UDP mount path overflow attempt (rpc.rules) 2256 <-> RPC sadmind query with root credentials attempt UDP (rpc.rules) 2316 <-> DELETED NETBIOS DCERPC Workstation Service direct service access attempt (deleted.rules) 2329 <-> MS-SQL probe response overflow attempt (sql.rules) 2332 <-> FTP MKD format string attempt (ftp.rules) 2336 <-> DELETED TFTP NULL command attempt (deleted.rules) 2337 <-> TFTP PUT filename overflow attempt (tftp.rules) 2339 <-> TFTP NULL command attempt (tftp.rules) 2376 <-> EXPLOIT ISAKMP first payload certificate request length overflow attempt (exploit.rules) 2377 <-> EXPLOIT ISAKMP second payload certificate request length overflow attempt (exploit.rules) 2378 <-> EXPLOIT ISAKMP third payload certificate request length overflow attempt (exploit.rules) 2379 <-> EXPLOIT ISAKMP forth payload certificate request length overflow attempt (exploit.rules) 2380 <-> EXPLOIT ISAKMP fifth payload certificate request length overflow attempt (exploit.rules) 2413 <-> EXPLOIT ISAKMP delete hash with empty hash attempt (exploit.rules) 2414 <-> EXPLOIT ISAKMP initial contact notification without SPI attempt (exploit.rules) 2415 <-> EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules) 2446 <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt (exploit.rules) 2465 <-> DELETED NETBIOS-DG SMB IPC$ share access (deleted.rules) 2466 <-> DELETED NETBIOS-DG SMB IPC$ unicode share access (deleted.rules) 2486 <-> DOS ISAKMP invalid identification payload attempt (dos.rules) 2578 <-> EXPLOIT kerberos principal name overflow UDP (exploit.rules) 2921 <-> DNS UDP inverse query (dns.rules) 3006 <-> EXPLOIT Volition Freespace 2 buffer overflow attempt (exploit.rules) 3080 <-> MISC Unreal Tournament secure overflow attempt (misc.rules) 3089 <-> DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules) 3154 <-> DNS UDP inverse query overflow (dns.rules) 3200 <-> EXPLOIT WINS name query overflow attempt UDP (exploit.rules) 3443 <-> DELETED MS-SQL DNS query with 1 requests (deleted.rules) 3444 <-> DELETED MS-SQL DNS query with 2 requests (deleted.rules) 3445 <-> DELETED MS-SQL DNS query with 3 requests (deleted.rules) 3446 <-> DELETED MS-SQL DNS query with 4 requests (deleted.rules) 3447 <-> DELETED MS-SQL DNS query with 5 requests (deleted.rules) 3448 <-> DELETED MS-SQL DNS query with 6 requests (deleted.rules) 3449 <-> DELETED MS-SQL DNS query with 7 requests (deleted.rules) 3450 <-> DELETED MS-SQL DNS query with 8 requests (deleted.rules) 3451 <-> DELETED MS-SQL DNS query with 9 requests (deleted.rules) 3452 <-> DELETED MS-SQL DNS query with 10 requests (deleted.rules) 3459 <-> P2P Manolito Search Query (p2p.rules) 3472 <-> EXPLOIT ARCserve discovery service overflow (exploit.rules) 3480 <-> EXPLOIT ARCserve backup UDP slot info msg client name overflow (exploit.rules) 3481 <-> EXPLOIT ARCserve backup UDP slot info msg client domain overflow (exploit.rules) 3482 <-> EXPLOIT ARCserve backup UDP product info msg 0x9b client name overflow (exploit.rules) 3483 <-> EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow (exploit.rules) 3484 <-> EXPLOIT ARCserve backup UDP product info msg 0x9c client name overflow (exploit.rules) 3485 <-> EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow (exploit.rules) 3530 <-> EXPLOIT ARCserve backup UDP msg 0x99 client name overflow (exploit.rules) 3531 <-> EXPLOIT ARCserve backup UDP msg 0x99 client domain overflow (exploit.rules) 3538 <-> EXPLOIT RADIUS registration MSID overflow attempt (exploit.rules) 3539 <-> EXPLOIT RADIUS MSID overflow attempt (exploit.rules) 3540 <-> EXPLOIT RADIUS registration vendor ATTR_TYPE_STR overflow attempt (exploit.rules) 3541 <-> EXPLOIT RADIUS ATTR_TYPE_STR overflow attempt (exploit.rules) 3628 <-> POLICY Data Rescue IDA Pro startup license check attempt (policy.rules) 3677 <-> EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules) 3773 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas alter context attempt (deleted.rules) 3774 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas bind attempt (deleted.rules) 3775 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian alter context attempt (deleted.rules) 3776 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian bind attempt (deleted.rules) 3777 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas alter context attempt (deleted.rules) 3778 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas bind attempt (deleted.rules) 3779 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian alter context attempt (deleted.rules) 3780 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian bind attempt (deleted.rules) 3781 <-> DELETED NETBIOS-DG SMB veritas WriteAndX alter context attempt (deleted.rules) 3782 <-> DELETED NETBIOS-DG SMB veritas WriteAndX andx alter context attempt (deleted.rules) 3783 <-> DELETED NETBIOS-DG SMB veritas WriteAndX andx bind attempt (deleted.rules) 3784 <-> DELETED NETBIOS-DG SMB veritas WriteAndX bind attempt (deleted.rules) 3785 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian alter context attempt (deleted.rules) 3786 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx alter context attempt (deleted.rules) 3787 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx bind attempt (deleted.rules) 3788 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian bind attempt (deleted.rules) 3789 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode alter context attempt (deleted.rules) 3790 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx alter context attempt (deleted.rules) 3791 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx bind attempt (deleted.rules) 3792 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode bind attempt (deleted.rules) 3793 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian alter context attempt (deleted.rules) 3794 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian andx alter context attempt (deleted.rules) 3795 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian andx bind attempt (deleted.rules) 3796 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian bind attempt (deleted.rules) 3797 <-> DELETED NETBIOS-DG SMB veritas alter context attempt (deleted.rules) 3798 <-> DELETED NETBIOS-DG SMB veritas andx alter context attempt (deleted.rules) 3799 <-> DELETED NETBIOS-DG SMB veritas andx bind attempt (deleted.rules) 3800 <-> DELETED NETBIOS-DG SMB veritas bind attempt (deleted.rules) 3801 <-> DELETED NETBIOS-DG SMB veritas little endian alter context attempt (deleted.rules) 3802 <-> DELETED NETBIOS-DG SMB veritas little endian andx alter context attempt (deleted.rules) 3803 <-> DELETED NETBIOS-DG SMB veritas little endian andx bind attempt (deleted.rules) 3804 <-> DELETED NETBIOS-DG SMB veritas little endian bind attempt (deleted.rules) 3805 <-> DELETED NETBIOS-DG SMB veritas unicode alter context attempt (deleted.rules) 3806 <-> DELETED NETBIOS-DG SMB veritas unicode andx alter context attempt (deleted.rules) 3807 <-> DELETED NETBIOS-DG SMB veritas unicode andx bind attempt (deleted.rules) 3808 <-> DELETED NETBIOS-DG SMB veritas unicode bind attempt (deleted.rules) 3809 <-> DELETED NETBIOS-DG SMB veritas unicode little endian alter context attempt (deleted.rules) 3810 <-> DELETED NETBIOS-DG SMB veritas unicode little endian andx alter context attempt (deleted.rules) 3811 <-> DELETED NETBIOS-DG SMB veritas unicode little endian andx bind attempt (deleted.rules) 3812 <-> DELETED NETBIOS-DG SMB veritas unicode little endian bind attempt (deleted.rules) 3817 <-> TFTP GET transfer mode overflow attempt (tftp.rules) 3818 <-> TFTP PUT transfer mode overflow attempt (tftp.rules) 3904 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr alter context attempt (deleted.rules) 3905 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr bind attempt (deleted.rules) 3906 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr little endian alter context attempt (deleted.rules) 3907 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr little endian bind attempt (deleted.rules) 3908 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr alter context attempt (deleted.rules) 3909 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr bind attempt (deleted.rules) 3910 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr little endian alter context attempt (deleted.rules) 3911 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr little endian bind attempt (deleted.rules) 3912 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX alter context attempt (deleted.rules) 3913 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX andx alter context attempt (deleted.rules) 3914 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX andx bind attempt (deleted.rules) 3915 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX bind attempt (deleted.rules) 3916 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian alter context attempt (deleted.rules) 3917 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian andx alter context attempt (deleted.rules) 3918 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian andx bind attempt (deleted.rules) 3919 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian bind attempt (deleted.rules) 3920 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode alter context attempt (deleted.rules) 3921 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx alter context attempt (deleted.rules) 3922 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx bind attempt (deleted.rules) 3923 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode bind attempt (deleted.rules) 3924 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian alter context attempt (deleted.rules) 3925 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian andx alter context attempt (deleted.rules) 3926 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian andx bind attempt (deleted.rules) 3927 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian bind attempt (deleted.rules) 3928 <-> DELETED NETBIOS-DG SMB umpnpmgr alter context attempt (deleted.rules) 3929 <-> DELETED NETBIOS-DG SMB umpnpmgr andx alter context attempt (deleted.rules) 3930 <-> DELETED NETBIOS-DG SMB umpnpmgr andx bind attempt (deleted.rules) 3931 <-> DELETED NETBIOS-DG SMB umpnpmgr bind attempt (deleted.rules) 3932 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian alter context attempt (deleted.rules) 3933 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian andx alter context attempt (deleted.rules) 3934 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian andx bind attempt (deleted.rules) 3935 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian bind attempt (deleted.rules) 3936 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode alter context attempt (deleted.rules) 3937 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode andx alter context attempt (deleted.rules) 3938 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode andx bind attempt (deleted.rules) 3939 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode bind attempt (deleted.rules) 3940 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian alter context attempt (deleted.rules) 3941 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx alter context attempt (deleted.rules) 3942 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx bind attempt (deleted.rules) 3943 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian bind attempt (deleted.rules) 4020 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4021 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4022 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4023 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4024 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4025 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4026 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4027 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4028 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX andx attempt (deleted.rules) 4029 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules) 4030 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian andx attempt (deleted.rules) 4031 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (deleted.rules) 4032 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules) 4033 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (deleted.rules) 4034 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian andx attempt (deleted.rules) 4035 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (deleted.rules) 4036 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList andx attempt (deleted.rules) 4037 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4038 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList little endian andx attempt (deleted.rules) 4039 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4040 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode andx attempt (deleted.rules) 4041 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode attempt (deleted.rules) 4042 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode little endian andx attempt (deleted.rules) 4043 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode little endian attempt (deleted.rules) 4044 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX andx attempt (deleted.rules) 4045 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules) 4046 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian andx attempt (deleted.rules) 4047 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (deleted.rules) 4048 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules) 4049 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (deleted.rules) 4050 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian andx attempt (deleted.rules) 4051 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (deleted.rules) 4052 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList andx attempt (deleted.rules) 4053 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules) 4054 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList little endian andx attempt (deleted.rules) 4055 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules) 4056 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode andx attempt (deleted.rules) 4057 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode attempt (deleted.rules) 4058 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode little endian andx attempt (deleted.rules) 4059 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode little endian attempt (deleted.rules) 4125 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt (deleted.rules) 4141 <-> DOS tcpdump udp LDP print zero length message denial of service attempt (dos.rules) 5806 <-> DELETED SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (deleted.rules) 5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules) 6097 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6098 <-> BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules) 6099 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6100 <-> BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules) 6101 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6102 <-> BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules) 6103 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6104 <-> BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules) 6105 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules) 6106 <-> BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules) 6123 <-> BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules) 6124 <-> BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules) 6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules) 6152 <-> BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules) 6153 <-> BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules) 6154 <-> BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules) 6155 <-> BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules) 6156 <-> BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules) 6157 <-> BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules) 6320 <-> BACKDOOR ptakks2.1 runtime detection - keepalive (backdoor.rules) 6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules) 6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules) 6384 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules) 6513 <-> EXPLOIT Asterisk IAX2 truncated video mini-frame packet overflow attempt (exploit.rules) 6514 <-> EXPLOIT Asterisk IAX2 truncated full-frame packet overflow attempt (exploit.rules) 6515 <-> EXPLOIT Asterisk IAX2 truncated mini-frame packet overflow attempt (exploit.rules) 7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules) 7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules) 7119 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules) 7120 <-> BACKDOOR y3k 1.2 runtime detection - init connection 1 (backdoor.rules) 7121 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules) 7122 <-> BACKDOOR y3k 1.2 runtime detection - init connection 2 (backdoor.rules) 7151 <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - net send notification (spyware-put.rules) 7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules) 7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules) 8056 <-> DOS ISC DHCP server 2 client_id length denial of service attempt (dos.rules) 8710 <-> DNS Windows NAT helper components udp denial of service attempt (dns.rules) 9402 <-> SPECIFIC-THREATS welchia tftp propagation detection (specific-threats.rules) 9621 <-> TFTP 3COM server transport mode buffer overflow attempt (tftp.rules) 9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules) 9624 <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules) 9635 <-> EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (exploit.rules) 9636 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (exploit.rules) 9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules) 10113 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules) 10114 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules) 10125 <-> MISC bomberclone buffer overflow attempt (misc.rules) 10132 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules) 10134 <-> SPECIFIC-THREATS CA Brightstor discovery service buffer overflow attempt (specific-threats.rules) 10160 <-> DELETED NETBIOS-DG SMB writex possible Snort dcerpc preprocessor overflow attempt (deleted.rules) 10192 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid access (web-client.rules) 10193 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode access (web-client.rules) 10194 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call access (web-client.rules) 10409 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10411 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10483 <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules) 10485 <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules) 10525 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX object call overflow attempt (deleted.rules) 10526 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10528 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode object call overflow attempt (deleted.rules) 10532 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX overflow attempt (deleted.rules) 10533 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian overflow attempt (deleted.rules) 10534 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10539 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10540 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian object call overflow attempt (deleted.rules) 10543 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode object call overflow attempt (deleted.rules) 10547 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian object call overflow attempt (deleted.rules) 10548 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian object call overflow attempt (deleted.rules) 10551 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode little endian overflow attempt (deleted.rules) 10553 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode overflow attempt (deleted.rules) 10554 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10561 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10562 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX overflow attempt (deleted.rules) 10564 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX little endian overflow attempt (deleted.rules) 10567 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode overflow attempt (deleted.rules) 10569 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode overflow attempt (deleted.rules) 10575 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode little endian overflow attempt (deleted.rules) 10579 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10583 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode overflow attempt (deleted.rules) 10588 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian overflow attempt (deleted.rules) 10590 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian overflow attempt (deleted.rules) 10597 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX andx object call overflow attempt (deleted.rules) 10598 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 andx object call overflow attempt (deleted.rules) 10600 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx object call overflow attempt (deleted.rules) 10604 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX andx overflow attempt (deleted.rules) 10605 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian andx overflow attempt (deleted.rules) 10606 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian andx overflow attempt (deleted.rules) 10611 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian andx object call overflow attempt (deleted.rules) 10612 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian andx object call overflow attempt (deleted.rules) 10615 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode andx object call overflow attempt (deleted.rules) 10619 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian andx object call overflow attempt (deleted.rules) 10620 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) 10623 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode little endian andx overflow attempt (deleted.rules) 10625 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules) 10626 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 little endian andx overflow attempt (deleted.rules) 10633 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 andx overflow attempt (deleted.rules) 10634 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX andx overflow attempt (deleted.rules) 10636 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX little endian andx overflow attempt (deleted.rules) 10639 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode andx overflow attempt (deleted.rules) 10641 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules) 10647 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode little endian andx overflow attempt (deleted.rules) 10651 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 andx overflow attempt (deleted.rules) 10655 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode andx overflow attempt (deleted.rules) 10660 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian andx overflow attempt (deleted.rules) 10662 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian andx overflow attempt (deleted.rules) 10668 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10675 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10676 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10678 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10681 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10683 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10684 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules) 10687 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules) 10692 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10694 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10695 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules) 10697 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules) 10703 <-> DELETED NETBIOS-DG SMB dns alter context attempt (deleted.rules) 10704 <-> DELETED NETBIOS-DG SMB dns WriteAndX alter context attempt (deleted.rules) 10705 <-> DELETED NETBIOS-DG SMB dns unicode alter context attempt (deleted.rules) 10709 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode alter context attempt (deleted.rules) 10718 <-> DELETED NETBIOS-DG SMB dns little endian alter context attempt (deleted.rules) 10719 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian alter context attempt (deleted.rules) 10720 <-> DELETED NETBIOS-DG SMB dns unicode little endian alter context attempt (deleted.rules) 10721 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian alter context attempt (deleted.rules) 10730 <-> DELETED NETBIOS-DG SMB dns bind attempt (deleted.rules) 10731 <-> DELETED NETBIOS-DG SMB dns WriteAndX bind attempt (deleted.rules) 10732 <-> DELETED NETBIOS-DG SMB dns unicode bind attempt (deleted.rules) 10733 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode bind attempt (deleted.rules) 10742 <-> DELETED NETBIOS-DG SMB dns little endian bind attempt (deleted.rules) 10743 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian bind attempt (deleted.rules) 10744 <-> DELETED NETBIOS-DG SMB dns unicode little endian bind attempt (deleted.rules) 10745 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian bind attempt (deleted.rules) 10751 <-> DELETED NETBIOS-DG SMB dns andx alter context attempt (deleted.rules) 10752 <-> DELETED NETBIOS-DG SMB dns WriteAndX andx alter context attempt (deleted.rules) 10753 <-> DELETED NETBIOS-DG SMB dns unicode andx alter context attempt (deleted.rules) 10757 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode andx alter context attempt (deleted.rules) 10766 <-> DELETED NETBIOS-DG SMB dns little endian andx alter context attempt (deleted.rules) 10767 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian andx alter context attempt (deleted.rules) 10768 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx alter context attempt (deleted.rules) 10769 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian andx alter context attempt (deleted.rules) 10778 <-> DELETED NETBIOS-DG SMB dns andx bind attempt (deleted.rules) 10779 <-> DELETED NETBIOS-DG SMB dns WriteAndX andx bind attempt (deleted.rules) 10780 <-> DELETED NETBIOS-DG SMB dns unicode andx bind attempt (deleted.rules) 10781 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode andx bind attempt (deleted.rules) 10790 <-> DELETED NETBIOS-DG SMB dns little endian andx bind attempt (deleted.rules) 10791 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian andx bind attempt (deleted.rules) 10792 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx bind attempt (deleted.rules) 10793 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian andx bind attempt (deleted.rules) 10795 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns alter context attempt (deleted.rules) 10797 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns alter context attempt (deleted.rules) 10798 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian alter context attempt (deleted.rules) 10799 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian alter context attempt (deleted.rules) 10803 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns bind attempt (deleted.rules) 10805 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns bind attempt (deleted.rules) 10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules) 10807 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian bind attempt (deleted.rules) 10819 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules) 10820 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10821 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode little endian overflow attempt (deleted.rules) 10822 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode little endian overflow attempt (deleted.rules) 10830 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX object call overflow attempt (deleted.rules) 10831 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode object call overflow attempt (deleted.rules) 10832 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode object call overflow attempt (deleted.rules) 10834 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10843 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian object call overflow attempt (deleted.rules) 10844 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10845 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian object call overflow attempt (deleted.rules) 10846 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian object call overflow attempt (deleted.rules) 10848 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode overflow attempt (deleted.rules) 10849 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode overflow attempt (deleted.rules) 10855 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX overflow attempt (deleted.rules) 10856 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode overflow attempt (deleted.rules) 10857 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode overflow attempt (deleted.rules) 10860 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10862 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10870 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules) 10871 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10872 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian overflow attempt (deleted.rules) 10873 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian overflow attempt (deleted.rules) 10881 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX overflow attempt (deleted.rules) 10891 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian andx overflow attempt (deleted.rules) 10892 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 andx overflow attempt (deleted.rules) 10893 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode little endian andx overflow attempt (deleted.rules) 10894 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode little endian andx overflow attempt (deleted.rules) 10902 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX andx object call overflow attempt (deleted.rules) 10903 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode andx object call overflow attempt (deleted.rules) 10904 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode andx object call overflow attempt (deleted.rules) 10906 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian andx object call overflow attempt (deleted.rules) 10915 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian andx object call overflow attempt (deleted.rules) 10916 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 andx object call overflow attempt (deleted.rules) 10917 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian andx object call overflow attempt (deleted.rules) 10918 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian andx object call overflow attempt (deleted.rules) 10920 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode andx overflow attempt (deleted.rules) 10921 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode andx overflow attempt (deleted.rules) 10927 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX andx overflow attempt (deleted.rules) 10928 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode andx overflow attempt (deleted.rules) 10929 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode andx overflow attempt (deleted.rules) 10932 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian andx overflow attempt (deleted.rules) 10934 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 little endian andx overflow attempt (deleted.rules) 10942 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian andx overflow attempt (deleted.rules) 10943 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 andx overflow attempt (deleted.rules) 10944 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian andx overflow attempt (deleted.rules) 10945 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian andx overflow attempt (deleted.rules) 10953 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX andx overflow attempt (deleted.rules) 10955 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10956 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10958 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10960 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10961 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10964 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules) 10965 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10967 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules) 10971 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10972 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 10974 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules) 10975 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules) 11265 <-> EXPLOIT Sentinel license manager buffer overflow attempt (exploit.rules) 11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules) 11321 <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules) 11952 <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules) 11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules) 11976 <-> VOIP-SIP Overflow In URI Type - SIP (voip.rules) 11977 <-> VOIP-SIP Overflow In URI Type - Tel (voip.rules) 11978 <-> VOIP-SIP From Header Field Buffer Overflow Attempt (voip.rules) 11980 <-> VOIP-SIP SDP Attribute Possible Buffer Overflow Attempt (voip.rules) 11981 <-> VOIP-SIP MultiTech INVITE Field Buffer Overflow Attempt (voip.rules) 11985 <-> VOIP-SIP Expires Header Overflow Attempt (voip.rules) 12065 <-> POLICY Outbound Teredo traffic detected (policy.rules) 12066 <-> POLICY Inbound Teredo traffic detected (policy.rules) 12067 <-> POLICY Outbound Teredo traffic detected (policy.rules) 12068 <-> POLICY Inbound Teredo traffic detected (policy.rules) 12076 <-> DOS Ipswitch WS_FTP log server long unicode string (dos.rules) 12113 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules) 12121 <-> SPYWARE-PUT Adware pprich runtime detection - udp info sent out (spyware-put.rules) 12167 <-> VOIP-SIP Multiple At Signs In SIP URI (voip.rules) 12186 <-> RPC portmap 2112 udp request (rpc.rules) 12188 <-> RPC portmap 2112 udp rename_principal attempt (rpc.rules) 12198 <-> SNMP MS Windows getbulk request (snmp.rules) 12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules) 12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules) 12426 <-> POLICY Ruckus P2P broadcast domain probe (policy.rules) 12488 <-> DELETED SPYWARE-PUT Adware adblaster 2.0 runtime detection (deleted.rules) 12608 <-> RPC portmap walld udp request (rpc.rules) 12609 <-> RPC portmap walld udp format string attack attempt (rpc.rules) 12626 <-> RPC portmap Solaris sadmin port query udp request (rpc.rules) 12628 <-> RPC portmap Solaris sadmin port query udp portmapper sadmin port query attempt (rpc.rules) 12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules) 12663 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call unicode access (web-client.rules) 12665 <-> EXPLOIT CA BrightStor LGSever username buffer overflow attempt (exploit.rules) 12668 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid vulnerable function access (web-client.rules) 12669 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode vulnerable function access (web-client.rules) 12670 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call vulnerable function access (web-client.rules) 12671 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call unicode vulnerable function access (web-client.rules)
