Sourcefire VRT Rules Update

Date: 2007-12-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

New rules:
12984 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
12985 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
12986 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
12987 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
12988 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
12989 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
12990 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
12991 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
12992 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
12993 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
12994 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
12995 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
12996 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
12997 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
12998 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
12999 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13000 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13001 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
13002 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
13003 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13004 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13005 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
13006 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
13007 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13008 <-> NETBIOS SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13009 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
13010 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
13011 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
13012 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13013 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
13014 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
13015 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
13016 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13017 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules)
13018 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules)
13019 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules)
13020 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13021 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
13022 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
13023 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13024 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13025 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
13026 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
13027 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13028 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13029 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules)
13030 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules)
13031 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules)
13032 <-> NETBIOS SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13033 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules)
13034 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules)
13035 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules)
13036 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13037 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules)
13038 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules)
13039 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules)
13040 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13041 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules)
13042 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules)
13043 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules)
13044 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13045 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules)
13046 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules)
13047 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules)
13048 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13049 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules)
13050 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules)
13051 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules)
13052 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13053 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules)
13054 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules)
13055 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules)
13056 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13057 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13058 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13059 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13060 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13061 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13062 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13063 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13064 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13065 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13066 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13067 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13068 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13069 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13070 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13071 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13072 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13073 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13074 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13075 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13076 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13077 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13078 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13079 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13080 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13081 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13082 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13083 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13084 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13085 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13086 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13087 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13088 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules)
13089 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules)
13090 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules)
13091 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules)
13092 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13093 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13094 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13095 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13096 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13097 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13098 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13099 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13100 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules)
13101 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules)
13102 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules)
13103 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules)
13104 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules)
13105 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules)
13106 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules)
13107 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules)
13108 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules)
13109 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules)
13110 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules)
13111 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules)
13112 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules)
13113 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules)
13114 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules)
13115 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules)
13116 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules)
13117 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules)
13118 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules)
13119 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules)
13120 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules)
13121 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules)
13122 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules)
13123 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules)
13124 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules)
13125 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules)
13126 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules)
13127 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules)
13128 <-> NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13129 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13130 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13131 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13132 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13133 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13134 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13135 <-> NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13136 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13137 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13138 <-> NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13139 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13140 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13141 <-> NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13142 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13143 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13144 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13145 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules)
13146 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13147 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
13148 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13149 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13150 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13151 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13152 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13153 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13154 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13155 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13156 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules)
13157 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules)
13158 <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules)
13159 <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules)
13160 <-> WEB-CLIENT Microsft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules)

Updated rules:
 103 <-> BACKDOOR subseven 22 (backdoor.rules)
 105 <-> BACKDOOR - Dagger_1.4.0 (backdoor.rules)
 107 <-> BACKDOOR subseven DEFCON8 2.1 access (backdoor.rules)
 108 <-> BACKDOOR QAZ Worm Client Login access (backdoor.rules)
 109 <-> BACKDOOR netbus active (backdoor.rules)
 110 <-> BACKDOOR netbus getinfo (backdoor.rules)
 115 <-> BACKDOOR NetBus Pro 2.0 connection established (backdoor.rules)
 117 <-> BACKDOOR Infector.1.x (backdoor.rules)
 118 <-> BACKDOOR SatansBackdoor.2.0.Beta (backdoor.rules)
 119 <-> BACKDOOR Doly 2.0 access (backdoor.rules)
 121 <-> BACKDOOR Infector 1.6 Client to Server Connection Request (backdoor.rules)
 141 <-> BACKDOOR HackAttack 1.20 Connect (backdoor.rules)
 145 <-> BACKDOOR GirlFriendaccess (backdoor.rules)
 146 <-> BACKDOOR NetSphere access (backdoor.rules)
 147 <-> BACKDOOR GateCrasher (backdoor.rules)
 152 <-> BACKDOOR BackConstruction 2.1 Connection (backdoor.rules)
 157 <-> BACKDOOR BackConstruction 2.1 Client FTP Open Request (backdoor.rules)
 158 <-> BACKDOOR BackConstruction 2.1 Server FTP Open Reply (backdoor.rules)
 161 <-> BACKDOOR Matrix 2.0 Client connect (backdoor.rules)
 162 <-> BACKDOOR Matrix 2.0 Server access (backdoor.rules)
 163 <-> BACKDOOR WinCrash 1.0 Server Active (backdoor.rules)
 185 <-> BACKDOOR CDK (backdoor.rules)
 195 <-> BACKDOOR DeepThroat 3.1 Server Response (backdoor.rules)
 208 <-> BACKDOOR PhaseZero Server Active on Network (backdoor.rules)
 209 <-> BACKDOOR w00w00 attempt (backdoor.rules)
 210 <-> BACKDOOR attempt (backdoor.rules)
 211 <-> BACKDOOR MISC r00t attempt (backdoor.rules)
 212 <-> BACKDOOR MISC rewt attempt (backdoor.rules)
 213 <-> BACKDOOR MISC Linux rootkit attempt (backdoor.rules)
 214 <-> BACKDOOR MISC Linux rootkit attempt lrkr0x (backdoor.rules)
 215 <-> BACKDOOR MISC Linux rootkit attempt (backdoor.rules)
 216 <-> BACKDOOR MISC Linux rootkit satori attempt (backdoor.rules)
 217 <-> BACKDOOR MISC sm4ck attempt (backdoor.rules)
 218 <-> BACKDOOR MISC Solaris 2.5 attempt (backdoor.rules)
 219 <-> BACKDOOR HidePak backdoor attempt (backdoor.rules)
 220 <-> BACKDOOR HideSource backdoor attempt (backdoor.rules)
 221 <-> DDOS TFN Probe (ddos.rules)
 222 <-> DDOS tfn2k icmp possible communication (ddos.rules)
 223 <-> DDOS Trin00 Daemon to Master PONG message detected (ddos.rules)
 224 <-> DDOS Stacheldraht server spoof (ddos.rules)
 225 <-> DDOS Stacheldraht gag server response (ddos.rules)
 226 <-> DDOS Stacheldraht server response (ddos.rules)
 227 <-> DDOS Stacheldraht client spoofworks (ddos.rules)
 228 <-> DDOS TFN client command BE (ddos.rules)
 229 <-> DDOS Stacheldraht client check skillz (ddos.rules)
 230 <-> DDOS shaft client login to handler (ddos.rules)
 231 <-> DDOS Trin00 Daemon to Master message detected (ddos.rules)
 232 <-> DDOS Trin00 Daemon to Master *HELLO* message detected (ddos.rules)
 233 <-> DDOS Trin00 Attacker to Master default startup password (ddos.rules)
 234 <-> DDOS Trin00 Attacker to Master default password (ddos.rules)
 235 <-> DDOS Trin00 Attacker to Master default mdie password (ddos.rules)
 236 <-> DDOS Stacheldraht client check gag (ddos.rules)
 237 <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules)
 238 <-> DDOS TFN server response (ddos.rules)
 239 <-> DDOS shaft handler to agent (ddos.rules)
 240 <-> DDOS shaft agent to handler (ddos.rules)
 241 <-> DDOS shaft synflood (ddos.rules)
 243 <-> DDOS mstream agent to handler (ddos.rules)
 244 <-> DDOS mstream handler to agent (ddos.rules)
 245 <-> DDOS mstream handler ping to agent (ddos.rules)
 246 <-> DDOS mstream agent pong to handler (ddos.rules)
 247 <-> DDOS mstream client to handler (ddos.rules)
 248 <-> DDOS mstream handler to client (ddos.rules)
 250 <-> DDOS mstream handler to client (ddos.rules)
 251 <-> DDOS - TFN client command LE (ddos.rules)
 253 <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 254 <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 255 <-> DNS zone transfer TCP (dns.rules)
 256 <-> DNS named authors attempt (dns.rules)
 257 <-> DNS named version attempt (dns.rules)
 258 <-> DNS EXPLOIT named 8.2->8.2.1 (dns.rules)
 259 <-> DNS EXPLOIT named overflow ADM (dns.rules)
 260 <-> DNS EXPLOIT named overflow ADMROCKS (dns.rules)
 261 <-> DNS EXPLOIT named overflow attempt (dns.rules)
 262 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 264 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 265 <-> DNS EXPLOIT x86 Linux overflow attempt ADMv2 (dns.rules)
 266 <-> DNS EXPLOIT x86 FreeBSD overflow attempt (dns.rules)
 267 <-> DNS EXPLOIT sparc overflow attempt (dns.rules)
 271 <-> DOS UDP echo+chargen bomb (dos.rules)
 272 <-> DOS IGMP dos attack (dos.rules)
 274 <-> DOS ath (dos.rules)
 275 <-> DOS NAPTHA (dos.rules)
 276 <-> DOS Real Audio Server (dos.rules)
 277 <-> DOS Real Server template.html (dos.rules)
 278 <-> DOS Real Server template.html (dos.rules)
 279 <-> DOS Bay/Nortel Nautica Marlin (dos.rules)
 281 <-> DOS Ascend Route (dos.rules)
 301 <-> EXPLOIT LPRng overflow (exploit.rules)
 302 <-> EXPLOIT Redhat 7.0 lprd overflow (exploit.rules)
 303 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 308 <-> EXPLOIT NextFTP client overflow (exploit.rules)
 314 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 337 <-> FTP CEL overflow attempt (ftp.rules)
 458 <-> ICMP unassigned type 1 (icmp-info.rules)
 459 <-> ICMP unassigned type 1 undefined code (icmp-info.rules)
 460 <-> ICMP unassigned type 2 (icmp-info.rules)
 461 <-> ICMP unassigned type 2 undefined code (icmp-info.rules)
 462 <-> ICMP unassigned type 7 (icmp-info.rules)
 463 <-> ICMP unassigned type 7 undefined code (icmp-info.rules)
 494 <-> ATTACK-RESPONSES command completed (attack-responses.rules)
 497 <-> ATTACK-RESPONSES file copied ok (attack-responses.rules)
 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules)
 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules)
 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules)
 540 <-> CHAT MSN message (chat.rules)
 541 <-> CHAT ICQ access (chat.rules)
 542 <-> CHAT IRC nick change (chat.rules)
 614 <-> BACKDOOR hack-a-tack attempt (backdoor.rules)
 989 <-> BACKDOOR sensepost.exe command shell attempt (backdoor.rules)
1239 <-> NETBIOS RFParalyze Attempt (netbios.rules)
1257 <-> DOS Winnuke attack (dos.rules)
1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules)
1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules)
1324 <-> EXPLOIT ssh CRC32 overflow /bin/sh (exploit.rules)
1326 <-> EXPLOIT ssh CRC32 overflow NOOP (exploit.rules)
1327 <-> EXPLOIT ssh CRC32 overflow (exploit.rules)
1379 <-> FTP STAT overflow attempt (ftp.rules)
1408 <-> DOS MSDTC attempt (dos.rules)
1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules)
1435 <-> DNS named authors attempt (dns.rules)
1463 <-> CHAT IRC message (chat.rules)
1545 <-> DOS Cisco attempt (dos.rules)
1549 <-> SMTP HELO overflow attempt (smtp.rules)
1605 <-> DOS iParty DOS attempt (dos.rules)
1616 <-> DNS named version attempt (dns.rules)
1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules)
1631 <-> CHAT AIM login (chat.rules)
1633 <-> CHAT AIM receive message (chat.rules)
1639 <-> CHAT IRC DCC file transfer request (chat.rules)
1640 <-> CHAT IRC DCC chat request (chat.rules)
1641 <-> DOS DB2 dos attempt (dos.rules)
1729 <-> CHAT IRC channel join (chat.rules)
1734 <-> FTP USER overflow attempt (ftp.rules)
1755 <-> IMAP partial body buffer overflow attempt (imap.rules)
1777 <-> FTP EXPLOIT STAT * dos attempt (ftp.rules)
1778 <-> FTP EXPLOIT STAT ? dos attempt (ftp.rules)
1789 <-> CHAT IRC dns request (chat.rules)
1790 <-> CHAT IRC dns response (chat.rules)
1810 <-> ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE (attack-responses.rules)
1811 <-> ATTACK-RESPONSES successful gobbles ssh exploit uname (attack-responses.rules)
1812 <-> EXPLOIT gobbles SSH exploit attempt (exploit.rules)
1832 <-> CHAT ICQ forced user addition (chat.rules)
1842 <-> IMAP login buffer overflow attempt (imap.rules)
1843 <-> BACKDOOR trinity connection attempt (backdoor.rules)
1844 <-> IMAP authenticate overflow attempt (imap.rules)
1845 <-> IMAP list literal overflow attempt (imap.rules)
1853 <-> BACKDOOR win-trin00 connection attempt (backdoor.rules)
1854 <-> DDOS Stacheldraht handler->agent niggahbitch (ddos.rules)
1855 <-> DDOS Stacheldraht agent->handler skillz (ddos.rules)
1856 <-> DDOS Stacheldraht handler->agent ficken (ddos.rules)
1902 <-> IMAP lsub literal overflow attempt (imap.rules)
1903 <-> IMAP rename overflow attempt (imap.rules)
1904 <-> IMAP find overflow attempt (imap.rules)
1920 <-> FTP SITE NEWER overflow attempt (ftp.rules)
1930 <-> IMAP auth literal overflow attempt (imap.rules)
1948 <-> DNS zone transfer UDP (dns.rules)
1971 <-> FTP SITE EXEC format string attempt (ftp.rules)
1972 <-> FTP PASS overflow attempt (ftp.rules)
1974 <-> FTP REST overflow attempt (ftp.rules)
1975 <-> FTP DELE overflow attempt (ftp.rules)
1976 <-> FTP RMD overflow attempt (ftp.rules)
1980 <-> BACKDOOR DeepThroat 3.1 Connection attempt (backdoor.rules)
1981 <-> BACKDOOR DeepThroat 3.1 Connection attempt [3150] (backdoor.rules)
1982 <-> BACKDOOR DeepThroat 3.1 Server Response [3150] (backdoor.rules)
1983 <-> BACKDOOR DeepThroat 3.1 Connection attempt [4120] (backdoor.rules)
1984 <-> BACKDOOR DeepThroat 3.1 Server Response [4120] (backdoor.rules)
1985 <-> BACKDOOR Doly 1.5 server response (backdoor.rules)
1986 <-> CHAT MSN outbound file transfer request (chat.rules)
1988 <-> CHAT MSN outbound file transfer accept (chat.rules)
1989 <-> CHAT MSN outbound file transfer rejected (chat.rules)
1990 <-> CHAT MSN user search (chat.rules)
1991 <-> CHAT MSN login attempt (chat.rules)
2010 <-> MISC CVS double free exploit attempt response (misc.rules)
2011 <-> MISC CVS invalid directory response (misc.rules)
2048 <-> DELETED MISC rsyncd overflow attempt (deleted.rules)
2100 <-> BACKDOOR SubSeven 2.1 Gold server connection response (backdoor.rules)
2106 <-> IMAP lsub overflow attempt (imap.rules)
2118 <-> IMAP list overflow attempt (imap.rules)
2119 <-> IMAP rename literal overflow attempt (imap.rules)
2124 <-> BACKDOOR Remote PC Access connection attempt (backdoor.rules)
2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules)
2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules)
2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules)
2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules)
2252 <-> NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules)
2253 <-> SMTP XEXCH50 overflow attempt (smtp.rules)
2257 <-> NETBIOS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
2258 <-> NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
2259 <-> SMTP EXPN overflow attempt (smtp.rules)
2260 <-> SMTP VRFY overflow attempt (smtp.rules)
2261 <-> SMTP SEND FROM sendmail prescan too many addresses overflow (smtp.rules)
2262 <-> SMTP SEND FROM sendmail prescan too long addresses overflow (smtp.rules)
2263 <-> SMTP SAML FROM sendmail prescan too many addresses overflow (smtp.rules)
2264 <-> SMTP SAML FROM sendmail prescan too long addresses overflow (smtp.rules)
2265 <-> SMTP SOML FROM sendmail prescan too many addresses overflow (smtp.rules)
2266 <-> SMTP SOML FROM sendmail prescan too long addresses overflow (smtp.rules)
2267 <-> SMTP MAIL FROM sendmail prescan too many addresses overflow (smtp.rules)
2268 <-> SMTP MAIL FROM sendmail prescan too long addresses overflow (smtp.rules)
2269 <-> SMTP RCPT TO sendmail prescan too many addresses overflow (smtp.rules)
2270 <-> SMTP RCPT TO sendmail prescan too long addresses overflow (smtp.rules)
2271 <-> BACKDOOR FsSniffer connection attempt (backdoor.rules)
2272 <-> FTP LIST integer overflow attempt (ftp.rules)
2319 <-> EXPLOIT ebola PASS overflow attempt (exploit.rules)
2320 <-> EXPLOIT ebola USER overflow attempt (exploit.rules)
2330 <-> IMAP auth overflow attempt (imap.rules)
2332 <-> FTP MKD format string attempt (ftp.rules)
2333 <-> FTP RENAME format string attempt (ftp.rules)
2334 <-> FTP Yak! FTP server default account login attempt (ftp.rules)
2335 <-> FTP RMD / attempt (ftp.rules)
2338 <-> FTP LIST buffer overflow attempt (ftp.rules)
2340 <-> FTP SITE CHMOD overflow attempt (ftp.rules)
2343 <-> FTP STOR overflow attempt (ftp.rules)
2344 <-> FTP XCWD overflow attempt (ftp.rules)
2373 <-> FTP XMKD overflow attempt (ftp.rules)
2374 <-> FTP NLST overflow attempt (ftp.rules)
2375 <-> BACKDOOR DoomJuice/mydoom.a backdoor upload/execute attempt (backdoor.rules)
2376 <-> EXPLOIT ISAKMP first payload certificate request length overflow attempt (exploit.rules)
2377 <-> EXPLOIT ISAKMP second payload certificate request length overflow attempt (exploit.rules)
2378 <-> EXPLOIT ISAKMP third payload certificate request length overflow attempt (exploit.rules)
2379 <-> EXPLOIT ISAKMP forth payload certificate request length overflow attempt (exploit.rules)
2380 <-> EXPLOIT ISAKMP fifth payload certificate request length overflow attempt (exploit.rules)
2389 <-> FTP RNTO overflow attempt (ftp.rules)
2390 <-> FTP STOU overflow attempt (ftp.rules)
2391 <-> FTP APPE overflow attempt (ftp.rules)
2392 <-> FTP RETR overflow attempt (ftp.rules)
2412 <-> ATTACK-RESPONSES successful cross site scripting forced download attempt (attack-responses.rules)
2413 <-> EXPLOIT ISAKMP delete hash with empty hash attempt (exploit.rules)
2414 <-> EXPLOIT ISAKMP initial contact notification without SPI attempt (exploit.rules)
2415 <-> EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules)
2416 <-> FTP invalid MDTM command attempt (ftp.rules)
2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules)
2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules)
2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules)
2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules)
2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules)
2446 <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt (exploit.rules)
2449 <-> FTP ALLO overflow attempt (ftp.rules)
2450 <-> CHAT Yahoo IM successful logon (chat.rules)
2451 <-> CHAT Yahoo IM voicechat (chat.rules)
2452 <-> CHAT Yahoo IM ping (chat.rules)
2453 <-> CHAT Yahoo IM conference invitation (chat.rules)
2454 <-> CHAT Yahoo IM conference logon success (chat.rules)
2455 <-> CHAT Yahoo IM conference message (chat.rules)
2456 <-> CHAT Yahoo Messenger File Transfer Receive Request (chat.rules)
2457 <-> CHAT Yahoo IM message (chat.rules)
2458 <-> CHAT Yahoo IM successful chat join (chat.rules)
2459 <-> CHAT Yahoo IM conference offer invitation (chat.rules)
2460 <-> CHAT Yahoo IM conference request (chat.rules)
2461 <-> CHAT Yahoo IM conference watch (chat.rules)
2486 <-> DOS ISAKMP invalid identification payload attempt (dos.rules)
2487 <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules)
2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules)
2489 <-> EXPLOIT esignal STREAMQUOTE buffer overflow attempt (exploit.rules)
2497 <-> IMAP SSLv3 invalid data version attempt (imap.rules)
2504 <-> SMTP SSLv3 invalid data version attempt (smtp.rules)
2517 <-> IMAP PCT Client_Hello overflow attempt (imap.rules)
2523 <-> DOS BGP spoofed connection reset attempt (dos.rules)
2527 <-> SMTP STARTTLS attempt (smtp.rules)
2528 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
2529 <-> IMAP SSLv3 Client_Hello request (imap.rules)
2530 <-> IMAP SSLv3 Server_Hello request (imap.rules)
2531 <-> IMAP SSLv3 invalid Client_Hello attempt (imap.rules)
2541 <-> SMTP TLS SSLv3 invalid data version attempt (smtp.rules)
2542 <-> SMTP SSLv3 Client_Hello request (smtp.rules)
2543 <-> SMTP SSLv3 Server_Hello request (smtp.rules)
2544 <-> SMTP SSLv3 invalid Client_Hello attempt (smtp.rules)
2546 <-> FTP MDTM overflow attempt (ftp.rules)
2583 <-> MISC CVS Max-dotdot integer overflow attempt (misc.rules)
2584 <-> EXPLOIT eMule buffer overflow attempt (exploit.rules)
2655 <-> MISC HP Web JetAdmin ExecuteFile admin access (misc.rules)
2921 <-> DNS UDP inverse query (dns.rules)
2922 <-> DNS TCP inverse query (dns.rules)
3009 <-> BACKDOOR NetBus Pro 2.0 connection request (backdoor.rules)
3010 <-> BACKDOOR RUX the Tick get windows directory attempt (backdoor.rules)
3011 <-> BACKDOOR RUX the Tick get system directory attempt (backdoor.rules)
3012 <-> BACKDOOR RUX the Tick upload/execute arbitrary file attempt (backdoor.rules)
3013 <-> BACKDOOR Asylum 0.1 connection request (backdoor.rules)
3014 <-> BACKDOOR Asylum 0.1 connection established (backdoor.rules)
3015 <-> BACKDOOR Insane Network 4.0 connection established (backdoor.rules)
3016 <-> BACKDOOR Insane Network 4.0 connection established port 63536 (backdoor.rules)
3017 <-> EXPLOIT WINS overflow attempt (exploit.rules)
3018 <-> NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules)
3019 <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
3020 <-> NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules)
3021 <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
3022 <-> NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules)
3023 <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules)
3024 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules)
3025 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules)
3026 <-> NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (netbios.rules)
3027 <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
3028 <-> NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules)
3029 <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
3030 <-> NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (netbios.rules)
3031 <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules)
3032 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules)
3033 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules)
3034 <-> NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (netbios.rules)
3035 <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
3036 <-> NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules)
3037 <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules)
3038 <-> NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (netbios.rules)
3039 <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules)
3058 <-> IMAP copy literal overflow attempt (imap.rules)
3063 <-> BACKDOOR Vampire 1.2 connection request (backdoor.rules)
3064 <-> BACKDOOR Vampire 1.2 connection confirmation (backdoor.rules)
3066 <-> IMAP append overflow attempt (imap.rules)
3067 <-> IMAP examine literal overflow attempt (imap.rules)
3068 <-> IMAP examine overflow attempt (imap.rules)
3069 <-> IMAP fetch literal overflow attempt (imap.rules)
3071 <-> IMAP status literal overflow attempt (imap.rules)
3073 <-> IMAP subscribe literal overflow attempt (imap.rules)
3074 <-> IMAP subscribe overflow attempt (imap.rules)
3075 <-> IMAP unsubscribe literal overflow attempt (imap.rules)
3076 <-> IMAP unsubscribe overflow attempt (imap.rules)
3081 <-> BACKDOOR Y3KRAT 1.5 Connect (backdoor.rules)
3082 <-> BACKDOOR Y3KRAT 1.5 Connect Client Response (backdoor.rules)
3083 <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules)
3084 <-> EXPLOIT Veritas backup overflow attempt (exploit.rules)
3085 <-> EXPLOIT AIM goaway message buffer overflow attempt (exploit.rules)
3089 <-> DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules)
3153 <-> DNS TCP inverse query overflow (dns.rules)
3154 <-> DNS UDP inverse query overflow (dns.rules)
3155 <-> BACKDOOR BackOrifice 2000 Inbound Traffic (backdoor.rules)
3199 <-> EXPLOIT WINS name query overflow attempt TCP (exploit.rules)
3200 <-> EXPLOIT WINS name query overflow attempt UDP (exploit.rules)
3442 <-> DOS WIN32 TCP print service overflow attempt (dos.rules)
3443 <-> DELETED MS-SQL DNS query with 1 requests (deleted.rules)
3444 <-> DELETED MS-SQL DNS query with 2 requests (deleted.rules)
3445 <-> DELETED MS-SQL DNS query with 3 requests (deleted.rules)
3446 <-> DELETED MS-SQL DNS query with 4 requests (deleted.rules)
3447 <-> DELETED MS-SQL DNS query with 5 requests (deleted.rules)
3448 <-> DELETED MS-SQL DNS query with 6 requests (deleted.rules)
3449 <-> DELETED MS-SQL DNS query with 7 requests (deleted.rules)
3450 <-> DELETED MS-SQL DNS query with 8 requests (deleted.rules)
3451 <-> DELETED MS-SQL DNS query with 9 requests (deleted.rules)
3452 <-> DELETED MS-SQL DNS query with 10 requests (deleted.rules)
3487 <-> IMAP SSLv2 Client_Hello request (imap.rules)
3488 <-> IMAP SSLv2 Client_Hello with pad request (imap.rules)
3489 <-> IMAP TLSv1 Client_Hello request (imap.rules)
3490 <-> IMAP TLSv1 Client_Hello via SSLv2 handshake request (imap.rules)
3491 <-> IMAP SSLv2 Server_Hello request (imap.rules)
3492 <-> IMAP TLSv1 Server_Hello request (imap.rules)
3493 <-> SMTP SSLv2 Client_Hello request (smtp.rules)
3494 <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
3495 <-> SMTP TLSv1 Client_Hello request (smtp.rules)
3496 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
3497 <-> SMTP SSLv2 Server_Hello request (smtp.rules)
3498 <-> SMTP TLSv1 Server_Hello request (smtp.rules)
3511 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
3517 <-> EXPLOIT Computer Associates license PUTOLF overflow attempt (exploit.rules)
3520 <-> EXPLOIT Computer Associates license GCR NETWORK overflow attempt (exploit.rules)
3521 <-> EXPLOIT Computer Associates license GCR CHECKSUMS overflow attempt (exploit.rules)
3522 <-> EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules)
3523 <-> FTP SITE INDEX format string attempt (ftp.rules)
3524 <-> EXPLOIT Computer Associates license invalid GCR CHECKSUMS attempt (exploit.rules)
3525 <-> EXPLOIT Computer Associates license invalid GCR NETWORK attempt (exploit.rules)
3529 <-> EXPLOIT Computer Associates license GETCONFIG client overflow attempt (exploit.rules)
3532 <-> FTP ORACLE password buffer overflow attempt (ftp.rules)
3630 <-> FTP ORACLE TEST command buffer overflow attempt (ftp.rules)
3631 <-> FTP ORACLE user name buffer overflow attempt (ftp.rules)
3635 <-> BACKDOOR Amanda 2.0 connection established (backdoor.rules)
3636 <-> BACKDOOR Crazzy Net 5.0 connection established (backdoor.rules)
3637 <-> EXPLOIT Computer Associates license PUTOLF directory traversal attempt (exploit.rules)
3664 <-> EXPLOIT PPTP echo request buffer overflow attempt (exploit.rules)
3665 <-> MYSQL server greeting (mysql.rules)
3666 <-> MYSQL server greeting finished (mysql.rules)
3667 <-> MYSQL protocol 41 client authentication bypass attempt (mysql.rules)
3668 <-> MYSQL client authentication bypass attempt (mysql.rules)
3669 <-> MYSQL protocol 41 secure client overflow attempt (mysql.rules)
3670 <-> MYSQL secure client overflow attempt (mysql.rules)
3671 <-> MYSQL protocol 41 client overflow attempt (mysql.rules)
3672 <-> MYSQL client overflow attempt (mysql.rules)
3691 <-> CHAT Yahoo Messenger Message (chat.rules)
3692 <-> CHAT Yahoo Messenger File Transfer Initiation Request (chat.rules)
3695 <-> EXPLOIT Veritas Backup Agent password overflow attempt (exploit.rules)
4126 <-> EXPLOIT Veritas Backup Exec root connection attempt using default password hash (exploit.rules)
4129 <-> EXPLOIT Novell ZenWorks Remote Management Agent large login packet DoS attempt (exploit.rules)
4130 <-> EXPLOIT Novell ZenWorks Remote Management Agent buffer overflow Attempt (exploit.rules)
4131 <-> EXPLOIT SHOUTcast URI format string attempt (exploit.rules)
4140 <-> DOS tcpdump tcp LDP print zero length message denial of service attempt (dos.rules)
4141 <-> DOS tcpdump udp LDP print zero length message denial of service attempt (dos.rules)
4637 <-> EXPLOIT MailEnable HTTPMail buffer overflow attempt (exploit.rules)
5335 <-> NETBIOS SMB llsrpc2 WriteAndX alter context attempt (netbios.rules)
5342 <-> NETBIOS SMB llsrpc2 WriteAndX little endian alter context attempt (netbios.rules)
5351 <-> NETBIOS SMB llsrpc2 WriteAndX bind attempt (netbios.rules)
5358 <-> NETBIOS SMB llsrpc2 WriteAndX little endian bind attempt (netbios.rules)
5367 <-> NETBIOS SMB llsrpc2 WriteAndX andx alter context attempt (netbios.rules)
5374 <-> NETBIOS SMB llsrpc2 WriteAndX little endian andx alter context attempt (netbios.rules)
5383 <-> NETBIOS SMB llsrpc2 WriteAndX andx bind attempt (netbios.rules)
5390 <-> NETBIOS SMB llsrpc2 WriteAndX little endian andx bind attempt (netbios.rules)
5685 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
5686 <-> SMTP TLSv1 Server_Hello request (smtp.rules)
5687 <-> SMTP SSLv2 Client_Hello request (smtp.rules)
5688 <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
5689 <-> SMTP TLSv1 Client_Hello request (smtp.rules)
5690 <-> SMTP SSLv3 Client_Hello request (smtp.rules)
5691 <-> SMTP SSLv2 Server_Hello request (smtp.rules)
5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules)
5806 <-> DELETED SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (deleted.rules)
5931 <-> DELETED SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (deleted.rules)
6000 <-> DELETED P2P Skype client login startup (deleted.rules)
6001 <-> DELETED P2P Skype client login (deleted.rules)
6012 <-> BACKDOOR coolcat runtime connection detection - tcp 1 (backdoor.rules)
6013 <-> BACKDOOR coolcat runtime connection detection - tcp 2 (backdoor.rules)
6014 <-> BACKDOOR coolcat runtime connection detection - tcp 3 (backdoor.rules)
6015 <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
6016 <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules)
6017 <-> BACKDOOR dsk lite 1.0 runtime detection - disconnect (backdoor.rules)
6018 <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules)
6019 <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules)
6020 <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules)
6021 <-> BACKDOOR silent spy 2.10 command response port 4225 (backdoor.rules)
6022 <-> BACKDOOR silent spy 2.10 command response port 4226 (backdoor.rules)
6023 <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules)
6024 <-> BACKDOOR nuclear rat v6_21 runtime detection (backdoor.rules)
6025 <-> BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (backdoor.rules)
6026 <-> BACKDOOR dimbus 1.0 runtime detection - get pc info (backdoor.rules)
6027 <-> BACKDOOR netshadow runtime detection (backdoor.rules)
6028 <-> BACKDOOR cyberpaky runtime detection (backdoor.rules)
6029 <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules)
6030 <-> BACKDOOR fkwp 2.0 runtime detection - connection attempt client-to-server (backdoor.rules)
6031 <-> BACKDOOR fkwp 2.0 runtime detection - connection attempt server-to-client (backdoor.rules)
6033 <-> BACKDOOR fkwp 2.0 runtime detection - connection success (backdoor.rules)
6034 <-> BACKDOOR minicommand runtime detection - initial connection client-to-server (backdoor.rules)
6035 <-> BACKDOOR minicommand runtime detection - initial connection server-to-client (backdoor.rules)
6036 <-> BACKDOOR minicommand runtime detection - directory listing server-to-client (backdoor.rules)
6037 <-> BACKDOOR netbus 1.7 runtime detection - email notification (backdoor.rules)
6039 <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules)
6040 <-> BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules)
6041 <-> BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules)
6042 <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules)
6043 <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules)
6044 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6045 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6046 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules)
6047 <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules)
6048 <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules)
6049 <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules)
6050 <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules)
6051 <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
6052 <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules)
6053 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
6054 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules)
6055 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6056 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6057 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules)
6058 <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules)
6059 <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules)
6060 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6061 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6062 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules)
6063 <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
6064 <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules)
6065 <-> BACKDOOR optixlite 1.0 runtime detection - connection success client-to-server (backdoor.rules)
6066 <-> BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (backdoor.rules)
6068 <-> BACKDOOR optixlite 1.0 runtime detection - connection failure server-to-client (backdoor.rules)
6069 <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules)
6070 <-> BACKDOOR freak 1.0 runtime detection - irc notification (backdoor.rules)
6071 <-> BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules)
6072 <-> BACKDOOR freak 1.0 runtime detection - initial connection client-to-server (backdoor.rules)
6073 <-> BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (backdoor.rules)
6074 <-> BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (backdoor.rules)
6075 <-> BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (backdoor.rules)
6076 <-> BACKDOOR amiboide uploader runtime detection - init connection (backdoor.rules)
6077 <-> BACKDOOR autospy runtime detection - get information (backdoor.rules)
6078 <-> BACKDOOR autospy runtime detection - get information (backdoor.rules)
6079 <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
6080 <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules)
6081 <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
6082 <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules)
6083 <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
6084 <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules)
6085 <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules)
6086 <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules)
6087 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6088 <-> BACKDOOR a trojan 2.0 runtime detection - init connection (backdoor.rules)
6089 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6090 <-> BACKDOOR a trojan 2.0 runtime detection - get memory info (backdoor.rules)
6091 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6092 <-> BACKDOOR a trojan 2.0 runtime detection - get harddisk info (backdoor.rules)
6093 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6094 <-> BACKDOOR a trojan 2.0 runtime detection - get drive info (backdoor.rules)
6095 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules)
6096 <-> BACKDOOR a trojan 2.0 runtime detection - get system info (backdoor.rules)
6097 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6098 <-> BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules)
6099 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6100 <-> BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules)
6101 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6102 <-> BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules)
6103 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6104 <-> BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules)
6105 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6106 <-> BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules)
6107 <-> BACKDOOR backage 3.1 runtime detection (backdoor.rules)
6108 <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
6109 <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules)
6110 <-> BACKDOOR forced entry v1.1 beta runtime detection (backdoor.rules)
6111 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6112 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6113 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules)
6114 <-> BACKDOOR optix 1.32 runtime detection - email notification (backdoor.rules)
6115 <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules)
6116 <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
6117 <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules)
6118 <-> BACKDOOR net runner runtime detection - initial connection client-to-server (backdoor.rules)
6119 <-> BACKDOOR net runner runtime detection - initial connection server-to-client (backdoor.rules)
6120 <-> BACKDOOR net runner runtime detection - download file client-to-server (backdoor.rules)
6121 <-> BACKDOOR net runner runtime detection - download file server-to-client (backdoor.rules)
6122 <-> BACKDOOR millenium v1.0 runtime detection (backdoor.rules)
6123 <-> BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules)
6124 <-> BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules)
6125 <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
6126 <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules)
6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules)
6128 <-> BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules)
6129 <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
6130 <-> BACKDOOR chupacabra 1.0 runtime detection - get computer name (backdoor.rules)
6131 <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules)
6132 <-> BACKDOOR chupacabra 1.0 runtime detection - get user name (backdoor.rules)
6133 <-> BACKDOOR chupacabra 1.0 runtime detection - send messages (backdoor.rules)
6134 <-> BACKDOOR chupacabra 1.0 runtime detection - delete file (backdoor.rules)
6136 <-> BACKDOOR clindestine 1.0 runtime detection - capture big screen (backdoor.rules)
6137 <-> BACKDOOR clindestine 1.0 runtime detection - capture small screen (backdoor.rules)
6138 <-> BACKDOOR clindestine 1.0 runtime detection - get computer info (backdoor.rules)
6139 <-> BACKDOOR clindestine 1.0 runtime detection - get system directory (backdoor.rules)
6140 <-> BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules)
6141 <-> BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules)
6142 <-> BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (backdoor.rules)
6143 <-> BACKDOOR dark connection inside v1.2 runtime detection (backdoor.rules)
6144 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (backdoor.rules)
6145 <-> BACKDOOR mantis runtime detection - sent notify option server-to-client (backdoor.rules)
6146 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules)
6147 <-> BACKDOOR mantis runtime detection - go to address client-to-server (backdoor.rules)
6148 <-> BACKDOOR mantis runtime detection - go to address server-to-client (backdoor.rules)
6149 <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
6150 <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules)
6151 <-> BACKDOOR back attack v1.4 runtime detection (backdoor.rules)
6152 <-> BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules)
6153 <-> BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules)
6154 <-> BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules)
6155 <-> BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules)
6156 <-> BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules)
6157 <-> BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules)
6159 <-> BACKDOOR delirium of disorder runtime detection - enable keylogger (backdoor.rules)
6160 <-> BACKDOOR delirium of disorder runtime detection - stop keylogger (backdoor.rules)
6161 <-> BACKDOOR furax 1.0 b2 runtime detection (backdoor.rules)
6164 <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
6165 <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules)
6166 <-> BACKDOOR unicorn runtime detection - initial connection (backdoor.rules)
6167 <-> BACKDOOR unicorn runtime detection - set wallpaper client-to-server (backdoor.rules)
6168 <-> BACKDOOR unicorn runtime detection - set wallpaper server-to-client (backdoor.rules)
6169 <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules)
6170 <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules)
6171 <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
6172 <-> BACKDOOR cookie monster 0.24 runtime detection - get version info (backdoor.rules)
6173 <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules)
6174 <-> BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules)
6175 <-> BACKDOOR cookie monster 0.24 runtime detection - kill kernel (backdoor.rules)
6176 <-> BACKDOOR guptachar 2.0 runtime detection (backdoor.rules)
6177 <-> BACKDOOR ultimate destruction runtime detection - kill process client-to-server (backdoor.rules)
6178 <-> BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (backdoor.rules)
6179 <-> BACKDOOR bladerunner 0.80 runtime detection (backdoor.rules)
6180 <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
6181 <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules)
6182 <-> CHAT IRC channel notice (chat.rules)
6285 <-> BACKDOOR antilamer 1.1 runtime detection - set flowbit (backdoor.rules)
6286 <-> BACKDOOR antilamer 1.1 runtime detection (backdoor.rules)
6287 <-> BACKDOOR fictional daemon 4.4 runtime detection - telent (backdoor.rules)
6288 <-> BACKDOOR fictional daemon 4.4 runtime detection - ftp (backdoor.rules)
6289 <-> BACKDOOR netspy runtime detection - command pattern client-to-server (backdoor.rules)
6290 <-> BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules)
6291 <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules)
6292 <-> BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (backdoor.rules)
6293 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (backdoor.rules)
6294 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (backdoor.rules)
6295 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb (backdoor.rules)
6296 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules)
6297 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules)
6298 <-> BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (backdoor.rules)
6299 <-> BACKDOOR insurrection 1.1.0 runtime detection - initial connection (backdoor.rules)
6300 <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules)
6301 <-> BACKDOOR cia 1.3 runtime detection - smtp notification (backdoor.rules)
6302 <-> BACKDOOR cia runtime detection - initial connection - set flowbit (backdoor.rules)
6303 <-> BACKDOOR cia runtime detection - initial connection (backdoor.rules)
6304 <-> BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (backdoor.rules)
6305 <-> BACKDOOR softwar shadowthief runtime detection - initial connection (backdoor.rules)
6306 <-> BACKDOOR shit heep runtime detection (backdoor.rules)
6307 <-> BACKDOOR lamespy runtime detection - initial connection - set flowbit (backdoor.rules)
6308 <-> BACKDOOR lamespy runtime detection - initial connection (backdoor.rules)
6309 <-> BACKDOOR net demon runtime detection - initial connection - password request (backdoor.rules)
6310 <-> BACKDOOR net demon runtime detection - initial connection - password send (backdoor.rules)
6311 <-> BACKDOOR net demon runtime detection - initial connection - password accepted (backdoor.rules)
6312 <-> BACKDOOR net demon runtime detection - message send (backdoor.rules)
6313 <-> BACKDOOR net demon runtime detection - message response (backdoor.rules)
6314 <-> BACKDOOR net demon runtime detection - open browser request (backdoor.rules)
6315 <-> BACKDOOR net demon runtime detection - open browser response (backdoor.rules)
6316 <-> BACKDOOR net demon runtime detection - file manager request (backdoor.rules)
6317 <-> BACKDOOR net demon runtime detection - file manager response (backdoor.rules)
6318 <-> BACKDOOR rtb666 runtime detection (backdoor.rules)
6319 <-> BACKDOOR evilftp runtime detection - init connection (backdoor.rules)
6320 <-> BACKDOOR ptakks2.1 runtime detection - keepalive (backdoor.rules)
6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules)
6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules)
6323 <-> BACKDOOR 3xBackdoor runtime detection - set flowbit (backdoor.rules)
6324 <-> BACKDOOR 3xBackdoor runtime detection (backdoor.rules)
6325 <-> BACKDOOR fucktrojan 1.2 runtime detection - initial connection (backdoor.rules)
6326 <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
6327 <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules)
6328 <-> BACKDOOR commando runtime detection - initial connection (backdoor.rules)
6329 <-> BACKDOOR commando runtime detection - chat client-to-server (backdoor.rules)
6330 <-> BACKDOOR commando runtime detection - chat server-to-client (backdoor.rules)
6331 <-> BACKDOOR globalkiller1.0 runtime detection - notification (backdoor.rules)
6332 <-> BACKDOOR globalkiller1.0 runtime detection - initial connection (backdoor.rules)
6333 <-> BACKDOOR wincrash 2.0 runtime detection (backdoor.rules)
6334 <-> BACKDOOR backlash runtime detection (backdoor.rules)
6335 <-> BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (backdoor.rules)
6336 <-> BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules)
6337 <-> BACKDOOR hatredfriend file manage command - set flowbit (backdoor.rules)
6338 <-> BACKDOOR hatredfriend file manage command (backdoor.rules)
6339 <-> BACKDOOR hatredfriend email notification detection (backdoor.rules)
6395 <-> BACKDOOR a-311 death runtime detection - initial connection server-to-client (backdoor.rules)
6396 <-> BACKDOOR a-311 death user-agent string detected (backdoor.rules)
6397 <-> BACKDOOR http rat runtime detection - smtp (backdoor.rules)
6398 <-> BACKDOOR http rat runtime detection - http (backdoor.rules)
6399 <-> BACKDOOR rad 1.2.3 runtime detection (backdoor.rules)
6400 <-> BACKDOOR snowdoor runtime detection client-to-server (backdoor.rules)
6401 <-> BACKDOOR snowdoor runtime detection server-to-client (backdoor.rules)
6402 <-> BACKDOOR netangel connection client-to-server (backdoor.rules)
6414 <-> WEB-MISC Novell GroupWise Messenger Accept-Language header buffer overflow attempt (web-misc.rules)
6467 <-> CHAT jabber traffic detected (chat.rules)
6468 <-> CHAT jabber file transfer request (chat.rules)
6472 <-> BACKDOOR bugs runtime detection - file manager client-to-server (backdoor.rules)
6473 <-> BACKDOOR bugs runtime detection - file manager server-to-client (backdoor.rules)
6474 <-> BACKDOOR w32.loosky.gen@mm runtime detection - notification (backdoor.rules)
6475 <-> BACKDOOR badrat 1.1 runtime detection - flowbit set (backdoor.rules)
6476 <-> BACKDOOR badrat 1.1 runtime detection (backdoor.rules)
6497 <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
6498 <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
6499 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
6500 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
6501 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
7021 <-> DOS linux kernel SCTP chunkless packet denial of service attempt (dos.rules)
7057 <-> BACKDOOR charon runtime detection - initial connection (backdoor.rules)
7058 <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules)
7059 <-> BACKDOOR charon runtime detection - download file/log flowbit 2 (backdoor.rules)
7060 <-> BACKDOOR charon runtime detection - download file/log (backdoor.rules)
7061 <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules)
7064 <-> BACKDOOR cybernetic 1.62 runtime detection - email notification (backdoor.rules)
7065 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
7066 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules)
7067 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection (backdoor.rules)
7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules)
7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules)
7072 <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (backdoor.rules)
7073 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - notification (backdoor.rules)
7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules)
7075 <-> BACKDOOR bandook 1.0 runtime detection (backdoor.rules)
7076 <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules)
7077 <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules)
7078 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (backdoor.rules)
7079 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (backdoor.rules)
7080 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (backdoor.rules)
7081 <-> BACKDOOR up and run v1.0 beta runtime detection (backdoor.rules)
7082 <-> BACKDOOR mosucker3.0 runtime detection - client-to-server (backdoor.rules)
7083 <-> BACKDOOR mosucker3.0 runtime detection - server-to-client1 (backdoor.rules)
7084 <-> BACKDOOR erazer v1.1 runtime detection - sin notification (backdoor.rules)
7085 <-> BACKDOOR erazer v1.1 runtime detection (backdoor.rules)
7086 <-> BACKDOOR erazer v1.1 runtime detection - init connection (backdoor.rules)
7087 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password client-to-server (backdoor.rules)
7088 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password server-to-client (backdoor.rules)
7089 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password -client-to-server (backdoor.rules)
7090 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password server-to-client (backdoor.rules)
7091 <-> BACKDOOR serveme runtime detection (backdoor.rules)
7096 <-> BACKDOOR remote hack 1.5 runtime detection - logon (backdoor.rules)
7097 <-> BACKDOOR remote hack 1.5 runtime detection - execute file (backdoor.rules)
7098 <-> BACKDOOR remote hack 1.5 runtime detection - get password (backdoor.rules)
7099 <-> BACKDOOR remote hack 1.5 runtime detection - start keylogger (backdoor.rules)
7101 <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules)
7102 <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules)
7103 <-> BACKDOOR gwboy 0.92 runtime detection - init connection (backdoor.rules)
7104 <-> BACKDOOR aol admin runtime detection (backdoor.rules)
7105 <-> BACKDOOR aol admin runtime detection (backdoor.rules)
7108 <-> BACKDOOR undetected runtime detection (backdoor.rules)
7111 <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules)
7112 <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules)
7113 <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules)
7114 <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules)
7115 <-> BACKDOOR ghost 2.3 runtime detection (backdoor.rules)
7116 <-> BACKDOOR y3k 1.2 runtime detection - icq notification (backdoor.rules)
7118 <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules)
7119 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7120 <-> BACKDOOR y3k 1.2 runtime detection - init connection 1 (backdoor.rules)
7121 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7122 <-> BACKDOOR y3k 1.2 runtime detection - init connection 2 (backdoor.rules)
7604 <-> BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (backdoor.rules)
7605 <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules)
7606 <-> BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (backdoor.rules)
7607 <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules)
7608 <-> BACKDOOR katux 2.0 runtime detection - chat - flowbit set (backdoor.rules)
7609 <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules)
7610 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 1 (backdoor.rules)
7611 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules)
7612 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules)
7613 <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules)
7614 <-> BACKDOOR flux 1.0 runtime detection - keep alive - flowbit set (backdoor.rules)
7615 <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules)
7616 <-> BACKDOOR theef 2.0 runtime detection - connection without password (backdoor.rules)
7617 <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (backdoor.rules)
7618 <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules)
7619 <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules)
7620 <-> BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (backdoor.rules)
7621 <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules)
7622 <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules)
7623 <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules)
7624 <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules)
7625 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (backdoor.rules)
7626 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules)
7627 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules)
7628 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules)
7629 <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules)
7630 <-> BACKDOOR helios 3.1 runtime detection - initial connection (backdoor.rules)
7631 <-> BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (backdoor.rules)
7632 <-> BACKDOOR hornet 1.0 runtime detection - fetch system info (backdoor.rules)
7633 <-> BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (backdoor.rules)
7634 <-> BACKDOOR hornet 1.0 runtime detection - irc connection (backdoor.rules)
7635 <-> BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (backdoor.rules)
7636 <-> BACKDOOR hornet 1.0 runtime detection - fetch processes list (backdoor.rules)
7637 <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules)
7638 <-> BACKDOOR ncph runtime detection - initial connection (backdoor.rules)
7639 <-> BACKDOOR air runtime detection - php notification (backdoor.rules)
7640 <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules)
7641 <-> BACKDOOR am remote client runtime detection - client-to-server (backdoor.rules)
7642 <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules)
7643 <-> BACKDOOR netcontrol takeover runtime detection (backdoor.rules)
7644 <-> BACKDOOR ullysse runtime detection - client-to-server (backdoor.rules)
7645 <-> BACKDOOR snipernet 2.1 runtime detection - flowbit set (backdoor.rules)
7646 <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules)
7647 <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules)
7648 <-> BACKDOOR minicom lite runtime detection - client-to-server (backdoor.rules)
7649 <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules)
7650 <-> BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (backdoor.rules)
7651 <-> BACKDOOR small uploader 1.01 runtime detection - initial connection (backdoor.rules)
7652 <-> BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set (backdoor.rules)
7653 <-> BACKDOOR small uploader 1.01 runtime detection - get server information (backdoor.rules)
7654 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set (backdoor.rules)
7655 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules)
7656 <-> BACKDOOR diems mutter runtime detection - client-to-server (backdoor.rules)
7657 <-> BACKDOOR diems mutter runtime detection - server-to-client (backdoor.rules)
7658 <-> BACKDOOR jodeitor 1.1 runtime detection - initial connection (backdoor.rules)
7659 <-> BACKDOOR lan filtrator 1.1 runtime detection - sin notification (backdoor.rules)
7660 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (backdoor.rules)
7661 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules)
7662 <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (backdoor.rules)
7663 <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection (backdoor.rules)
7664 <-> BACKDOOR screen control 1.0 runtime detection - flowbit set (backdoor.rules)
7665 <-> BACKDOOR screen control 1.0 runtime detection - initial connection (backdoor.rules)
7667 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (backdoor.rules)
7668 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (backdoor.rules)
7669 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules)
7670 <-> BACKDOOR digital upload runtime detection - initial connection (backdoor.rules)
7671 <-> BACKDOOR digital upload runtime detection - chat (backdoor.rules)
7672 <-> BACKDOOR remoter runtime detection - initial connection (backdoor.rules)
7673 <-> BACKDOOR remote havoc runtime detection - flowbit set 1 (backdoor.rules)
7674 <-> BACKDOOR remote havoc runtime detection - flowbit set 2 (backdoor.rules)
7675 <-> BACKDOOR remote havoc runtime detection (backdoor.rules)
7676 <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (backdoor.rules)
7677 <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection (backdoor.rules)
7678 <-> BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (backdoor.rules)
7679 <-> BACKDOOR cool remote control 1.12 runtime detection - upload file (backdoor.rules)
7680 <-> BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (backdoor.rules)
7681 <-> BACKDOOR cool remote control 1.12 runtime detection - download file (backdoor.rules)
7682 <-> BACKDOOR acid head 1.00 runtime detection - flowbit set (backdoor.rules)
7683 <-> BACKDOOR acid head 1.00 runtime detection (backdoor.rules)
7684 <-> BACKDOOR hrat 1.0 runtime detection (backdoor.rules)
7685 <-> BACKDOOR illusion runtime detection - get remote info client-to-server (backdoor.rules)
7686 <-> BACKDOOR illusion runtime detection - get remote info server-to-client (backdoor.rules)
7687 <-> BACKDOOR illusion runtime detection - file browser client-to-server (backdoor.rules)
7688 <-> BACKDOOR illusion runtime detection - file browser server-to-client (backdoor.rules)
7689 <-> BACKDOOR evade runtime detection - initial connection (backdoor.rules)
7690 <-> BACKDOOR evade runtime detection - file manager - flowbit set (backdoor.rules)
7691 <-> BACKDOOR evade runtime detection - file manager (backdoor.rules)
7692 <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules)
7693 <-> BACKDOOR exception 1.0 runtime detection - intial connection client-to-server (backdoor.rules)
7694 <-> BACKDOOR exception 1.0 runtime detection - intial connection server-to-client (backdoor.rules)
7695 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
7696 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
7697 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection (backdoor.rules)
7698 <-> BACKDOOR brain wiper runtime detection - launch application - flowbit set (backdoor.rules)
7699 <-> BACKDOOR brain wiper runtime detection - launch application (backdoor.rules)
7700 <-> BACKDOOR brain wiper runtime detection - chat - flowbit set (backdoor.rules)
7701 <-> BACKDOOR brain wiper runtime detection - chat (backdoor.rules)
7702 <-> BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (backdoor.rules)
7703 <-> BACKDOOR roach 1.0 runtime detection - remote control actions (backdoor.rules)
7704 <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules)
7705 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (backdoor.rules)
7706 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules)
7707 <-> BACKDOOR omniquad instant remote control runtime detection - file transfer setup (backdoor.rules)
7708 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7709 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7710 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (backdoor.rules)
7711 <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules)
7712 <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules)
7713 <-> BACKDOOR amitis v1.3 runtime detection - email notification (backdoor.rules)
7714 <-> BACKDOOR netdevil runtime detection - flowbit set 1 (backdoor.rules)
7715 <-> BACKDOOR netdevil runtime detection - flowbit set 2 (backdoor.rules)
7716 <-> BACKDOOR netdevil runtime detection (backdoor.rules)
7717 <-> BACKDOOR snake trojan runtime detection (backdoor.rules)
7718 <-> BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (backdoor.rules)
7719 <-> BACKDOOR dameware mini remote control runtime detection - initial connection (backdoor.rules)
7720 <-> BACKDOOR desktop scout runtime detection (backdoor.rules)
7721 <-> BACKDOOR prorat 1.9 initial connection detection (backdoor.rules)
7722 <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules)
7723 <-> BACKDOOR wollf runtime detection (backdoor.rules)
7724 <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7725 <-> DELETED BACKDOOR reversable ver1.0 runtime detection - initial connection (deleted.rules)
7726 <-> BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (backdoor.rules)
7727 <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules)
7728 <-> BACKDOOR radmin runtime detection - client-to-server (backdoor.rules)
7729 <-> BACKDOOR radmin runtime detection - server-to-client (backdoor.rules)
7730 <-> BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (backdoor.rules)
7731 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (backdoor.rules)
7732 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules)
7733 <-> BACKDOOR outbreak_0.2.7 runtime detection - initial connection (backdoor.rules)
7734 <-> BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (backdoor.rules)
7735 <-> BACKDOOR bionet 4.05 runtime detection - initial connection (backdoor.rules)
7736 <-> BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set (backdoor.rules)
7737 <-> BACKDOOR bionet 4.05 runtime detection - file manager (backdoor.rules)
7738 <-> BACKDOOR alexmessomalex runtime detection - initial connection (backdoor.rules)
7739 <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules)
7740 <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (backdoor.rules)
7741 <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (backdoor.rules)
7742 <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules)
7743 <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules)
7744 <-> BACKDOOR phoenix 2.1 runtime detection - flowbit set (backdoor.rules)
7745 <-> BACKDOOR phoenix 2.1 runtime detection (backdoor.rules)
7746 <-> BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (backdoor.rules)
7747 <-> BACKDOOR bobo 1.0 runtime detection - initial connection (backdoor.rules)
7748 <-> BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (backdoor.rules)
7749 <-> BACKDOOR bobo 1.0 runtime detection - send message (backdoor.rules)
7750 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (backdoor.rules)
7751 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (backdoor.rules)
7752 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection (backdoor.rules)
7753 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (backdoor.rules)
7754 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (backdoor.rules)
7755 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function (backdoor.rules)
7756 <-> BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set (backdoor.rules)
7757 <-> BACKDOOR beast 2.02 runtime detection - initial connection (backdoor.rules)
7758 <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules)
7759 <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules)
7760 <-> BACKDOOR netthief runtime detection (backdoor.rules)
7761 <-> BACKDOOR analftp 0.1 runtime detection - initial connection (backdoor.rules)
7762 <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules)
7763 <-> BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (backdoor.rules)
7764 <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (backdoor.rules)
7765 <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (backdoor.rules)
7766 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules)
7767 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (backdoor.rules)
7768 <-> BACKDOOR data rape runtime detection - execute program client-to-server (backdoor.rules)
7769 <-> BACKDOOR data rape runtime detection - execute program server-to-client (backdoor.rules)
7770 <-> BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (backdoor.rules)
7771 <-> BACKDOOR messiah 4.0 runtime detection - get server info (backdoor.rules)
7772 <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (backdoor.rules)
7773 <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger (backdoor.rules)
7774 <-> BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (backdoor.rules)
7775 <-> BACKDOOR messiah 4.0 runtime detection - screen capture (backdoor.rules)
7776 <-> BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (backdoor.rules)
7777 <-> BACKDOOR messiah 4.0 runtime detection - get drives (backdoor.rules)
7778 <-> BACKDOOR elfrat runtime detection - initial connection (backdoor.rules)
7782 <-> BACKDOOR netdevil runtime detection - file manager - flowbit set (backdoor.rules)
7783 <-> BACKDOOR netdevil runtime detection - file manager (backdoor.rules)
7784 <-> BACKDOOR forced control uploader runtime detection - connection with password - flowbit set (backdoor.rules)
7785 <-> BACKDOOR forced control uploader runtime detection - connection with password (backdoor.rules)
7786 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 1 (backdoor.rules)
7787 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 2 (backdoor.rules)
7788 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 3 (backdoor.rules)
7789 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 4 (backdoor.rules)
7790 <-> BACKDOOR forced control uploader runtime detection directory listing (backdoor.rules)
7791 <-> BACKDOOR remote anything 5.11.22 runtime detection - victim response (backdoor.rules)
7792 <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (backdoor.rules)
7793 <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (backdoor.rules)
7794 <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (backdoor.rules)
7795 <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
7796 <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules)
7797 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
7798 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules)
7799 <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
7800 <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules)
7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules)
7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules)
7803 <-> BACKDOOR war trojan ver1.0 runtime detection - send messages (backdoor.rules)
7804 <-> BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (backdoor.rules)
7805 <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules)
7806 <-> BACKDOOR fatal wound 1.0 runtime detection - initial connection (backdoor.rules)
7807 <-> BACKDOOR fatal wound 1.0 runtime detection - execute file (backdoor.rules)
7808 <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
7809 <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules)
7810 <-> BACKDOOR nuclear uploader 1.0 runtime detection (backdoor.rules)
7811 <-> BACKDOOR abacab runtime detection - telnet initial (backdoor.rules)
7812 <-> BACKDOOR abacab runtime detection - banner (backdoor.rules)
7813 <-> BACKDOOR darkmoon initial connection detection - cts (backdoor.rules)
7814 <-> BACKDOOR darkmoon initial connection detection - stc (backdoor.rules)
7815 <-> BACKDOOR darkmoon reverse connection detection - stc (backdoor.rules)
7816 <-> BACKDOOR darkmoon reverse connection detection - cts (backdoor.rules)
7817 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
7818 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules)
7819 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7820 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7821 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules)
7822 <-> BACKDOOR xbkdr runtime detection (backdoor.rules)
7960 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7961 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7962 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7963 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7964 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7965 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7966 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7967 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
7968 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules)
7969 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules)
8056 <-> DOS ISC DHCP server 2 client_id length denial of service attempt (dos.rules)
8060 <-> EXPLOIT UltraVNC VNCLog buffer overflow (exploit.rules)
8074 <-> BACKDOOR mithril runtime detection - init connection (backdoor.rules)
8075 <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules)
8076 <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules)
8077 <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules)
8078 <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules)
8079 <-> BACKDOOR x2a runtime detection - init connection (backdoor.rules)
8080 <-> BACKDOOR x2a runtime detection - client update (backdoor.rules)
8361 <-> BACKDOOR black curse 4.0 runtime detection - inverse init connection (backdoor.rules)
8362 <-> BACKDOOR black curse 4.0 runtime detection - normal init connection (backdoor.rules)
8432 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8433 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8434 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8435 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8437 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8438 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8439 <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules)
8470 <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules)
8471 <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules)
8472 <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules)
8473 <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules)
8474 <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules)
8475 <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules)
8476 <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules)
8477 <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules)
8479 <-> FTP HELP overflow attempt (ftp.rules)
8480 <-> FTP PORT overflow attempt (ftp.rules)
8481 <-> FTP Microsoft NLST * dos attempt (ftp.rules)
8547 <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules)
8548 <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules)
8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules)
8702 <-> EXPLOIT IceCast header buffer overflow attempt (exploit.rules)
8703 <-> EXPLOIT IceCast header buffer overflow attempt (exploit.rules)
8709 <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules)
8710 <-> DNS Windows NAT helper components udp denial of service attempt (dns.rules)
8730 <-> DOS record route rr denial of service attempt (dos.rules)
9325 <-> DOS Citrix IMA DOS event data length denial of service attempt (dos.rules)
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules)
9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules)
9654 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
9656 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules)
9658 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9659 <-> BACKDOOR bersek 1.0 runtime detection - file manage (backdoor.rules)
9660 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9661 <-> BACKDOOR bersek 1.0 runtime detection - show processes (backdoor.rules)
9662 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules)
9664 <-> BACKDOOR crossbow 1.12 runtime detection (backdoor.rules)
9665 <-> BACKDOOR crossbow 1.12 runtime detection - init connection (backdoor.rules)
9666 <-> BACKDOOR superra runtime detection - success init connection (backdoor.rules)
9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules)
9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules)
9792 <-> FTP PASV overflow attempt (ftp.rules)
9832 <-> BACKDOOR ieva 1.0 runtime detection - send message (backdoor.rules)
9833 <-> BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (backdoor.rules)
9834 <-> BACKDOOR ieva 1.0 runtime detection - black screen (backdoor.rules)
9835 <-> BACKDOOR ieva 1.0 runtime detection - swap mouse (backdoor.rules)
9836 <-> BACKDOOR ieva 1.0 runtime detection - crazy mouse (backdoor.rules)
9837 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
9838 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules)
9841 <-> SMTP Microsoft Outlook VEVENT overflow attempt (smtp.rules)
10010 <-> EXPLOIT Putty Server key exchange buffer overflow attempt (exploit.rules)
10011 <-> IMAP Novell NetMail APPEND command buffer overflow attempt (imap.rules)
10012 <-> SMTP Microsoft Outlook VEVENT non-TZID overflow attempt (smtp.rules)
10101 <-> BACKDOOR crossfires trojan 3.0 runtime detection - delete file (backdoor.rules)
10102 <-> BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (backdoor.rules)
10103 <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules)
10104 <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules)
10105 <-> BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (backdoor.rules)
10106 <-> DELETED BACKDOOR icmp cmd 1.0 runtime detection - download file (deleted.rules)
10107 <-> BACKDOOR icmp cmd 1.0 runtime detection - pslist (backdoor.rules)
10108 <-> BACKDOOR icmp cmd 1.0 runtime detection - pskill (backdoor.rules)
10109 <-> BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (backdoor.rules)
10110 <-> BACKDOOR poison ivy 2.1.2 runtime detection (backdoor.rules)
10111 <-> BACKDOOR poison ivy 2.1.2 runtime detection - init connection (backdoor.rules)
10112 <-> BACKDOOR rix3 1.0 runtime detection - init connection (backdoor.rules)
10125 <-> MISC bomberclone buffer overflow attempt (misc.rules)
10135 <-> DOS Squid proxy FTP denial of service attempt (dos.rules)
10168 <-> BACKDOOR one runtime detection (backdoor.rules)
10169 <-> BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (backdoor.rules)
10184 <-> BACKDOOR wow 23 runtime detection (backdoor.rules)
10185 <-> BACKDOOR x-door runtime detection (backdoor.rules)
10195 <-> WEB-MISC Content-Length buffer overflow attempt (web-misc.rules)
10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules)
10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules)
10442 <-> BACKDOOR nirvana 2.0 runtime detection - explore c drive (backdoor.rules)
10443 <-> BACKDOOR acidbattery 1.0 runtime detection - sniff info (backdoor.rules)
10444 <-> BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (backdoor.rules)
10445 <-> BACKDOOR acidbattery 1.0 runtime detection - get password (backdoor.rules)
10446 <-> BACKDOOR acidbattery 1.0 runtime detection - get server info (backdoor.rules)
10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules)
10448 <-> BACKDOOR acessor 2.0 runtime detection - init connection (backdoor.rules)
10449 <-> BACKDOOR acid shivers runtime detection - init telnet connection (backdoor.rules)
10450 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules)
10451 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules)
10452 <-> BACKDOOR only 1 rat runtime detection - icmp request (backdoor.rules)
10453 <-> BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (backdoor.rules)
10454 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (backdoor.rules)
10455 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules)
10456 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules)
10457 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (backdoor.rules)
10458 <-> BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (backdoor.rules)
10459 <-> BACKDOOR wineggdrop shell pro runtime detection - init connection (backdoor.rules)
10460 <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules)
10461 <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules)
10462 <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules)
10463 <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules)
11185 <-> DOS CA eTrust key handling dos -- username (dos.rules)
11186 <-> DOS CA eTrust key handling dos -- password (dos.rules)
11263 <-> DOS Apache mod_ssl non-SSL connection to SSL port denial of service attempt (dos.rules)
11314 <-> BACKDOOR shadownet remote spy 2.0 runtime detection (backdoor.rules)
11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules)
11316 <-> BACKDOOR lurker 1.1 runtime detection - init connection (backdoor.rules)
11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules)
11318 <-> BACKDOOR boer runtime detection - init connection (backdoor.rules)
11319 <-> BACKDOOR netwindow runtime detection - init connection request (backdoor.rules)
11320 <-> BACKDOOR netwindow runtime detection - reverse mode init connection request (backdoor.rules)
11321 <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules)
11322 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
11323 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
11968 <-> VOIP-SIP inbound INVITE message (voip.rules)
11969 <-> VOIP-SIP inbound 401 unauthorized message (voip.rules)
11970 <-> VOIP-SIP Cisco 7940/7960 INVITE Remote-Party-ID denial of service attempt (voip.rules)
11971 <-> VOIP-SIP CSeq buffer overflow attempt (voip.rules)
11972 <-> VOIP-SIP Max-Forwards value over 70 (voip.rules)
11973 <-> VOIP-SIP Via header hostname buffer overflow attempt (voip.rules)
11974 <-> VOIP-SIP response too small (voip.rules)
11975 <-> VOIP-SIP Via header missing SIP field (voip.rules)
11976 <-> VOIP-SIP overflow in URI type - SIP (voip.rules)
11977 <-> VOIP-SIP overflow in URI type - Tel (voip.rules)
11978 <-> VOIP-SIP from header field buffer overflow attempt (voip.rules)
11979 <-> VOIP-SIP oversized SDP media port (voip.rules)
11980 <-> VOIP-SIP SDP attribute buffer overflow attempt (voip.rules)
11981 <-> VOIP-SIP MultiTech INVITE field buffer overflow attempt (voip.rules)
11982 <-> VOIP-SIP recursive URL-encoded data in To header (voip.rules)
11983 <-> VOIP-SIP SDP negative time value (voip.rules)
11984 <-> VOIP-SIP SDP oversized time value (voip.rules)
11985 <-> VOIP-SIP Expires header overflow attempt (voip.rules)
11986 <-> VOIP-SIP invalid characters in authorization response parameter (voip.rules)
11987 <-> VOIP-SIP Via header format string attempt (voip.rules)
11988 <-> VOIP-SIP From header format string attempt (voip.rules)
11989 <-> VOIP-SIP Call-ID header format string attempt (voip.rules)
11990 <-> VOIP-SIP Contact header format string attempt (voip.rules)
11991 <-> VOIP-SIP CSeq header format string attempt (voip.rules)
11992 <-> VOIP-SIP Content-Type header format string attempt (voip.rules)
11993 <-> VOIP-SIP Call-ID header invalid characters detected (voip.rules)
11994 <-> VOIP-SIP Contact header invalid characters detected (voip.rules)
11995 <-> VOIP-SIP Content-Type header invalid characters detected (voip.rules)
11996 <-> VOIP-SIP CSeq header invalid characters detected (voip.rules)
11997 <-> VOIP-SIP From header invalid characters detected (voip.rules)
11998 <-> VOIP-SIP To header invalid characters detected (voip.rules)
11999 <-> VOIP-SIP Via header invalid characters detected (voip.rules)
12000 <-> VOIP-SIP INVITE invalid IP address (voip.rules)
12001 <-> VOIP-SIP SDP version overflow attempt (voip.rules)
12002 <-> VOIP-SIP BYE flood (voip.rules)
12003 <-> VOIP-SIP CANCEL flood (voip.rules)
12004 <-> VOIP-SIP INVITE message invalid Content-Length size of zero (voip.rules)
12005 <-> VOIP-SIP invalid SDP connection value (voip.rules)
12006 <-> VOIP-SIP outbound INVITE message (voip.rules)
12007 <-> VOIP-SIP outbound 401 Unauthorized message (voip.rules)
12009 <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules)
12061 <-> SIP request line equal To zero (voip.rules)
12072 <-> VOIP-SIP response code not three digits (voip.rules)
12073 <-> VOIP-SIP inbound 100 Trying message (voip.rules)
12074 <-> VOIP-SIP outbound 100 Trying message (voip.rules)
12112 <-> VOIP-SIP Sivus scanner detected (voip.rules)
12113 <-> VOIP-SIP SIP URI overflow attempt (voip.rules)
12167 <-> VOIP-SIP multiple at signs in SIP URI (voip.rules)
12170 <-> VOIP-SIP inbound 408 Request Timeout message (voip.rules)
12171 <-> VOIP-SIP outbound 408 Request Timeout message (voip.rules)
12172 <-> VOIP-SIP inbound 501 Not Implemented message (voip.rules)
12173 <-> VOIP-SIP outbound 501 Not Implemented message (voip.rules)
12174 <-> VOIP-SIP inbound 604 Does Not Exist Anywhere message (voip.rules)
12175 <-> VOIP-SIP outbound 604 Does Not Exist Anywhere message (voip.rules)
12176 <-> VOIP-SIP inbound 415 Unsupported Media Type message (voip.rules)
12177 <-> VOIP-SIP outbound 415 Unsupported Media Type message (voip.rules)
12178 <-> VOIP-SIP inbound 481 Call/Leg Transaction Does Not Exist (voip.rules)
12179 <-> VOIP-SIP outbound 481 Call/Leg Transaction Does Not Exist (voip.rules)
12180 <-> VOIP-SIP inbound 404 Not Found (voip.rules)
12181 <-> VOIP-SIP outbound 404 Not Found (voip.rules)
12631 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed jpeg tables (exploit.rules)
12632 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed jpeg tables (exploit.rules)
12633 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff (exploit.rules)
12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules)
12680 <-> VOIP-SIP Via header hostname buffer overflow attempt - TCP (voip.rules)
12681 <-> VOIP-SIP SIP URI possible overflow (voip.rules)
12983 <-> EXPLOIT DirectX SAMI file CRawParser attempted buffer overflow attempt (exploit.rules)