Sourcefire VRT Rules Update
Date: 2009-05-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15507 <-> SPECIFIC-THREATS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids translated_names overflow attempt (specific-threats.rules, Low) 15508 <-> SPECIFIC-THREATS DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (specific-threats.rules, Low) Updated rules: 529 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low) 2349 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt (netbios.rules, Low) 2508 <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules, High) 2511 <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules, High) 2936 <-> NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (netbios.rules, High) 2942 <-> NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt (netbios.rules, Low) 3114 <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (netbios.rules, High) 3158 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules, Low) 3159 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules, Low) 3171 <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (netbios.rules, High) 3218 <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules, High) 3238 <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (netbios.rules, High) 3239 <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (netbios.rules, High) 3397 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (netbios.rules, Low) 3398 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (netbios.rules, Low) 3409 <-> NETBIOS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (netbios.rules, High) 3590 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules, High) 3591 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules, High) 3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules, Low) 3967 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (netbios.rules, Low) 4072 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (netbios.rules, Low) 4245 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt (netbios.rules, High) 4246 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt (netbios.rules, High) 4334 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules, Low) 4358 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (netbios.rules, Low) 4413 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (netbios.rules, High) 4608 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (netbios.rules, High) 4754 <-> NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (netbios.rules, High) 4755 <-> NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (netbios.rules, High) 4826 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules, Low) 4918 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules, Low) 5095 <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules, Low) 5096 <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules, Low) 5485 <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (netbios.rules, High) 6419 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (netbios.rules, High) 6420 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (netbios.rules, High) 6431 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (netbios.rules, High) 6432 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (netbios.rules, High) 6443 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (netbios.rules, High) 6444 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt (netbios.rules, High) 6455 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt (netbios.rules, High) 6456 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt (netbios.rules, High) 6584 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules, High) 6714 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences phonebook mode overflow attempt (netbios.rules, High) 6810 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (netbios.rules, High) 6906 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences callback number overflow attempt (netbios.rules, High) 7209 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules, High) 7210 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules, High) 8157 <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (netbios.rules, High) 8253 <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection username overflow attempt (netbios.rules, High) 8711 <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules, High) 8925 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules, High) 9027 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (netbios.rules, High) 9132 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules, High) 9228 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (netbios.rules, High) 9441 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules, High) 9769 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (netbios.rules, High) 9772 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules, High) 9773 <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 1 overflow attempt (netbios.rules, High) 9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules, High) 9914 <-> NETBIOS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (netbios.rules, High) 10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules, Low) 10024 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules, Low) 10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 attempt (netbios.rules, Low) 10036 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules, High) 10050 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules, High) 10117 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules, High) 10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules, Low) 10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules, Low) 10285 <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules, Low) 10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules, Low) 10603 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules, High) 10900 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules, High) 11073 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (netbios.rules, Low) 11074 <-> NETBIOS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (netbios.rules, Low) 11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules, High) 11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules, High) 11843 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (netbios.rules, High) 12100 <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules, High) 12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low) 12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules, Low) 12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low) 12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low) 12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High) 12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low) 12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low) 12489 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules, Low) 12808 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules, High) 12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules, Low) 12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules, Low) 12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules, Low) 12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules, Low) 12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules, Low) 12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules, High) 12977 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules, High) 12978 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules, High) 12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low) 12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low) 13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules, High) 13210 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules, High) 13211 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules, High) 13367 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules, Low) 14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules, Low) 14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules, Low) 15448 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low)
