Sourcefire VRT Rules Update

Date: 2011-06-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19303 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19302 <-> DISABLED <-> VOIP-SIP Max-Forwards header invalid characters detected (voip.rules)
 * 1:19301 <-> DISABLED <-> VOIP-SIP Expires header invalid characters detected (voip.rules)
 * 1:19300 <-> ENABLED <-> SPECIFIC-THREATS probable multi-mesh injection attack (specific-threats.rules)
 * 1:19299 <-> ENABLED <-> SPECIFIC-THREATS banner.txt access - possible compromised multi-mesh injection server (specific-threats.rules)
 * 1:19298 <-> ENABLED <-> SPECIFIC-THREATS cssminibar.js script injection (specific-threats.rules)
 * 1:19297 <-> ENABLED <-> SPECIFIC-THREATS sidename.js script injection (specific-threats.rules)
 * 1:19296 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:19295 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word HTML linked objects memory corruption attempt (specific-threats.rules)
 * 1:19294 <-> ENABLED <-> WEB-CLIENT Microsoft Excel Chart Sheet Substream memory corruption attempt (web-client.rules)

Modified Rules:


 * 1:16301 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:16310 <-> ENABLED <-> WEB-CLIENT IE 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16335 <-> DISABLED <-> WEB-CLIENT xpdf ObjectStream integer overflow (web-client.rules)
 * 1:16336 <-> DISABLED <-> WEB-CLIENT Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (web-client.rules)
 * 1:1634 <-> ENABLED <-> POP3 PASS overflow attempt (pop3.rules)
 * 1:1635 <-> ENABLED <-> POP3 APOP overflow attempt (pop3.rules)
 * 1:16355 <-> DISABLED <-> WEB-CLIENT Xpdf Splash DrawImage integer overflow attempt (web-client.rules)
 * 1:16359 <-> DISABLED <-> WEB-CLIENT Adobe Illustrator DSC comment overflow attempt (web-client.rules)
 * 1:16360 <-> DISABLED <-> WEB-CLIENT Apple QuickTime Image Description Atom sign extension memory corruption attempt (web-client.rules)
 * 1:16361 <-> DISABLED <-> WEB-CLIENT Microsoft Office BMP header biClrUsed integer overflow attempt (web-client.rules)
 * 1:16406 <-> ENABLED <-> WEB-MISC JPEG file download attempt (web-misc.rules)
 * 1:16407 <-> ENABLED <-> WEB-MISC JPEG file download attempt (web-misc.rules)
 * 1:16446 <-> DISABLED <-> RPC portmap Solaris sadmin tcp request (rpc.rules)
 * 1:16447 <-> DISABLED <-> RPC portmap Solaris sadmin udp request (rpc.rules)
 * 1:16448 <-> DISABLED <-> RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (rpc.rules)
 * 1:16449 <-> DISABLED <-> RPC portmap Solaris sadmin udp adm_build_path overflow attempt (rpc.rules)
 * 1:16452 <-> DISABLED <-> WEB-CLIENT IE .hlp samba share download attempt (web-client.rules)
 * 1:16492 <-> ENABLED <-> WEB-CLIENT Safari inline text box use after free attempt (web-client.rules)
 * 1:16521 <-> DISABLED <-> WEB-CLIENT Squid Proxy http version number overflow attempt (web-client.rules)
 * 1:16529 <-> ENABLED <-> WEB-MISC JPEG file download attempt (web-misc.rules)
 * 1:16552 <-> DISABLED <-> WEB-CLIENT Adobe .pfb download attempt (web-client.rules)
 * 1:16554 <-> DISABLED <-> WEB-CLIENT Adobe Acrobat JavaScript getIcon method buffer overflow attempt (web-client.rules)
 * 1:16582 <-> ENABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:16583 <-> DISABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:16594 <-> ENABLED <-> POP3 STAT command (pop3.rules)
 * 1:16596 <-> ENABLED <-> WEB-CLIENT Apple Safari information disclosure and remote code execution attempt (web-client.rules)
 * 1:16597 <-> DISABLED <-> SMTP Novell GroupWise Internet Agent Email address processing buffer overflow attempt (smtp.rules)
 * 1:1660 <-> DISABLED <-> WEB-IIS trace.axd access (web-iis.rules)
 * 1:16601 <-> ENABLED <-> WEB-CLIENT Amaya web editor XML and HTML Parser Buffer overflow attempt (web-client.rules)
 * 1:16611 <-> DISABLED <-> WEB-MISC Apache 413 error HTTP request method cross-site scripting attack (web-misc.rules)
 * 1:1662 <-> DISABLED <-> WEB-MISC /~ftp access (web-misc.rules)
 * 1:1663 <-> DISABLED <-> WEB-MISC *%20.pl access (web-misc.rules)
 * 1:1664 <-> DISABLED <-> WEB-MISC mkplog.exe access (web-misc.rules)
 * 1:1667 <-> DISABLED <-> WEB-MISC cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
 * 1:16673 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave DIR file PAMI chunk code execution attempt (web-client.rules)
 * 1:16677 <-> ENABLED <-> WEB-CLIENT Adobe Reader malformed FlateDecode colors declaration (web-client.rules)
 * 1:16681 <-> ENABLED <-> WEB-MISC Basic Authorization string overflow attempt (web-misc.rules)
 * 1:16682 <-> ENABLED <-> WEB-MISC Sun ONE Web Server JSP source code disclosure attempt (web-misc.rules)
 * 1:16689 <-> ENABLED <-> WEB-CLIENT Palo Alto Networks Firewall editUser.esp XSS attempt (web-client.rules)
 * 1:16696 <-> ENABLED <-> WEB-CLIENT Astonsoft Deepburner dbr file name buffer overflow attempt (web-client.rules)
 * 1:1670 <-> DISABLED <-> WEB-MISC /home/ftp access (web-misc.rules)
 * 1:1671 <-> DISABLED <-> WEB-MISC /home/www access (web-misc.rules)
 * 1:1672 <-> DISABLED <-> FTP CWD ~ attempt (ftp.rules)
 * 1:16726 <-> DISABLED <-> WEB-CLIENT gAlan malformed file stack overflow attempt (web-client.rules)
 * 1:16739 <-> ENABLED <-> WEB-CLIENT MultiMedia Jukebox multiple playlist file handling overflow attempt (web-client.rules)
 * 1:16742 <-> DISABLED <-> WEB-MISC remote desktop configuration file download request (web-misc.rules)
 * 1:16743 <-> DISABLED <-> WEB-CLIENT Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (web-client.rules)
 * 1:16796 <-> ENABLED <-> RPC Sun Solaris sadmind UDP data length integer overflow attempt (rpc.rules)
 * 1:16797 <-> ENABLED <-> RPC Sun Solaris sadmind TCP data length integer overflow attempt (rpc.rules)
 * 1:16799 <-> DISABLED <-> POP3 Eureka Mail 2.2q server error response overflow attempt (pop3.rules)
 * 1:17049 <-> ENABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt via POST (web-misc.rules)
 * 1:17050 <-> ENABLED <-> WEB-MISC Oracle Secure Backup Administration Server authentication bypass attempt (web-misc.rules)
 * 1:17059 <-> DISABLED <-> FTP Vermillion 1.31 vftpd port command memory corruption (ftp.rules)
 * 1:17103 <-> ENABLED <-> WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt (web-iis.rules)
 * 1:17106 <-> DISABLED <-> WEB-MISC download of RMF file - potentially malicious (web-misc.rules)
 * 1:17143 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (web-client.rules)
 * 1:17144 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules)
 * 1:17145 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules)
 * 1:17146 <-> DISABLED <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules)
 * 1:17153 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules)
 * 1:17154 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules)
 * 1:17165 <-> DISABLED <-> WEB-CLIENT Opera browser document writing uninitialized memory access attempt (web-client.rules)
 * 1:17166 <-> DISABLED <-> WEB-CLIENT Mozilla multiple products JavaScript string replace buffer overflow attempt (web-client.rules)
 * 1:17205 <-> DISABLED <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (rpc.rules)
 * 1:17206 <-> DISABLED <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (rpc.rules)
 * 1:17212 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt (web-client.rules)
 * 1:17213 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17216 <-> ENABLED <-> WEB-CLIENT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (web-client.rules)
 * 1:17218 <-> ENABLED <-> WEB-CLIENT Apple Safari LI tag with large VALUE attribute exploit attempt (web-client.rules)
 * 1:17231 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17232 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules)
 * 1:17236 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (web-client.rules)
 * 1:17245 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox image dragging exploit attempt (web-client.rules)
 * 1:1725 <-> DISABLED <-> WEB-IIS +.htr code fragment attempt (web-iis.rules)
 * 1:1726 <-> DISABLED <-> WEB-IIS doctodep.btr access (web-iis.rules)
 * 1:17265 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox plugin access control bypass attempt (web-client.rules)
 * 1:17271 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Web View script injection attempt (web-client.rules)
 * 1:17272 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer AVI parsing buffer overflow attempt (web-client.rules)
 * 1:17279 <-> ENABLED <-> WEB-MISC Ipswitch Whatsup Small Business directory traversal attempt (web-misc.rules)
 * 1:17280 <-> ENABLED <-> WEB-MISC Ipswitch Whatsup Small Business directory traversal attempt (web-misc.rules)
 * 1:17284 <-> ENABLED <-> WEB-CLIENT Microsoft Office malformed routing slip code execution attempt (web-client.rules)
 * 1:17285 <-> ENABLED <-> WEB-CLIENT Microsoft Powerpoint PPT file parsing memory corruption attempt (web-client.rules)
 * 1:17292 <-> ENABLED <-> WEB-CLIENT Microsoft Powerpoint malformed data record code execution attempt (web-client.rules)
 * 1:17316 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Folder GUID Code Execution attempt (web-client.rules)
 * 1:17318 <-> ENABLED <-> WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt (web-client.rules)
 * 1:17319 <-> ENABLED <-> WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt (web-client.rules)
 * 1:1732 <-> ENABLED <-> RPC portmap rwalld request UDP (rpc.rules)
 * 1:17320 <-> ENABLED <-> WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt (web-client.rules)
 * 1:1733 <-> ENABLED <-> RPC portmap rwalld request TCP (rpc.rules)
 * 1:17330 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt (web-client.rules)
 * 1:17332 <-> ENABLED <-> SMTP Content-Disposition attachment (smtp.rules)
 * 1:17333 <-> ENABLED <-> SMTP Lotus Notes Attachment Viewer UUE file buffer overflow attempt (smtp.rules)
 * 1:17347 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17348 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17349 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt (web-client.rules)
 * 1:17351 <-> ENABLED <-> WEB-CLIENT Winamp ID3v2 Tag Handling Buffer Overflow attempt (web-client.rules)
 * 1:17360 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox XBM image processing buffer overflow attempt (web-client.rules)
 * 1:1738 <-> DISABLED <-> WEB-MISC global.inc access (web-misc.rules)
 * 1:17408 <-> ENABLED <-> WEB-CLIENT Microsoft DirectX Targa image file heap overflow attempt (web-client.rules)
 * 1:17409 <-> ENABLED <-> WEB-CLIENT Mozilla Products IDN Spoofing Vulnerability Attempt (web-client.rules)
 * 1:17420 <-> ENABLED <-> WEB-MISC Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (web-misc.rules)
 * 1:17423 <-> ENABLED <-> WEB-MISC Citrix Program Neighborhood Agent Buffer Overflow attempt (web-misc.rules)
 * 1:17434 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Unicode sequence handling stack corruption attempt (web-client.rules)
 * 1:1744 <-> DISABLED <-> WEB-MISC SecureSite authentication bypass attempt (web-misc.rules)
 * 1:17440 <-> ENABLED <-> WEB-MISC RSA authentication agent for web redirect buffer overflow attempt (web-misc.rules)
 * 1:17443 <-> ENABLED <-> WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt (web-client.rules)
 * 1:17449 <-> ENABLED <-> WEB-MISC Novell ZENworks patch management SQL injection attempt (web-misc.rules)
 * 1:17450 <-> ENABLED <-> WEB-MISC CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (web-misc.rules)
 * 1:17457 <-> ENABLED <-> WEB-CLIENT Macromedia Flash ActionDefineFunction memory access vulnerability exploit attempt (web-client.rules)
 * 1:1746 <-> ENABLED <-> RPC portmap cachefsd request UDP (rpc.rules)
 * 1:17468 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (web-client.rules)
 * 1:1747 <-> ENABLED <-> RPC portmap cachefsd request TCP (rpc.rules)
 * 1:17482 <-> ENABLED <-> WEB-CLIENT Mozilla NNTP URL Handling Buffer Overflow attempt (web-client.rules)
 * 1:17486 <-> ENABLED <-> WEB-MISC Trend Micro Control Manager Chunked overflow attempt (web-misc.rules)
 * 1:17487 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (web-client.rules)
 * 1:1750 <-> DISABLED <-> WEB-IIS users.xml access (web-iis.rules)
 * 1:17505 <-> ENABLED <-> WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17506 <-> ENABLED <-> WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17507 <-> ENABLED <-> WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt (web-client.rules)
 * 1:17511 <-> ENABLED <-> WEB-CLIENT Excel malformed Graphic Code Execution (web-client.rules)
 * 1:17517 <-> ENABLED <-> WEB-CLIENT excel Malformed Record Code Execution attempt (web-client.rules)
 * 1:1753 <-> DISABLED <-> WEB-IIS as_web.exe access (web-iis.rules)
 * 1:1754 <-> DISABLED <-> WEB-IIS as_web4.exe access (web-iis.rules)
 * 1:1756 <-> DISABLED <-> WEB-IIS NewsPro administration authentication attempt (web-iis.rules)
 * 1:17568 <-> DISABLED <-> WEB-MISC Microsoft Office XP URL Handling Buffer Overflow attempt (web-misc.rules)
 * 1:1757 <-> DISABLED <-> WEB-MISC b2 arbitrary command execution attempt (web-misc.rules)
 * 1:17586 <-> ENABLED <-> WEB-CLIENT Sun Java Web Start malicious parameter value (web-client.rules)
 * 1:1762 <-> ENABLED <-> WEB-CGI phf arbitrary command execution attempt (web-cgi.rules)
 * 1:17629 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules)
 * 1:17648 <-> ENABLED <-> WEB-IIS source code disclosure attempt (web-iis.rules)
 * 1:17652 <-> ENABLED <-> WEB-MISC Microsoft IIS source code disclosure attempt (web-misc.rules)
 * 1:17653 <-> ENABLED <-> WEB-MISC Microsoft IIS source code disclosure attempt (web-misc.rules)
 * 1:17656 <-> ENABLED <-> WEB-MISC Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (web-misc.rules)
 * 1:1766 <-> DISABLED <-> WEB-MISC search.dll directory listing attempt (web-misc.rules)
 * 1:17664 <-> ENABLED <-> WEB-CLIENT GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:17666 <-> ENABLED <-> WEB-CLIENT RealNetworks RealPlayer invalid chunk size heap overflow attempt (web-client.rules)
 * 1:1767 <-> DISABLED <-> WEB-MISC search.dll access (web-misc.rules)
 * 1:1769 <-> DISABLED <-> WEB-MISC .DS_Store access (web-misc.rules)
 * 1:1770 <-> DISABLED <-> WEB-MISC .FBCIndex access (web-misc.rules)
 * 1:17705 <-> ENABLED <-> WEB-IIS web agent chunked encoding overflow attempt (web-iis.rules)
 * 1:17717 <-> ENABLED <-> SMTP IBM Lotus Notes HTML input tag buffer overflow attempt (smtp.rules)
 * 1:1772 <-> DISABLED <-> WEB-IIS pbserver access (web-iis.rules)
 * 1:17725 <-> DISABLED <-> WEB-CLIENT Opera file URI handling buffer overflow (web-client.rules)
 * 1:17733 <-> ENABLED <-> WEB-MISC XML file download request (web-misc.rules)
 * 1:17748 <-> ENABLED <-> WEB-MISC TLSv1 Client_Certificate handshake (web-misc.rules)
 * 1:1777 <-> DISABLED <-> FTP EXPLOIT STAT * dos attempt (ftp.rules)
 * 1:17776 <-> ENABLED <-> WEB-CLIENT Sun Java HsbParser.getSoundBank stack buffer overflow attempt (web-client.rules)
 * 1:1778 <-> DISABLED <-> FTP EXPLOIT STAT ? dos attempt (ftp.rules)
 * 1:17810 <-> ENABLED <-> WEB-MISC potential malware - download of server32.exe (web-misc.rules)
 * 1:17811 <-> ENABLED <-> WEB-MISC potential malware - download of svchost.exe (web-misc.rules)
 * 1:17812 <-> ENABLED <-> WEB-MISC potential malware - download of iexplore.exe (web-misc.rules)
 * 1:17813 <-> ENABLED <-> WEB-MISC potential malware - download of iprinp.dll (web-misc.rules)
 * 1:17814 <-> ENABLED <-> WEB-MISC potential malware - download of winzf32.dll (web-misc.rules)
 * 1:1792 <-> DISABLED <-> NNTP return code buffer overflow attempt (nntp.rules)
 * 1:1802 <-> DISABLED <-> WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1803 <-> DISABLED <-> WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1804 <-> DISABLED <-> WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1806 <-> DISABLED <-> WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
 * 1:1807 <-> DISABLED <-> WEB-MISC Chunked-Encoding transfer attempt (web-misc.rules)
 * 1:1808 <-> DISABLED <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules)
 * 1:1809 <-> DISABLED <-> WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules)
 * 1:18096 <-> ENABLED <-> WEB-MISC Apache Tomcat username enumeration attempt (web-misc.rules)
 * 1:1814 <-> DISABLED <-> WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules)
 * 1:18167 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:18168 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:1817 <-> DISABLED <-> WEB-IIS MS Site Server default login attempt (web-iis.rules)
 * 1:1818 <-> DISABLED <-> WEB-IIS MS Site Server admin attempt (web-iis.rules)
 * 1:1820 <-> DISABLED <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules)
 * 1:18234 <-> DISABLED <-> WEB-MISC QuickDraw/PICT file download request (web-misc.rules)
 * 1:1826 <-> DISABLED <-> WEB-MISC WEB-INF access (web-misc.rules)
 * 1:1827 <-> DISABLED <-> WEB-MISC Tomcat servlet mapping cross site scripting attempt (web-misc.rules)
 * 1:1828 <-> DISABLED <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules)
 * 1:18282 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules)
 * 1:18284 <-> DISABLED <-> WEB-MISC Microsoft Office XP URL Handling Buffer Overflow attempt (web-misc.rules)
 * 1:1829 <-> DISABLED <-> WEB-MISC Tomcat TroubleShooter servlet access (web-misc.rules)
 * 1:18299 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer implicit drag and drop file installation attempt (web-client.rules)
 * 1:1830 <-> DISABLED <-> WEB-MISC Tomcat SnoopServlet servlet access (web-misc.rules)
 * 1:18300 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer FTP command injection attempt (web-client.rules)
 * 1:1831 <-> DISABLED <-> WEB-MISC jigsaw dos attempt (web-misc.rules)
 * 1:18318 <-> DISABLED <-> WEB-MISC TLSv1 Client Change Cipher Spec message (web-misc.rules)
 * 1:18326 <-> DISABLED <-> FTP ProFTPD mod_site_misc module directory traversal attempt (ftp.rules)
 * 1:18333 <-> ENABLED <-> WEB-MISC phpBook date command execution attempt (web-misc.rules)
 * 1:18334 <-> ENABLED <-> WEB-MISC phpBook mail command execution attempt (web-misc.rules)
 * 1:1835 <-> DISABLED <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules)
 * 1:1839 <-> DISABLED <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules)
 * 1:1841 <-> DISABLED <-> WEB-CLIENT Javascript URL host spoofing attempt (web-client.rules)
 * 1:18468 <-> ENABLED <-> WEB-CLIENT Microsoft IE malformed iframe unicode buffer overflow attempt (web-client.rules)
 * 1:1847 <-> DISABLED <-> WEB-MISC webalizer access (web-misc.rules)
 * 1:18470 <-> ENABLED <-> WEB-MISC Java floating point number denial of service - via URI (web-misc.rules)
 * 1:18471 <-> ENABLED <-> WEB-MISC Java floating point number denial of service - via POST (web-misc.rules)
 * 1:1848 <-> DISABLED <-> WEB-MISC webcart-lite access (web-misc.rules)
 * 1:18480 <-> ENABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - userid parameter (web-misc.rules)
 * 1:18481 <-> ENABLED <-> WEB-MISC HP openview network node manager ovlogin.exe buffer overflow - password parameter (web-misc.rules)
 * 1:1849 <-> DISABLED <-> WEB-MISC webfind.exe access (web-misc.rules)
 * 1:1851 <-> DISABLED <-> WEB-MISC active.log access (web-misc.rules)
 * 1:1852 <-> DISABLED <-> WEB-MISC robots.txt access (web-misc.rules)
 * 1:18556 <-> ENABLED <-> WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (web-misc.rules)
 * 1:1857 <-> DISABLED <-> WEB-MISC robot.txt access (web-misc.rules)
 * 1:1858 <-> DISABLED <-> WEB-MISC CISCO PIX Firewall Manager directory traversal attempt (web-misc.rules)
 * 1:18588 <-> DISABLED <-> FTP Wsftp XCRC overflow attempt (ftp.rules)
 * 1:1859 <-> DISABLED <-> WEB-MISC Sun JavaServer default password login attempt (web-misc.rules)
 * 1:18593 <-> DISABLED <-> WEB-MISC BitTorrent torrent file download attempt (web-misc.rules)
 * 1:1860 <-> DISABLED <-> WEB-MISC Linksys router default password login attempt (web-misc.rules)
 * 1:1861 <-> DISABLED <-> WEB-MISC Linksys router default username and password login attempt (web-misc.rules)
 * 1:1864 <-> DISABLED <-> FTP SITE NEWER attempt (ftp.rules)
 * 1:1866 <-> ENABLED <-> POP3 USER overflow attempt (pop3.rules)
 * 1:18675 <-> DISABLED <-> WEB-MISC Cover page document file download attempt (web-misc.rules)
 * 1:1871 <-> DISABLED <-> WEB-MISC Oracle XSQLConfig.xml access (web-misc.rules)
 * 1:1872 <-> DISABLED <-> WEB-MISC Oracle Dynamic Monitoring Services dms access (web-misc.rules)
 * 1:1873 <-> DISABLED <-> WEB-MISC globals.jsa access (web-misc.rules)
 * 1:1874 <-> DISABLED <-> WEB-MISC Oracle Java Process Manager access (web-misc.rules)
 * 1:18773 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /stat.htm (blacklist.rules)
 * 1:18774 <-> ENABLED <-> BLACKLIST URI request for known malicious URI (blacklist.rules)
 * 1:18775 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /gpdcount (blacklist.rules)
 * 1:18782 <-> ENABLED <-> BLACKLIST URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (blacklist.rules)
 * 1:1880 <-> DISABLED <-> WEB-MISC oracle web application server access (web-misc.rules)
 * 1:1881 <-> DISABLED <-> WEB-MISC bad HTTP/1.1 request, Potentially worm attack (web-misc.rules)
 * 1:1888 <-> DISABLED <-> FTP SITE CPWD overflow attempt (ftp.rules)
 * 1:1890 <-> DISABLED <-> RPC status GHBN format string attack (rpc.rules)
 * 1:1891 <-> DISABLED <-> RPC status GHBN format string attack (rpc.rules)
 * 1:19042 <-> ENABLED <-> SPYWARE-PUT Trojan.Win32.Banker.ACQE contact to server attempt (spyware-put.rules)
 * 1:19043 <-> ENABLED <-> SPYWARE-PUT RogueSoftware.Win32.BestBoan contact to server attempt (spyware-put.rules)
 * 1:19044 <-> ENABLED <-> SPYWARE-PUT RogueSoftware.Win32.ThinkPoint contact to server attempt (spyware-put.rules)
 * 1:19045 <-> ENABLED <-> SPYWARE-PUT Trojan.Win32.Bancos.XQ contact to server attempt (spyware-put.rules)
 * 1:19046 <-> ENABLED <-> SPYWARE-PUT RogueSoftware.Win32.Winwebsec contact to server attempt (spyware-put.rules)
 * 1:19047 <-> ENABLED <-> SPYWARE-PUT RogueSoftware.Win32.RClean contact to server attempt (spyware-put.rules)
 * 1:19048 <-> ENABLED <-> SPYWARE-PUT Backdoor.Win32.Darkness contact to server attempt (spyware-put.rules)
 * 1:19049 <-> ENABLED <-> SPYWARE-PUT Backdoor.Win32.Gigade contact to server attempt (spyware-put.rules)
 * 1:1905 <-> ENABLED <-> RPC AMD UDP amqproc_mount plog overflow attempt (rpc.rules)
 * 1:19050 <-> ENABLED <-> SPYWARE-PUT Trojan.Win32.Banbra.fxe contact to server attempt (spyware-put.rules)
 * 1:19051 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Murofet.A outbound connection (botnet-cnc.rules)
 * 1:1906 <-> ENABLED <-> RPC AMD TCP amqproc_mount plog overflow attempt (rpc.rules)
 * 1:19062 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.FakePlus Runtime Detection (botnet-cnc.rules)
 * 1:1907 <-> ENABLED <-> RPC CMSD UDP CMSD_CREATE buffer overflow attempt (rpc.rules)
 * 1:1908 <-> ENABLED <-> RPC CMSD TCP CMSD_CREATE buffer overflow attempt (rpc.rules)
 * 1:1909 <-> ENABLED <-> RPC CMSD TCP CMSD_INSERT buffer overflow attempt (rpc.rules)
 * 1:1910 <-> ENABLED <-> RPC CMSD udp CMSD_INSERT buffer overflow attempt (rpc.rules)
 * 1:1911 <-> DISABLED <-> RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules)
 * 1:1912 <-> DISABLED <-> RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules)
 * 1:1913 <-> DISABLED <-> RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules)
 * 1:1914 <-> DISABLED <-> RPC STATD TCP stat mon_name format string exploit attempt (rpc.rules)
 * 1:19141 <-> DISABLED <-> WEB-CLIENT Microsoft Access Wizard control memory corruption ActiveX clsid access (web-client.rules)
 * 1:1915 <-> DISABLED <-> RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules)
 * 1:19151 <-> ENABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid access (web-activex.rules)
 * 1:19152 <-> ENABLED <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX function call access (web-activex.rules)
 * 1:1916 <-> DISABLED <-> RPC STATD TCP monitor mon_name format string exploit attempt (rpc.rules)
 * 1:19173 <-> ENABLED <-> RPC CDE Calendar Manager service memory corruption attempt (rpc.rules)
 * 1:19181 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer iframe uninitialized memory corruption attempt (specific-threats.rules)
 * 1:1919 <-> DISABLED <-> FTP CWD overflow attempt (ftp.rules)
 * 1:19193 <-> DISABLED <-> WEB-ACTIVEX Oracle Document Capture ActiveX clsid access (web-activex.rules)
 * 1:19194 <-> DISABLED <-> WEB-ACTIVEX Oracle Document Capture ActiveX function call access (web-activex.rules)
 * 1:19197 <-> ENABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX clsid access (web-activex.rules)
 * 1:19198 <-> ENABLED <-> WEB-ACTIVEX CA Internet Security Suite XMLSecDB ActiveX function call access (web-activex.rules)
 * 1:19207 <-> ENABLED <-> EXPLOIT Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (exploit.rules)
 * 1:1921 <-> DISABLED <-> FTP SITE ZIPCHK overflow attempt (ftp.rules)
 * 1:19214 <-> DISABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:1922 <-> ENABLED <-> RPC portmap proxy attempt TCP (rpc.rules)
 * 1:1923 <-> DISABLED <-> RPC portmap proxy attempt UDP (rpc.rules)
 * 1:1924 <-> ENABLED <-> RPC mountd UDP export request (rpc.rules)
 * 1:1925 <-> ENABLED <-> RPC mountd TCP exportall request (rpc.rules)
 * 1:1926 <-> ENABLED <-> RPC mountd UDP exportall request (rpc.rules)
 * 1:1927 <-> DISABLED <-> FTP authorized_keys (ftp.rules)
 * 1:1928 <-> DISABLED <-> FTP shadow retrieval attempt (ftp.rules)
 * 1:1936 <-> ENABLED <-> POP3 AUTH overflow attempt (pop3.rules)
 * 1:1937 <-> ENABLED <-> POP3 LIST overflow attempt (pop3.rules)
 * 1:1938 <-> ENABLED <-> POP3 XTND overflow attempt (pop3.rules)
 * 1:1942 <-> DISABLED <-> FTP RMDIR overflow attempt (ftp.rules)
 * 1:1943 <-> DISABLED <-> WEB-MISC /Carello/add.exe access (web-misc.rules)
 * 1:1944 <-> DISABLED <-> WEB-MISC /ecscripts/ecware.exe access (web-misc.rules)
 * 1:1946 <-> DISABLED <-> WEB-MISC answerbook2 admin attempt (web-misc.rules)
 * 1:1947 <-> DISABLED <-> WEB-MISC answerbook2 arbitrary command execution attempt (web-misc.rules)
 * 1:1949 <-> ENABLED <-> RPC portmap SET attempt TCP 111 (rpc.rules)
 * 1:1950 <-> ENABLED <-> RPC portmap SET attempt UDP 111 (rpc.rules)
 * 1:1951 <-> ENABLED <-> RPC mountd TCP mount request (rpc.rules)
 * 1:1952 <-> ENABLED <-> RPC mountd UDP mount request (rpc.rules)
 * 1:1953 <-> ENABLED <-> RPC AMD TCP pid request (rpc.rules)
 * 1:1954 <-> ENABLED <-> RPC AMD UDP pid request (rpc.rules)
 * 1:1955 <-> ENABLED <-> RPC AMD TCP version request (rpc.rules)
 * 1:1956 <-> ENABLED <-> RPC AMD UDP version request (rpc.rules)
 * 1:1957 <-> DISABLED <-> RPC sadmind UDP PING (rpc.rules)
 * 1:1958 <-> DISABLED <-> RPC sadmind TCP PING (rpc.rules)
 * 1:1959 <-> ENABLED <-> RPC portmap NFS request UDP (rpc.rules)
 * 1:1960 <-> ENABLED <-> RPC portmap NFS request TCP (rpc.rules)
 * 1:1961 <-> ENABLED <-> RPC portmap RQUOTA request UDP (rpc.rules)
 * 1:1962 <-> ENABLED <-> RPC portmap RQUOTA request TCP (rpc.rules)
 * 1:1963 <-> ENABLED <-> RPC RQUOTA getquota overflow attempt UDP (rpc.rules)
 * 1:1964 <-> DISABLED <-> RPC tooltalk UDP overflow attempt (rpc.rules)
 * 1:1965 <-> DISABLED <-> RPC tooltalk TCP overflow attempt (rpc.rules)
 * 1:1969 <-> DISABLED <-> WEB-MISC ion-p access (web-misc.rules)
 * 1:1970 <-> DISABLED <-> WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
 * 1:1973 <-> DISABLED <-> FTP MKD overflow attempt (ftp.rules)
 * 1:1977 <-> DISABLED <-> WEB-MISC xp_regwrite attempt (web-misc.rules)
 * 1:1978 <-> DISABLED <-> WEB-MISC xp_regdeletekey attempt (web-misc.rules)
 * 1:1979 <-> DISABLED <-> WEB-MISC perl post attempt (web-misc.rules)
 * 1:1992 <-> DISABLED <-> FTP LIST directory traversal attempt (ftp.rules)
 * 1:2005 <-> ENABLED <-> RPC portmap kcms_server request UDP (rpc.rules)
 * 1:2006 <-> DISABLED <-> RPC portmap kcms_server request TCP (rpc.rules)
 * 1:2014 <-> ENABLED <-> RPC portmap UNSET attempt TCP 111 (rpc.rules)
 * 1:2015 <-> ENABLED <-> RPC portmap UNSET attempt UDP 111 (rpc.rules)
 * 1:2016 <-> ENABLED <-> RPC portmap status request TCP (rpc.rules)
 * 1:2017 <-> ENABLED <-> RPC portmap espd request UDP (rpc.rules)
 * 1:2018 <-> ENABLED <-> RPC mountd TCP dump request (rpc.rules)
 * 1:2019 <-> ENABLED <-> RPC mountd UDP dump request (rpc.rules)
 * 1:2020 <-> ENABLED <-> RPC mountd TCP unmount request (rpc.rules)
 * 1:2021 <-> ENABLED <-> RPC mountd UDP unmount request (rpc.rules)
 * 1:2022 <-> ENABLED <-> RPC mountd TCP unmountall request (rpc.rules)
 * 1:2023 <-> ENABLED <-> RPC mountd UDP unmountall request (rpc.rules)
 * 1:2024 <-> ENABLED <-> RPC RQUOTA getquota overflow attempt TCP (rpc.rules)
 * 1:2025 <-> ENABLED <-> RPC yppasswd username overflow attempt UDP (rpc.rules)
 * 1:2026 <-> ENABLED <-> RPC yppasswd username overflow attempt TCP (rpc.rules)
 * 1:2027 <-> ENABLED <-> RPC yppasswd old password overflow attempt UDP (rpc.rules)
 * 1:2028 <-> ENABLED <-> RPC yppasswd old password overflow attempt TCP (rpc.rules)
 * 1:2029 <-> ENABLED <-> RPC yppasswd new password overflow attempt UDP (rpc.rules)
 * 1:2030 <-> ENABLED <-> RPC yppasswd new password overflow attempt TCP (rpc.rules)
 * 1:2031 <-> ENABLED <-> RPC yppasswd user update UDP (rpc.rules)
 * 1:2032 <-> ENABLED <-> RPC yppasswd user update TCP (rpc.rules)
 * 1:2033 <-> ENABLED <-> RPC ypserv maplist request UDP (rpc.rules)
 * 1:2034 <-> ENABLED <-> RPC ypserv maplist request TCP (rpc.rules)
 * 1:2035 <-> ENABLED <-> RPC portmap network-status-monitor request UDP (rpc.rules)
 * 1:2036 <-> ENABLED <-> RPC portmap network-status-monitor request TCP (rpc.rules)
 * 1:2037 <-> ENABLED <-> RPC network-status-monitor mon-callback request UDP (rpc.rules)
 * 1:2038 <-> ENABLED <-> RPC network-status-monitor mon-callback request TCP (rpc.rules)
 * 1:2045 <-> DISABLED <-> RPC snmpXdmi overflow attempt UDP (rpc.rules)
 * 1:2056 <-> DISABLED <-> WEB-MISC TRACE attempt (web-misc.rules)
 * 1:2057 <-> DISABLED <-> WEB-MISC helpout.exe access (web-misc.rules)
 * 1:2058 <-> DISABLED <-> WEB-MISC MsmMask.exe attempt (web-misc.rules)
 * 1:2059 <-> DISABLED <-> WEB-MISC MsmMask.exe access (web-misc.rules)
 * 1:2060 <-> DISABLED <-> WEB-MISC DB4Web access (web-misc.rules)
 * 1:2061 <-> DISABLED <-> WEB-MISC Tomcat null byte directory listing attempt (web-misc.rules)
 * 1:2062 <-> DISABLED <-> WEB-MISC iPlanet .perf access (web-misc.rules)
 * 1:2063 <-> DISABLED <-> WEB-MISC Demarc SQL injection attempt (web-misc.rules)
 * 1:2065 <-> DISABLED <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules)
 * 1:2066 <-> DISABLED <-> WEB-MISC Lotus Notes .pl script source download attempt (web-misc.rules)
 * 1:2067 <-> DISABLED <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules)
 * 1:2068 <-> DISABLED <-> WEB-MISC BitKeeper arbitrary command attempt (web-misc.rules)
 * 1:2069 <-> DISABLED <-> WEB-MISC chip.ini access (web-misc.rules)
 * 1:2070 <-> DISABLED <-> WEB-MISC post32.exe arbitrary command attempt (web-misc.rules)
 * 1:2071 <-> DISABLED <-> WEB-MISC post32.exe access (web-misc.rules)
 * 1:2072 <-> DISABLED <-> WEB-MISC lyris.pl access (web-misc.rules)
 * 1:2073 <-> DISABLED <-> WEB-MISC globals.pl access (web-misc.rules)
 * 1:2079 <-> ENABLED <-> RPC portmap nlockmgr request UDP (rpc.rules)
 * 1:1378 <-> DISABLED <-> FTP wu-ftp bad file completion attempt (ftp.rules)
 * 1:1377 <-> DISABLED <-> FTP wu-ftp bad file completion attempt (ftp.rules)
 * 1:1376 <-> DISABLED <-> WEB-MISC jrun directory browse attempt (web-misc.rules)
 * 1:1375 <-> DISABLED <-> WEB-MISC sadmind worm access (web-misc.rules)
 * 1:1374 <-> DISABLED <-> WEB-MISC .htgroup access (web-misc.rules)
 * 1:13717 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (rpc.rules)
 * 1:13716 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (rpc.rules)
 * 1:13473 <-> DISABLED <-> WEB-MISC Microsoft Publisher file download (web-misc.rules)
 * 1:13364 <-> DISABLED <-> SMTP Novell GroupWise client IMG SRC buffer overflow (smtp.rules)
 * 1:13320 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules)
 * 1:13319 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules)
 * 1:13318 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules)
 * 1:13317 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules)
 * 1:13316 <-> ENABLED <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules)
 * 1:13302 <-> DISABLED <-> WEB-CLIENT Apache mod_imagemap cross site scripting attempt (web-client.rules)
 * 1:13293 <-> DISABLED <-> WEB-CLIENT QuickTime panorama atoms buffer overflow attempt (web-client.rules)
 * 1:1303 <-> DISABLED <-> WEB-MISC cs.exe access (web-misc.rules)
 * 1:1302 <-> DISABLED <-> WEB-MISC console.exe access (web-misc.rules)
 * 1:1291 <-> DISABLED <-> WEB-MISC sml3com access (web-misc.rules)
 * 1:1286 <-> DISABLED <-> WEB-IIS _mem_bin access (web-iis.rules)
 * 1:1285 <-> DISABLED <-> WEB-IIS msdac access (web-iis.rules)
 * 1:1283 <-> DISABLED <-> WEB-IIS outlook web dos (web-iis.rules)
 * 1:1281 <-> ENABLED <-> RPC portmap listing UDP 32771 (rpc.rules)
 * 1:12807 <-> ENABLED <-> SMTP Lotus 123 file attachment (smtp.rules)
 * 1:1280 <-> ENABLED <-> RPC portmap listing UDP 111 (rpc.rules)
 * 1:1279 <-> DISABLED <-> RPC portmap snmpXdmi request UDP (rpc.rules)
 * 1:1277 <-> ENABLED <-> RPC portmap ypupdated request UDP (rpc.rules)
 * 1:1276 <-> ENABLED <-> RPC portmap ypserv request TCP (rpc.rules)
 * 1:1275 <-> ENABLED <-> RPC portmap yppasswd request TCP (rpc.rules)
 * 1:12745 <-> ENABLED <-> WEB-CLIENT FLAC libFLAC picture metadata buffer overflow attempt (web-client.rules)
 * 1:12744 <-> ENABLED <-> WEB-CLIENT FLAC libFLAC VORBIS string buffer overflow attempt (web-client.rules)
 * 1:12743 <-> ENABLED <-> WEB-CLIENT FLAC libFLAC picture description metadata buffer overflow attempt (web-client.rules)
 * 1:1274 <-> DISABLED <-> RPC portmap ttdbserv request TCP (rpc.rules)
 * 1:1273 <-> ENABLED <-> RPC portmap selection_svc request TCP (rpc.rules)
 * 1:1272 <-> ENABLED <-> RPC portmap sadmind request TCP (rpc.rules)
 * 1:1271 <-> ENABLED <-> RPC portmap rusers request TCP (rpc.rules)
 * 1:1270 <-> ENABLED <-> RPC portmap rstatd request TCP (rpc.rules)
 * 1:1269 <-> ENABLED <-> RPC portmap rexd request TCP (rpc.rules)
 * 1:12688 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:12687 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:1268 <-> ENABLED <-> RPC portmap pcnfsd request TCP (rpc.rules)
 * 1:1267 <-> ENABLED <-> RPC portmap nisd request TCP (rpc.rules)
 * 1:1265 <-> ENABLED <-> RPC portmap cmsd request TCP (rpc.rules)
 * 1:1264 <-> ENABLED <-> RPC portmap bootparam request TCP (rpc.rules)
 * 1:1263 <-> ENABLED <-> RPC portmap amountd request TCP (rpc.rules)
 * 1:1262 <-> ENABLED <-> RPC portmap admind request TCP (rpc.rules)
 * 1:12609 <-> ENABLED <-> RPC portmap walld udp format string attack attempt (rpc.rules)
 * 1:12608 <-> ENABLED <-> RPC portmap walld udp request (rpc.rules)
 * 1:12595 <-> DISABLED <-> WEB-IIS malicious ASP file upload attempt (web-iis.rules)
 * 1:12592 <-> DISABLED <-> SMTP Recipient arbitrary command injection attempt (smtp.rules)
 * 1:1259 <-> DISABLED <-> WEB-MISC SWEditServlet access (web-misc.rules)
 * 1:1258 <-> DISABLED <-> WEB-MISC HP OpenView Manager DOS (web-misc.rules)
 * 1:1256 <-> DISABLED <-> WEB-IIS CodeRed v2 root.exe access (web-iis.rules)
 * 1:1250 <-> DISABLED <-> WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules)
 * 1:12464 <-> ENABLED <-> NNTP cancel overflow attempt (nntp.rules)
 * 1:1245 <-> DISABLED <-> WEB-IIS ISAPI .idq access (web-iis.rules)
 * 1:1244 <-> DISABLED <-> WEB-IIS ISAPI .idq attempt (web-iis.rules)
 * 1:1243 <-> DISABLED <-> WEB-IIS ISAPI .ida attempt (web-iis.rules)
 * 1:12424 <-> ENABLED <-> RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (rpc.rules)
 * 1:1242 <-> DISABLED <-> WEB-IIS ISAPI .ida access (web-iis.rules)
 * 1:1241 <-> DISABLED <-> WEB-MISC SWEditServlet directory traversal attempt (web-misc.rules)
 * 1:1235 <-> DISABLED <-> WEB-MISC VirusWall FtpSaveCVP access (web-misc.rules)
 * 1:1234 <-> DISABLED <-> WEB-MISC VirusWall FtpSaveCSP access (web-misc.rules)
 * 1:1232 <-> DISABLED <-> WEB-MISC VirusWall catinfo access (web-misc.rules)
 * 1:1231 <-> DISABLED <-> WEB-MISC VirusWall catinfo access (web-misc.rules)
 * 1:1230 <-> DISABLED <-> WEB-MISC VirusWall FtpSave access (web-misc.rules)
 * 1:1229 <-> DISABLED <-> FTP CWD ... (ftp.rules)
 * 1:12282 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12281 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12280 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12279 <-> DISABLED <-> WEB-CLIENT Microsoft XML substringData integer overflow attempt (web-client.rules)
 * 1:12256 <-> ENABLED <-> WEB-CLIENT Excel malformed FBI record (web-client.rules)
 * 1:1224 <-> DISABLED <-> WEB-MISC ROADS search.pl attempt (web-misc.rules)
 * 1:1221 <-> ENABLED <-> WEB-MISC Muscat Empower cgi access (web-misc.rules)
 * 1:1220 <-> DISABLED <-> WEB-MISC ultraboard access (web-misc.rules)
 * 1:12186 <-> ENABLED <-> RPC portmap 2112 udp request (rpc.rules)
 * 1:12185 <-> ENABLED <-> RPC portmap 2112 tcp request (rpc.rules)
 * 1:1218 <-> DISABLED <-> WEB-MISC adminlogin access (web-misc.rules)
 * 1:1217 <-> DISABLED <-> WEB-MISC plusmail access (web-misc.rules)
 * 1:1216 <-> DISABLED <-> WEB-MISC filemail access (web-misc.rules)
 * 1:1214 <-> DISABLED <-> WEB-MISC intranet access (web-misc.rules)
 * 1:1213 <-> DISABLED <-> WEB-MISC backup access (web-misc.rules)
 * 1:1212 <-> DISABLED <-> WEB-MISC Admin_files access (web-misc.rules)
 * 1:1209 <-> DISABLED <-> WEB-MISC .nsconfig access (web-misc.rules)
 * 1:12075 <-> ENABLED <-> RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (rpc.rules)
 * 1:1207 <-> DISABLED <-> WEB-MISC htgrep access (web-misc.rules)
 * 1:12064 <-> DISABLED <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
 * 1:12060 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:12059 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:12046 <-> ENABLED <-> RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (rpc.rules)
 * 1:1202 <-> DISABLED <-> WEB-MISC search.vts access (web-misc.rules)
 * 1:12014 <-> DISABLED <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:11999 <-> DISABLED <-> VOIP-SIP Via header invalid characters detected (voip.rules)
 * 1:11998 <-> DISABLED <-> VOIP-SIP To header invalid characters detected (voip.rules)
 * 1:11997 <-> DISABLED <-> VOIP-SIP From header invalid characters detected (voip.rules)
 * 1:11996 <-> DISABLED <-> VOIP-SIP CSeq header invalid characters detected (voip.rules)
 * 1:11995 <-> DISABLED <-> VOIP-SIP Content-Type header invalid characters detected (voip.rules)
 * 1:11994 <-> DISABLED <-> VOIP-SIP Contact header invalid characters detected (voip.rules)
 * 1:11993 <-> DISABLED <-> VOIP-SIP Call-ID header invalid characters detected (voip.rules)
 * 1:1199 <-> DISABLED <-> WEB-MISC Compaq Insight directory traversal (web-misc.rules)
 * 1:1198 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:11971 <-> DISABLED <-> VOIP-SIP CSeq buffer overflow attempt (voip.rules)
 * 1:11965 <-> DISABLED <-> WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (web-misc.rules)
 * 1:1193 <-> DISABLED <-> WEB-MISC oracle web arbitrary command execution attempt (web-misc.rules)
 * 1:1192 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan access (web-misc.rules)
 * 1:1191 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1190 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1189 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1188 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1187 <-> DISABLED <-> WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules)
 * 1:1186 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1184 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:11838 <-> DISABLED <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules)
 * 1:1183 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1181 <-> DISABLED <-> WEB-MISC Annex Terminal DOS attempt (web-misc.rules)
 * 1:1180 <-> DISABLED <-> WEB-MISC get32.exe access (web-misc.rules)
 * 1:1177 <-> DISABLED <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
 * 1:1175 <-> DISABLED <-> WEB-MISC wwwboard.pl access (web-misc.rules)
 * 1:1173 <-> DISABLED <-> WEB-MISC architext_query.pl access (web-misc.rules)
 * 1:11685 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:1168 <-> DISABLED <-> WEB-MISC mall log order access (web-misc.rules)
 * 1:11679 <-> DISABLED <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules)
 * 1:11671 <-> DISABLED <-> WEB-MISC SSLv2 Server_Hello request from SSLv3 Client_Hello request (web-misc.rules)
 * 1:1167 <-> DISABLED <-> WEB-MISC rpm_query access (web-misc.rules)
 * 1:1166 <-> DISABLED <-> WEB-MISC ws_ftp.ini access (web-misc.rules)
 * 1:1165 <-> DISABLED <-> WEB-MISC Novell Groupwise gwweb.exe access (web-misc.rules)
 * 1:1164 <-> DISABLED <-> WEB-MISC shopping cart access (web-misc.rules)
 * 1:1162 <-> DISABLED <-> WEB-MISC cart 32 AdminPwd access (web-misc.rules)
 * 1:11616 <-> DISABLED <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)
 * 1:1160 <-> DISABLED <-> WEB-MISC Netscape dir index wp (web-misc.rules)
 * 1:1159 <-> DISABLED <-> WEB-MISC webplus access (web-misc.rules)
 * 1:1158 <-> DISABLED <-> WEB-MISC windmail.exe access (web-misc.rules)
 * 1:1157 <-> DISABLED <-> WEB-MISC Netscape PublishingXpert access (web-misc.rules)
 * 1:1156 <-> DISABLED <-> WEB-MISC apache directory disclosure attempt (web-misc.rules)
 * 1:1155 <-> DISABLED <-> WEB-MISC Ecommerce checks.txt access (web-misc.rules)
 * 1:1154 <-> DISABLED <-> WEB-MISC Domino names.nsf access (web-misc.rules)
 * 1:1153 <-> DISABLED <-> WEB-MISC Domino log.nsf access (web-misc.rules)
 * 1:1152 <-> DISABLED <-> WEB-MISC Domino domlog.nsf access (web-misc.rules)
 * 1:1151 <-> DISABLED <-> WEB-MISC Domino domcfg.nsf access (web-misc.rules)
 * 1:1150 <-> DISABLED <-> WEB-MISC Domino catalog.nsf access (web-misc.rules)
 * 1:1148 <-> DISABLED <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
 * 1:1147 <-> ENABLED <-> WEB-MISC cat%20 access (web-misc.rules)
 * 1:1146 <-> DISABLED <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
 * 1:1145 <-> DISABLED <-> WEB-MISC /~root access (web-misc.rules)
 * 1:1142 <-> DISABLED <-> WEB-MISC /.... access (web-misc.rules)
 * 1:1141 <-> DISABLED <-> WEB-MISC handler access (web-misc.rules)
 * 1:1140 <-> DISABLED <-> WEB-MISC guestbook.pl access (web-misc.rules)
 * 1:1139 <-> DISABLED <-> WEB-MISC whisker HEAD/./ (web-misc.rules)
 * 1:1136 <-> DISABLED <-> WEB-MISC cd.. (web-misc.rules)
 * 1:1132 <-> DISABLED <-> WEB-MISC Netscape Unixware overflow (web-misc.rules)
 * 1:1131 <-> DISABLED <-> WEB-MISC .wwwacl access (web-misc.rules)
 * 1:1130 <-> DISABLED <-> WEB-MISC .wwwacl access (web-misc.rules)
 * 1:1129 <-> DISABLED <-> WEB-MISC .htaccess access (web-misc.rules)
 * 1:11289 <-> ENABLED <-> RPC portmap mountd tcp zero-length payload denial of service attempt (rpc.rules)
 * 1:11288 <-> ENABLED <-> RPC portmap mountd tcp request (rpc.rules)
 * 1:1128 <-> DISABLED <-> WEB-MISC cpshost.dll access (web-misc.rules)
 * 1:11273 <-> DISABLED <-> WEB-MISC Apache header parsing space saturation denial of service attempt (web-misc.rules)
 * 1:11272 <-> DISABLED <-> WEB-MISC Apache newline exploit attempt (web-misc.rules)
 * 1:1127 <-> DISABLED <-> WEB-MISC convert.bas access (web-misc.rules)
 * 1:1126 <-> DISABLED <-> WEB-MISC AuthChangeUrl access (web-misc.rules)
 * 1:1125 <-> DISABLED <-> WEB-MISC webcart access (web-misc.rules)
 * 1:1124 <-> DISABLED <-> WEB-MISC Ecommerce check.txt access (web-misc.rules)
 * 1:1123 <-> DISABLED <-> WEB-MISC ?PageServices access (web-misc.rules)
 * 1:11223 <-> DISABLED <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules)
 * 1:1122 <-> DISABLED <-> WEB-MISC /etc/passwd (web-misc.rules)
 * 1:1120 <-> DISABLED <-> WEB-MISC mylog.phtml access (web-misc.rules)
 * 1:11194 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:11193 <-> DISABLED <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
 * 1:11191 <-> DISABLED <-> WEB-IIS Microsoft Content Management Server memory corruption (web-iis.rules)
 * 1:1119 <-> DISABLED <-> WEB-MISC mlog.phtml access (web-misc.rules)
 * 1:1118 <-> DISABLED <-> WEB-MISC ls%20-l (web-misc.rules)
 * 1:1117 <-> DISABLED <-> WEB-MISC Lotus EditDoc attempt (web-misc.rules)
 * 1:1116 <-> DISABLED <-> WEB-MISC Lotus DelDoc attempt (web-misc.rules)
 * 1:1115 <-> DISABLED <-> WEB-MISC ICQ webserver DOS (web-misc.rules)
 * 1:1111 <-> DISABLED <-> WEB-MISC Tomcat server exploit access (web-misc.rules)
 * 1:1110 <-> DISABLED <-> WEB-MISC apache source.asp file access (web-misc.rules)
 * 1:1109 <-> DISABLED <-> WEB-MISC ROXEN directory list attempt (web-misc.rules)
 * 1:1108 <-> DISABLED <-> WEB-MISC Tomcat server snoop access (web-misc.rules)
 * 1:1107 <-> DISABLED <-> WEB-MISC ftp.pl access (web-misc.rules)
 * 1:1105 <-> DISABLED <-> WEB-MISC BigBrother access (web-misc.rules)
 * 1:1103 <-> DISABLED <-> WEB-MISC Netscape admin passwd (web-misc.rules)
 * 1:1102 <-> DISABLED <-> WEB-MISC nessus 1.X 404 probe (web-misc.rules)
 * 1:1101 <-> DISABLED <-> WEB-MISC Webtrends HTTP probe (web-misc.rules)
 * 1:1100 <-> DISABLED <-> WEB-MISC L3retriever HTTP Probe (web-misc.rules)
 * 1:10997 <-> DISABLED <-> WEB-MISC SSLv2 OpenSSl KEY_ARG buffer overflow attempt (web-misc.rules)
 * 1:10996 <-> DISABLED <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
 * 1:10990 <-> DISABLED <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules)
 * 1:1099 <-> DISABLED <-> WEB-MISC cybercop scan (web-misc.rules)
 * 1:1098 <-> DISABLED <-> WEB-MISC SmartWin CyberOffice Shopping Cart access (web-misc.rules)
 * 1:1096 <-> DISABLED <-> WEB-MISC Talentsoft Web+ internal IP Address access (web-misc.rules)
 * 1:1095 <-> DISABLED <-> WEB-MISC Talentsoft Web+ Source Code view access (web-misc.rules)
 * 1:1091 <-> DISABLED <-> WEB-MISC ICQ Webfront HTTP DOS (web-misc.rules)
 * 1:1084 <-> DISABLED <-> WEB-MISC Allaire JRUN DOS attempt (web-misc.rules)
 * 1:1083 <-> DISABLED <-> WEB-MISC unify eWave ServletExec DOS (web-misc.rules)
 * 1:1082 <-> DISABLED <-> WEB-MISC amazon 1-click cookie theft (web-misc.rules)
 * 1:1081 <-> DISABLED <-> WEB-MISC Netscape Servers suite DOS (web-misc.rules)
 * 1:1080 <-> DISABLED <-> WEB-MISC unify eWave ServletExec upload (web-misc.rules)
 * 1:1079 <-> DISABLED <-> WEB-MISC WebDAV propfind access (web-misc.rules)
 * 1:1076 <-> DISABLED <-> WEB-IIS repost.asp access (web-iis.rules)
 * 1:1075 <-> DISABLED <-> WEB-IIS postinfo.asp access (web-iis.rules)
 * 1:1073 <-> DISABLED <-> WEB-MISC webhits.exe access (web-misc.rules)
 * 1:1072 <-> DISABLED <-> WEB-MISC Lotus Domino directory traversal (web-misc.rules)
 * 1:1071 <-> DISABLED <-> WEB-MISC .htpasswd access (web-misc.rules)
 * 1:1070 <-> DISABLED <-> WEB-MISC WebDAV search access (web-misc.rules)
 * 1:1068 <-> DISABLED <-> WEB-MISC tftp attempt (web-misc.rules)
 * 1:1067 <-> DISABLED <-> WEB-MISC net attempt (web-misc.rules)
 * 1:1066 <-> DISABLED <-> WEB-MISC telnet attempt (web-misc.rules)
 * 1:1065 <-> DISABLED <-> WEB-MISC rcmd attempt (web-misc.rules)
 * 1:1064 <-> DISABLED <-> WEB-MISC wsh attempt (web-misc.rules)
 * 1:1062 <-> DISABLED <-> WEB-MISC nc.exe attempt (web-misc.rules)
 * 1:1056 <-> DISABLED <-> WEB-MISC Tomcat view source attempt (web-misc.rules)
 * 1:1054 <-> DISABLED <-> WEB-MISC weblogic/tomcat .jsp view source attempt (web-misc.rules)
 * 1:1050 <-> DISABLED <-> WEB-MISC iPlanet GETPROPERTIES attempt (web-misc.rules)
 * 1:10485 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules)
 * 1:10484 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (rpc.rules)
 * 1:10483 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules)
 * 1:10482 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve tcp request (rpc.rules)
 * 1:1048 <-> DISABLED <-> WEB-MISC Netscape Enterprise directory listing attempt (web-misc.rules)
 * 1:1047 <-> DISABLED <-> WEB-MISC Netscape Enterprise DOS (web-misc.rules)
 * 1:1046 <-> DISABLED <-> WEB-IIS site/iisamples access (web-iis.rules)
 * 1:1045 <-> DISABLED <-> WEB-IIS Unauthorized IP Access Attempt (web-iis.rules)
 * 1:1044 <-> DISABLED <-> WEB-IIS webhits access (web-iis.rules)
 * 1:1043 <-> DISABLED <-> WEB-IIS viewcode.asp access (web-iis.rules)
 * 1:1042 <-> DISABLED <-> WEB-IIS view source via translate header (web-iis.rules)
 * 1:10411 <-> ENABLED <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
 * 1:10410 <-> ENABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:1041 <-> DISABLED <-> WEB-IIS uploadn.asp access (web-iis.rules)
 * 1:10409 <-> ENABLED <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
 * 1:10408 <-> ENABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:1040 <-> DISABLED <-> WEB-IIS srchadm access (web-iis.rules)
 * 1:1039 <-> DISABLED <-> WEB-IIS srch.htm access (web-iis.rules)
 * 1:1038 <-> DISABLED <-> WEB-IIS site server config access (web-iis.rules)
 * 1:1037 <-> DISABLED <-> WEB-IIS showcode.asp access (web-iis.rules)
 * 1:1036 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1035 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1034 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1033 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1032 <-> DISABLED <-> WEB-IIS showcode access (web-iis.rules)
 * 1:1031 <-> DISABLED <-> WEB-IIS /SiteServer/Publishing/viewcode.asp access (web-iis.rules)
 * 1:1030 <-> DISABLED <-> WEB-IIS search97.vts access (web-iis.rules)
 * 1:1029 <-> DISABLED <-> WEB-IIS scripts-browse access (web-iis.rules)
 * 1:1028 <-> DISABLED <-> WEB-IIS query.asp access (web-iis.rules)
 * 1:1027 <-> DISABLED <-> WEB-IIS perl-browse space attempt (web-iis.rules)
 * 1:1026 <-> DISABLED <-> WEB-IIS perl-browse newline attempt (web-iis.rules)
 * 1:1025 <-> DISABLED <-> WEB-IIS perl access (web-iis.rules)
 * 1:1024 <-> DISABLED <-> WEB-IIS newdsn.exe access (web-iis.rules)
 * 1:1023 <-> DISABLED <-> WEB-IIS msadcs.dll access (web-iis.rules)
 * 1:1022 <-> DISABLED <-> WEB-IIS jet vba access (web-iis.rules)
 * 1:1021 <-> DISABLED <-> WEB-IIS ism.dll attempt (web-iis.rules)
 * 1:1020 <-> DISABLED <-> WEB-IIS isc$data attempt (web-iis.rules)
 * 1:10195 <-> DISABLED <-> WEB-MISC Content-Length buffer overflow attempt (web-misc.rules)
 * 1:10193 <-> DISABLED <-> WEB-ACTIVEX RealPlayer Ierpplug.dll ActiveX function call access (web-activex.rules)
 * 1:10192 <-> DISABLED <-> WEB-ACTIVEX RealPlayer Ierpplug.dll ActiveX clsid access (web-activex.rules)
 * 1:1019 <-> DISABLED <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
 * 1:10188 <-> DISABLED <-> FTP Wsftp XMD5 overflow attempt (ftp.rules)
 * 1:10186 <-> ENABLED <-> SMTP ClamAV mime parsing directory traversal (smtp.rules)
 * 1:1018 <-> DISABLED <-> WEB-IIS iisadmpwd attempt (web-iis.rules)
 * 1:10172 <-> DISABLED <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules)
 * 1:1017 <-> DISABLED <-> WEB-IIS idc-srch attempt (web-iis.rules)
 * 1:1016 <-> DISABLED <-> WEB-IIS global.asa access (web-iis.rules)
 * 1:1015 <-> DISABLED <-> WEB-IIS getdrvs.exe access (web-iis.rules)
 * 1:10133 <-> ENABLED <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
 * 1:10132 <-> ENABLED <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
 * 1:1013 <-> DISABLED <-> WEB-IIS fpcount access (web-iis.rules)
 * 1:10126 <-> ENABLED <-> WEB-CLIENT  QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules)
 * 1:1012 <-> DISABLED <-> WEB-IIS fpcount attempt (web-iis.rules)
 * 1:1011 <-> DISABLED <-> WEB-IIS exec-src access (web-iis.rules)
 * 1:1010 <-> DISABLED <-> WEB-IIS encoding access (web-iis.rules)
 * 1:1009 <-> DISABLED <-> WEB-IIS directory listing (web-iis.rules)
 * 1:1008 <-> DISABLED <-> WEB-IIS del attempt (web-iis.rules)
 * 1:1007 <-> DISABLED <-> WEB-IIS Form_JScript.asp access (web-iis.rules)
 * 1:10063 <-> ENABLED <-> WEB-CLIENT Firefox query interface suspicious function call access attempt (web-client.rules)
 * 1:1005 <-> DISABLED <-> WEB-IIS codebrowser SDK access (web-iis.rules)
 * 1:1004 <-> DISABLED <-> WEB-IIS codebrowser Exair access (web-iis.rules)
 * 1:1003 <-> DISABLED <-> WEB-IIS cmd? access (web-iis.rules)
 * 1:1001 <-> ENABLED <-> WEB-MISC carbo.dll access (web-misc.rules)
 * 1:1000 <-> DISABLED <-> WEB-IIS bdir.htr access (web-iis.rules)
 * 1:1380 <-> DISABLED <-> WEB-IIS Form_VBScript.asp access (web-iis.rules)
 * 1:13805 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (rpc.rules)
 * 1:13806 <-> ENABLED <-> RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (rpc.rules)
 * 1:13807 <-> DISABLED <-> WEB-CLIENT Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)
 * 1:1381 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan attempt (web-misc.rules)
 * 1:13819 <-> DISABLED <-> WEB-MISC IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (web-misc.rules)
 * 1:1385 <-> DISABLED <-> WEB-MISC mod-plsql administration access (web-misc.rules)
 * 1:13917 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13918 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13919 <-> DISABLED <-> WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt (web-client.rules)
 * 1:13923 <-> DISABLED <-> SMTP MailEnable SMTP HELO command denial of service attempt (smtp.rules)
 * 1:1400 <-> DISABLED <-> WEB-IIS /scripts/samples/ access (web-iis.rules)
 * 1:1401 <-> DISABLED <-> WEB-IIS /msadc/samples/ access (web-iis.rules)
 * 1:14019 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:1402 <-> DISABLED <-> WEB-IIS iissamples access (web-iis.rules)
 * 1:14020 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:1433 <-> DISABLED <-> WEB-MISC .history access (web-misc.rules)
 * 1:1434 <-> DISABLED <-> WEB-MISC .bash_history access (web-misc.rules)
 * 1:144 <-> DISABLED <-> FTP ADMw0rm ftp login attempt (ftp.rules)
 * 1:1446 <-> ENABLED <-> SMTP vrfy root (smtp.rules)
 * 1:1450 <-> ENABLED <-> SMTP expn *@ (smtp.rules)
 * 1:14771 <-> DISABLED <-> WEB-MISC BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow (web-misc.rules)
 * 1:1485 <-> DISABLED <-> WEB-IIS mkilog.exe access (web-iis.rules)
 * 1:1486 <-> DISABLED <-> WEB-IIS ctss.idc access (web-iis.rules)
 * 1:1487 <-> DISABLED <-> WEB-IIS /iisadmpwd/aexp2.htr access (web-iis.rules)
 * 1:1489 <-> DISABLED <-> WEB-MISC /~nobody access (web-misc.rules)
 * 1:1492 <-> DISABLED <-> WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules)
 * 1:1493 <-> DISABLED <-> WEB-MISC RBS ISP /newuser access (web-misc.rules)
 * 1:1499 <-> DISABLED <-> WEB-MISC SiteScope Service access (web-misc.rules)
 * 1:1500 <-> DISABLED <-> WEB-MISC ExAir access (web-misc.rules)
 * 1:15013 <-> ENABLED <-> WEB-MISC Adobe Portable Document Format file download attempt (web-misc.rules)
 * 1:15079 <-> ENABLED <-> WEB-MISC WAV Formatfile download attempt (web-misc.rules)
 * 1:15081 <-> ENABLED <-> WEB-CLIENT Sun Java Web Start xml encoding buffer overflow attempt (web-client.rules)
 * 1:15147 <-> ENABLED <-> WEB-CLIENT Microsoft IE malformed iframe buffer overflow attempt (web-client.rules)
 * 1:15158 <-> ENABLED <-> WEB-MISC XML Shareable Playlist Format file download attempt (web-misc.rules)
 * 1:1518 <-> DISABLED <-> WEB-MISC nstelemetry.adp access (web-misc.rules)
 * 1:1519 <-> DISABLED <-> WEB-MISC apache ?M=D directory list attempt (web-misc.rules)
 * 1:1520 <-> DISABLED <-> WEB-MISC server-info access (web-misc.rules)
 * 1:1521 <-> DISABLED <-> WEB-MISC server-status access (web-misc.rules)
 * 1:1522 <-> DISABLED <-> WEB-MISC ans.pl attempt (web-misc.rules)
 * 1:1523 <-> DISABLED <-> WEB-MISC ans.pl access (web-misc.rules)
 * 1:15236 <-> ENABLED <-> WEB-CLIENT ACD Systems ACDSee XPM file format overflow attempt (web-client.rules)
 * 1:15237 <-> DISABLED <-> WEB-MISC Java .class file download attempt (web-misc.rules)
 * 1:15239 <-> ENABLED <-> WEB-MISC RealMedia format file download attempt (web-misc.rules)
 * 1:1524 <-> DISABLED <-> WEB-MISC Axis Storpoint CD attempt (web-misc.rules)
 * 1:15240 <-> ENABLED <-> WEB-MISC RealMedia format file download attempt (web-misc.rules)
 * 1:1525 <-> DISABLED <-> WEB-MISC Axis Storpoint CD access (web-misc.rules)
 * 1:1526 <-> DISABLED <-> WEB-MISC basilix sendmail.inc access (web-misc.rules)
 * 1:1527 <-> DISABLED <-> WEB-MISC basilix mysql.class access (web-misc.rules)
 * 1:1528 <-> DISABLED <-> WEB-MISC BBoard access (web-misc.rules)
 * 1:1529 <-> DISABLED <-> FTP SITE overflow attempt (ftp.rules)
 * 1:15362 <-> ENABLED <-> WEB-CLIENT obfuscated javascript excessive fromCharCode - potential attack (web-client.rules)
 * 1:15367 <-> DISABLED <-> SMTP outlook web access script injection attempt (smtp.rules)
 * 1:1538 <-> ENABLED <-> NNTP AUTHINFO USER overflow attempt (nntp.rules)
 * 1:15385 <-> DISABLED <-> WEB-MISC vqf file request (web-misc.rules)
 * 1:1541 <-> ENABLED <-> FINGER version query (finger.rules)
 * 1:15427 <-> ENABLED <-> WEB-MISC SVG file request (web-misc.rules)
 * 1:15428 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules)
 * 1:1544 <-> DISABLED <-> WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules)
 * 1:15446 <-> ENABLED <-> WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt (web-misc.rules)
 * 1:1546 <-> DISABLED <-> WEB-MISC Cisco /%% DOS attempt (web-misc.rules)
 * 1:15472 <-> ENABLED <-> WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt (web-client.rules)
 * 1:15473 <-> DISABLED <-> WEB-CLIENT Multiple media players M3U playlist file handling buffer overflow attempt (web-client.rules)
 * 1:1549 <-> ENABLED <-> SMTP HELO overflow attempt (smtp.rules)
 * 1:1550 <-> ENABLED <-> SMTP ETRN overflow attempt (smtp.rules)
 * 1:1551 <-> DISABLED <-> WEB-MISC /CVS/Entries access (web-misc.rules)
 * 1:1552 <-> DISABLED <-> WEB-MISC cvsweb version access (web-misc.rules)
 * 1:15574 <-> DISABLED <-> SMTP MAIL FROM command overflow attempt (smtp.rules)
 * 1:15575 <-> DISABLED <-> WEB-CLIENT WordPerfect file download (web-client.rules)
 * 1:1558 <-> DISABLED <-> WEB-MISC Delegate whois overflow attempt (web-misc.rules)
 * 1:15582 <-> ENABLED <-> WEB-MISC ARJ format file download attempt (web-misc.rules)
 * 1:15583 <-> ENABLED <-> WEB-CLIENT F-Secure AntiVirus library heap overflow attempt (web-client.rules)
 * 1:1559 <-> DISABLED <-> WEB-MISC /doc/packages access (web-misc.rules)
 * 1:1560 <-> DISABLED <-> WEB-MISC /doc/ access (web-misc.rules)
 * 1:1562 <-> DISABLED <-> FTP SITE CHOWN overflow attempt (ftp.rules)
 * 1:1563 <-> DISABLED <-> WEB-MISC login.htm attempt (web-misc.rules)
 * 1:1564 <-> DISABLED <-> WEB-MISC login.htm access (web-misc.rules)
 * 1:1567 <-> DISABLED <-> WEB-IIS /exchange/root.asp attempt (web-iis.rules)
 * 1:1568 <-> DISABLED <-> WEB-IIS /exchange/root.asp access (web-iis.rules)
 * 1:15697 <-> DISABLED <-> WEB-CLIENT Generic javascript obfuscation attempt (web-client.rules)
 * 1:15698 <-> DISABLED <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules)
 * 1:1575 <-> DISABLED <-> WEB-MISC Domino mab.nsf access (web-misc.rules)
 * 1:1576 <-> DISABLED <-> WEB-MISC Domino cersvr.nsf access (web-misc.rules)
 * 1:1577 <-> DISABLED <-> WEB-MISC Domino setup.nsf access (web-misc.rules)
 * 1:1578 <-> DISABLED <-> WEB-MISC Domino statrep.nsf access (web-misc.rules)
 * 1:1579 <-> DISABLED <-> WEB-MISC Domino webadmin.nsf access (web-misc.rules)
 * 1:1580 <-> DISABLED <-> WEB-MISC Domino events4.nsf access (web-misc.rules)
 * 1:1581 <-> DISABLED <-> WEB-MISC Domino ntsync4.nsf access (web-misc.rules)
 * 1:1582 <-> DISABLED <-> WEB-MISC Domino collect4.nsf access (web-misc.rules)
 * 1:1583 <-> DISABLED <-> WEB-MISC Domino mailw46.nsf access (web-misc.rules)
 * 1:1584 <-> DISABLED <-> WEB-MISC Domino bookmark.nsf access (web-misc.rules)
 * 1:1585 <-> DISABLED <-> WEB-MISC Domino agentrunner.nsf access (web-misc.rules)
 * 1:1586 <-> DISABLED <-> WEB-MISC Domino mail.box access (web-misc.rules)
 * 1:15867 <-> ENABLED <-> WEB-CLIENT Adobe Acrobat PDF font processing memory corruption attempt (web-client.rules)
 * 1:1587 <-> DISABLED <-> WEB-MISC cgitest.exe access (web-misc.rules)
 * 1:15872 <-> DISABLED <-> WEB-CLIENT Firefox defineSetter function pointer memory corruption attempt (web-client.rules)
 * 1:15873 <-> DISABLED <-> WEB-CLIENT Firefox location spoofing via invalid window.open characters (web-client.rules)
 * 1:1588 <-> DISABLED <-> WEB-MISC SalesLogix Eviewer access (web-misc.rules)
 * 1:1589 <-> DISABLED <-> WEB-MISC musicat empower attempt (web-misc.rules)
 * 1:15893 <-> DISABLED <-> WEB-CLIENT fCreateShellLink function use - potential attack (web-client.rules)
 * 1:15897 <-> DISABLED <-> WEB-MISC SSLv1 Client_Hello Challenge Length overflow attempt (web-misc.rules)
 * 1:15908 <-> DISABLED <-> WEB-MISC Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (web-misc.rules)
 * 1:15909 <-> DISABLED <-> WEB-CLIENT Apple QuickTime VR Track Header Atom heap corruption attempt (web-client.rules)
 * 1:15932 <-> DISABLED <-> FTP LIST globbing denial of service attack (ftp.rules)
 * 1:15933 <-> DISABLED <-> WEB-CLIENT Internet Explorer URL canonicalization address bar spoofing attempt (web-client.rules)
 * 1:15946 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (web-client.rules)
 * 1:1595 <-> DISABLED <-> WEB-IIS htimage.exe access (web-iis.rules)
 * 1:15953 <-> ENABLED <-> WEB-MISC Ipswitch IMail Calendaring arbitrary file read attempt (web-misc.rules)
 * 1:15957 <-> ENABLED <-> WEB-CLIENT Sophos Anti-Virus zip file handling DoS attempt (web-client.rules)
 * 1:15978 <-> DISABLED <-> WEB-MISC Macromedia JRun 4 mod_jrun buffer overflow attempt (web-misc.rules)
 * 1:15980 <-> DISABLED <-> WEB-MISC Apache mod_ssl hook functions format string attempt (web-misc.rules)
 * 1:15982 <-> DISABLED <-> WEB-MISC Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (web-misc.rules)
 * 1:15987 <-> DISABLED <-> WEB-MISC Microsoft Visio DXF file download request (web-misc.rules)
 * 1:15990 <-> DISABLED <-> WEB-MISC Multiple Vendor server file disclosure attempt (web-misc.rules)
 * 1:16002 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16003 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16004 <-> DISABLED <-> WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability (web-client.rules)
 * 1:16022 <-> ENABLED <-> SPECIFIC-THREATS Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16027 <-> ENABLED <-> WEB-CLIENT winamp midi file header overflow attempt (web-client.rules)
 * 1:1603 <-> DISABLED <-> WEB-MISC DELETE attempt (web-misc.rules)
 * 1:16031 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer nested object tag memory corruption attempt (web-client.rules)
 * 1:16032 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML Decoding memory corruption attempt (web-client.rules)
 * 1:16036 <-> ENABLED <-> WEB-CLIENT Mozilla Products QueryInterface method memory corruption attempt (web-client.rules)
 * 1:16037 <-> ENABLED <-> WEB-CLIENT Mozilla products graphics and XML features integer overflows attempt (web-client.rules)
 * 1:16038 <-> DISABLED <-> SMTP Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (smtp.rules)
 * 1:1604 <-> DISABLED <-> WEB-MISC iChat directory traversal attempt (web-misc.rules)
 * 1:16043 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer html tag memory corruption attempt (web-client.rules)
 * 1:16044 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox CSS Letter-Spacing overflow attempt (web-client.rules)
 * 1:16048 <-> ENABLED <-> WEB-CLIENT Microsoft ASP.NET application folder info disclosure attempt (web-client.rules)
 * 1:16050 <-> ENABLED <-> WEB-CLIENT Mozilla Firefox tag order memory corruption attempt (web-client.rules)
 * 1:16053 <-> ENABLED <-> WEB-CLIENT GNU tar PAX extended headers handling overflow attempt (web-client.rules)
 * 1:16054 <-> DISABLED <-> WEB-CLIENT Quicktime bitmap multiple header overflow (web-client.rules)
 * 1:16055 <-> ENABLED <-> WEB-CLIENT Apple iTunes AAC file handling integer overflow attempt (web-client.rules)
 * 1:16056 <-> ENABLED <-> WEB-MISC Symantec Scan Engine authentication bypass attempt (web-misc.rules)
 * 1:16081 <-> DISABLED <-> RPC portmap 395650 tcp XDR SString buffer overflow attempt (rpc.rules)
 * 1:16082 <-> DISABLED <-> RPC portmap 395650 udp XDR SString buffer overflow attempt (rpc.rules)
 * 1:16083 <-> DISABLED <-> RPC portmap 395650 tcp request (rpc.rules)
 * 1:16084 <-> DISABLED <-> RPC portmap 395650 udp request (rpc.rules)
 * 1:16085 <-> DISABLED <-> RPC portmap 395650 tcp xml buffer overflow attempt (rpc.rules)
 * 1:16086 <-> DISABLED <-> RPC portmap 395650 udp xml buffer overflow attempt (rpc.rules)
 * 1:1612 <-> DISABLED <-> WEB-MISC ftp.pl attempt (web-misc.rules)
 * 1:1613 <-> DISABLED <-> WEB-MISC handler attempt (web-misc.rules)
 * 1:1614 <-> DISABLED <-> WEB-MISC Novell Groupwise gwweb.exe attempt (web-misc.rules)
 * 1:1615 <-> DISABLED <-> WEB-MISC htgrep attempt (web-misc.rules)
 * 1:1618 <-> DISABLED <-> WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules)
 * 1:16205 <-> DISABLED <-> WEB-MISC bitmap file download request (web-misc.rules)
 * 1:16207 <-> ENABLED <-> WEB-MISC MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (web-misc.rules)
 * 1:1621 <-> DISABLED <-> FTP CMD overflow attempt (ftp.rules)
 * 1:16218 <-> DISABLED <-> WEB-MISC Content-Length request offset smuggling attempt (web-misc.rules)
 * 1:1622 <-> DISABLED <-> FTP RNFR ././ attempt (ftp.rules)
 * 1:1623 <-> DISABLED <-> FTP invalid MODE (ftp.rules)
 * 1:1624 <-> DISABLED <-> FTP PWD overflow attempt (ftp.rules)
 * 1:1625 <-> DISABLED <-> FTP SYST overflow attempt (ftp.rules)
 * 1:1626 <-> DISABLED <-> WEB-IIS /StoreCSVS/InstantOrder.asmx request (web-iis.rules)
 * 1:16285 <-> DISABLED <-> RPC AIX ttdbserv function 15 buffer overflow attempt (rpc.rules)
 * 1:16286 <-> ENABLED <-> WEB-MISC TrueType font file download request (web-misc.rules)
 * 1:16291 <-> ENABLED <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules)
 * 1:16295 <-> ENABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - without optional fields (web-client.rules)
 * 1:16296 <-> ENABLED <-> WEB-CLIENT Kaspersky antivirus library heap buffer overflow - with optional fields (web-client.rules)
 * 1:16300 <-> DISABLED <-> WEB-CLIENT HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:2080 <-> ENABLED <-> RPC portmap nlockmgr request TCP (rpc.rules)
 * 1:2081 <-> ENABLED <-> RPC portmap rpc.xfsmd request UDP (rpc.rules)
 * 1:2082 <-> ENABLED <-> RPC portmap rpc.xfsmd request TCP (rpc.rules)
 * 1:2083 <-> ENABLED <-> RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules)
 * 1:2084 <-> ENABLED <-> RPC rpc.xfsmd xfs_export attempt TCP (rpc.rules)
 * 1:2087 <-> ENABLED <-> SMTP From comment overflow attempt (smtp.rules)
 * 1:2088 <-> ENABLED <-> RPC ypupdated arbitrary command attempt UDP (rpc.rules)
 * 1:2089 <-> ENABLED <-> RPC ypupdated arbitrary command attempt TCP (rpc.rules)
 * 1:2090 <-> DISABLED <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules)
 * 1:2093 <-> ENABLED <-> RPC portmap proxy integer overflow attempt TCP (rpc.rules)
 * 1:2094 <-> DISABLED <-> RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
 * 1:2095 <-> DISABLED <-> RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (rpc.rules)
 * 1:2108 <-> ENABLED <-> POP3 CAPA overflow attempt (pop3.rules)
 * 1:2109 <-> ENABLED <-> POP3 TOP overflow attempt (pop3.rules)
 * 1:2110 <-> ENABLED <-> POP3 STAT overflow attempt (pop3.rules)
 * 1:2111 <-> ENABLED <-> POP3 DELE overflow attempt (pop3.rules)
 * 1:2112 <-> ENABLED <-> POP3 RSET overflow attempt (pop3.rules)
 * 1:2117 <-> DISABLED <-> WEB-IIS Battleaxe Forum login.asp access (web-iis.rules)
 * 1:2121 <-> ENABLED <-> POP3 DELE negative argument attempt (pop3.rules)
 * 1:2122 <-> ENABLED <-> POP3 UIDL negative argument attempt (pop3.rules)
 * 1:2125 <-> DISABLED <-> FTP CWD Root directory transversal attempt (ftp.rules)
 * 1:2129 <-> DISABLED <-> WEB-IIS nsiislog.dll access (web-iis.rules)
 * 1:2130 <-> DISABLED <-> WEB-IIS IISProtect siteadmin.asp access (web-iis.rules)
 * 1:2131 <-> DISABLED <-> WEB-IIS IISProtect access (web-iis.rules)
 * 1:2132 <-> DISABLED <-> WEB-IIS Synchrologic Email Accelerator userid list access attempt (web-iis.rules)
 * 1:2133 <-> DISABLED <-> WEB-IIS MS BizTalk server access (web-iis.rules)
 * 1:2134 <-> DISABLED <-> WEB-IIS register.asp access (web-iis.rules)
 * 1:2135 <-> DISABLED <-> WEB-MISC philboard.mdb access (web-misc.rules)
 * 1:2136 <-> DISABLED <-> WEB-MISC philboard_admin.asp authentication bypass attempt (web-misc.rules)
 * 1:2137 <-> DISABLED <-> WEB-MISC philboard_admin.asp access (web-misc.rules)
 * 1:2138 <-> DISABLED <-> WEB-MISC logicworks.ini access (web-misc.rules)
 * 1:2139 <-> DISABLED <-> WEB-MISC /*.shtml access (web-misc.rules)
 * 1:2156 <-> DISABLED <-> WEB-MISC mod_gzip_status access (web-misc.rules)
 * 1:2157 <-> DISABLED <-> WEB-IIS IISProtect globaladmin.asp access (web-iis.rules)
 * 1:2178 <-> DISABLED <-> FTP USER format string attempt (ftp.rules)
 * 1:2179 <-> DISABLED <-> FTP PASS format string attempt (ftp.rules)
 * 1:2184 <-> DISABLED <-> RPC mountd TCP mount path overflow attempt (rpc.rules)
 * 1:2185 <-> DISABLED <-> RPC mountd UDP mount path overflow attempt (rpc.rules)
 * 1:2230 <-> DISABLED <-> WEB-MISC NetGear router default password login attempt admin/password (web-misc.rules)
 * 1:2231 <-> DISABLED <-> WEB-MISC register.dll access (web-misc.rules)
 * 1:2232 <-> DISABLED <-> WEB-MISC ContentFilter.dll access (web-misc.rules)
 * 1:2233 <-> DISABLED <-> WEB-MISC SFNofitication.dll access (web-misc.rules)
 * 1:2234 <-> DISABLED <-> WEB-MISC TOP10.dll access (web-misc.rules)
 * 1:2235 <-> DISABLED <-> WEB-MISC SpamExcp.dll access (web-misc.rules)
 * 1:2236 <-> DISABLED <-> WEB-MISC spamrule.dll access (web-misc.rules)
 * 1:2237 <-> DISABLED <-> WEB-MISC cgiWebupdate.exe access (web-misc.rules)
 * 1:2238 <-> DISABLED <-> WEB-MISC WebLogic ConsoleHelp view source attempt (web-misc.rules)
 * 1:2239 <-> DISABLED <-> WEB-MISC redirect.exe access (web-misc.rules)
 * 1:2240 <-> DISABLED <-> WEB-MISC changepw.exe access (web-misc.rules)
 * 1:2241 <-> DISABLED <-> WEB-MISC cwmail.exe access (web-misc.rules)
 * 1:2242 <-> DISABLED <-> WEB-MISC ddicgi.exe access (web-misc.rules)
 * 1:2243 <-> DISABLED <-> WEB-MISC ndcgi.exe access (web-misc.rules)
 * 1:2244 <-> DISABLED <-> WEB-MISC VsSetCookie.exe access (web-misc.rules)
 * 1:2245 <-> DISABLED <-> WEB-MISC Webnews.exe access (web-misc.rules)
 * 1:2246 <-> DISABLED <-> WEB-MISC webadmin.dll access (web-misc.rules)
 * 1:2247 <-> DISABLED <-> WEB-IIS UploadScript11.asp access (web-iis.rules)
 * 1:2248 <-> DISABLED <-> WEB-IIS DirectoryListing.asp access (web-iis.rules)
 * 1:2249 <-> DISABLED <-> WEB-IIS /pcadmin/login.asp access (web-iis.rules)
 * 1:2250 <-> ENABLED <-> POP3 USER format string attempt (pop3.rules)
 * 1:2253 <-> ENABLED <-> SMTP XEXCH50 overflow attempt (smtp.rules)
 * 1:2255 <-> ENABLED <-> RPC sadmind query with root credentials attempt TCP (rpc.rules)
 * 1:2259 <-> ENABLED <-> SMTP EXPN overflow attempt (smtp.rules)
 * 1:2260 <-> ENABLED <-> SMTP VRFY overflow attempt (smtp.rules)
 * 1:2261 <-> DISABLED <-> SMTP SEND FROM sendmail prescan too many addresses overflow (smtp.rules)
 * 1:2262 <-> DISABLED <-> SMTP SEND FROM sendmail prescan too long addresses overflow (smtp.rules)
 * 1:2263 <-> DISABLED <-> SMTP SAML FROM sendmail prescan too many addresses overflow (smtp.rules)
 * 1:2264 <-> DISABLED <-> SMTP SAML FROM sendmail prescan too long addresses overflow (smtp.rules)
 * 1:2265 <-> DISABLED <-> SMTP SOML FROM sendmail prescan too many addresses overflow (smtp.rules)
 * 1:2266 <-> DISABLED <-> SMTP SOML FROM sendmail prescan too long addresses overflow (smtp.rules)
 * 1:2267 <-> DISABLED <-> SMTP MAIL FROM sendmail prescan too many addresses overflow (smtp.rules)
 * 1:2268 <-> DISABLED <-> SMTP MAIL FROM sendmail prescan too long addresses overflow (smtp.rules)
 * 1:2269 <-> DISABLED <-> SMTP RCPT TO sendmail prescan too many addresses overflow (smtp.rules)
 * 1:2270 <-> DISABLED <-> SMTP RCPT TO sendmail prescan too long addresses overflow (smtp.rules)
 * 1:2274 <-> DISABLED <-> POP3 login brute force attempt (pop3.rules)
 * 1:2275 <-> ENABLED <-> SMTP AUTH LOGON brute force attempt (smtp.rules)
 * 1:2276 <-> DISABLED <-> WEB-MISC oracle portal demo access (web-misc.rules)
 * 1:2277 <-> DISABLED <-> WEB-MISC PeopleSoft PeopleBooks psdoccgi access (web-misc.rules)
 * 1:2321 <-> DISABLED <-> WEB-IIS foxweb.exe access (web-iis.rules)
 * 1:2322 <-> DISABLED <-> WEB-IIS foxweb.dll access (web-iis.rules)
 * 1:2324 <-> DISABLED <-> WEB-IIS VP-ASP shopsearch.asp access (web-iis.rules)
 * 1:2325 <-> DISABLED <-> WEB-IIS VP-ASP ShopDisplayProducts.asp access (web-iis.rules)
 * 1:2326 <-> DISABLED <-> WEB-IIS sgdynamo.exe access (web-iis.rules)
 * 1:2327 <-> DISABLED <-> WEB-MISC bsml.pl access (web-misc.rules)
 * 1:2334 <-> DISABLED <-> FTP Yak! FTP server default account login attempt (ftp.rules)
 * 1:2335 <-> DISABLED <-> FTP RMD / attempt (ftp.rules)
 * 1:2369 <-> DISABLED <-> WEB-MISC ISAPISkeleton.dll access (web-misc.rules)
 * 1:2370 <-> DISABLED <-> WEB-MISC BugPort config.conf file access (web-misc.rules)
 * 1:2371 <-> DISABLED <-> WEB-MISC Sample_showcode.html access (web-misc.rules)
 * 1:2381 <-> DISABLED <-> WEB-MISC Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (web-misc.rules)
 * 1:2386 <-> DISABLED <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules)
 * 1:2395 <-> DISABLED <-> WEB-MISC InteractiveQuery.jsp access (web-misc.rules)
 * 1:2400 <-> DISABLED <-> WEB-MISC edittag.pl access (web-misc.rules)
 * 1:2407 <-> DISABLED <-> WEB-MISC util.pl access (web-misc.rules)
 * 1:2408 <-> DISABLED <-> WEB-MISC Invision Power Board search.pl access (web-misc.rules)
 * 1:2409 <-> ENABLED <-> POP3 APOP USER overflow attempt (pop3.rules)
 * 1:2411 <-> DISABLED <-> WEB-MISC Real Server DESCRIBE buffer overflow attempt (web-misc.rules)
 * 1:2417 <-> DISABLED <-> FTP format string attempt (ftp.rules)
 * 1:2424 <-> ENABLED <-> NNTP sendsys overflow attempt (nntp.rules)
 * 1:2425 <-> ENABLED <-> NNTP senduuname overflow attempt (nntp.rules)
 * 1:2426 <-> ENABLED <-> NNTP version overflow attempt (nntp.rules)
 * 1:2427 <-> ENABLED <-> NNTP checkgroups overflow attempt (nntp.rules)
 * 1:2428 <-> ENABLED <-> NNTP ihave overflow attempt (nntp.rules)
 * 1:2429 <-> ENABLED <-> NNTP sendme overflow attempt (nntp.rules)
 * 1:2432 <-> ENABLED <-> NNTP article post without path attempt (nntp.rules)
 * 1:2436 <-> ENABLED <-> WEB-CLIENT Microsoft wmf metafile access (web-client.rules)
 * 1:2441 <-> DISABLED <-> WEB-MISC NetObserve authentication bypass attempt (web-misc.rules)
 * 1:2442 <-> DISABLED <-> WEB-MISC Quicktime User-Agent buffer overflow attempt (web-misc.rules)
 * 1:2447 <-> DISABLED <-> WEB-MISC ServletManager access (web-misc.rules)
 * 1:2448 <-> DISABLED <-> WEB-MISC setinfo.hts access (web-misc.rules)
 * 1:2484 <-> DISABLED <-> WEB-MISC source.jsp access (web-misc.rules)
 * 1:2487 <-> DISABLED <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules)
 * 1:2488 <-> ENABLED <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules)
 * 1:2502 <-> DISABLED <-> POP3 SSLv3 invalid data version attempt (pop3.rules)
 * 1:2504 <-> DISABLED <-> SMTP SSLv3 invalid data version attempt (smtp.rules)
 * 1:2515 <-> DISABLED <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
 * 1:2518 <-> DISABLED <-> POP3 PCT Client_Hello overflow attempt (pop3.rules)
 * 1:2520 <-> DISABLED <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
 * 1:2522 <-> DISABLED <-> WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
 * 1:2527 <-> ENABLED <-> SMTP STARTTLS attempt (smtp.rules)
 * 1:2528 <-> DISABLED <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
 * 1:2535 <-> DISABLED <-> POP3 SSLv3 Client_Hello request (pop3.rules)
 * 1:2536 <-> DISABLED <-> POP3 SSLv3 Server_Hello request (pop3.rules)
 * 1:2537 <-> DISABLED <-> POP3 SSLv3 invalid Client_Hello attempt (pop3.rules)
 * 1:2541 <-> DISABLED <-> SMTP TLS SSLv3 invalid data version attempt (smtp.rules)
 * 1:2542 <-> DISABLED <-> SMTP SSLv3 Client_Hello request (smtp.rules)
 * 1:2543 <-> DISABLED <-> SMTP SSLv3 Server_Hello request (smtp.rules)
 * 1:2544 <-> DISABLED <-> SMTP SSLv3 invalid Client_Hello attempt (smtp.rules)
 * 1:2562 <-> DISABLED <-> WEB-MISC McAfee ePO file upload attempt (web-misc.rules)
 * 1:2569 <-> DISABLED <-> WEB-MISC cPanel resetpass access (web-misc.rules)
 * 1:2570 <-> DISABLED <-> WEB-MISC Invalid HTTP Version String (web-misc.rules)
 * 1:2571 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (web-iis.rules)
 * 1:2572 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt (web-iis.rules)
 * 1:2573 <-> DISABLED <-> WEB-IIS SmarterTools SmarterMail frmCompose.asp access (web-iis.rules)
 * 1:2574 <-> DISABLED <-> FTP RETR format string attempt (ftp.rules)
 * 1:2580 <-> DISABLED <-> WEB-MISC server negative Content-Length attempt (web-misc.rules)
 * 1:2581 <-> DISABLED <-> WEB-MISC Crystal Reports crystalimagehandler.aspx access (web-misc.rules)
 * 1:2582 <-> DISABLED <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
 * 1:2597 <-> DISABLED <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules)
 * 1:2598 <-> DISABLED <-> WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules)
 * 1:2656 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt (web-misc.rules)
 * 1:2657 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules)
 * 1:2658 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello request (web-misc.rules)
 * 1:2659 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello with pad request (web-misc.rules)
 * 1:2661 <-> DISABLED <-> WEB-MISC TLSv1 Client_Hello request (web-misc.rules)
 * 1:2662 <-> DISABLED <-> WEB-MISC TLSv1 Server_Hello request (web-misc.rules)
 * 1:2666 <-> ENABLED <-> POP3 PASS format string attempt (pop3.rules)
 * 1:2667 <-> DISABLED <-> WEB-IIS ping.asp access (web-iis.rules)
 * 1:2672 <-> DISABLED <-> WEB-MISC sresult.exe access (web-misc.rules)
 * 1:2701 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules)
 * 1:2702 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules)
 * 1:2703 <-> DISABLED <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules)
 * 1:2704 <-> DISABLED <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules)
 * 1:286 <-> DISABLED <-> POP3 EXPLOIT x86 BSD overflow (pop3.rules)
 * 1:287 <-> DISABLED <-> POP3 EXPLOIT x86 BSD overflow (pop3.rules)
 * 1:288 <-> DISABLED <-> POP3 EXPLOIT x86 Linux overflow (pop3.rules)
 * 1:289 <-> DISABLED <-> POP3 EXPLOIT x86 SCO overflow (pop3.rules)
 * 1:290 <-> DISABLED <-> POP3 EXPLOIT qpopper overflow (pop3.rules)
 * 1:2927 <-> DISABLED <-> NNTP XPAT pattern overflow attempt (nntp.rules)
 * 1:3059 <-> DISABLED <-> WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request (web-misc.rules)
 * 1:3077 <-> DISABLED <-> FTP RNFR overflow attempt (ftp.rules)
 * 1:3078 <-> DISABLED <-> NNTP SEARCH pattern overflow attempt (nntp.rules)
 * 1:3086 <-> DISABLED <-> WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (web-misc.rules)
 * 1:3087 <-> DISABLED <-> WEB-IIS w3who.dll buffer overflow attempt (web-iis.rules)
 * 1:3150 <-> DISABLED <-> WEB-IIS SQLXML content type overflow (web-iis.rules)
 * 1:3151 <-> ENABLED <-> FINGER / execution attempt (finger.rules)
 * 1:3193 <-> DISABLED <-> WEB-IIS .cmd executable file parsing attack (web-iis.rules)
 * 1:3194 <-> DISABLED <-> WEB-IIS .bat executable file parsing attack (web-iis.rules)
 * 1:320 <-> ENABLED <-> FINGER cmd_rootsh backdoor attempt (finger.rules)
 * 1:3201 <-> DISABLED <-> WEB-IIS httpodbc.dll access - nimda (web-iis.rules)
 * 1:321 <-> ENABLED <-> FINGER account enumeration attempt (finger.rules)
 * 1:322 <-> ENABLED <-> FINGER search query (finger.rules)
 * 1:323 <-> ENABLED <-> FINGER root query (finger.rules)
 * 1:324 <-> ENABLED <-> FINGER null request (finger.rules)
 * 1:326 <-> ENABLED <-> FINGER remote command execution attempt (finger.rules)
 * 1:327 <-> ENABLED <-> FINGER remote command pipe execution attempt (finger.rules)
 * 1:328 <-> ENABLED <-> FINGER bomb attempt (finger.rules)
 * 1:330 <-> ENABLED <-> FINGER redirection attempt (finger.rules)
 * 1:331 <-> ENABLED <-> FINGER cybercop query (finger.rules)
 * 1:332 <-> ENABLED <-> FINGER 0 query (finger.rules)
 * 1:333 <-> DISABLED <-> FINGER . query (finger.rules)
 * 1:334 <-> DISABLED <-> FTP .forward (ftp.rules)
 * 1:335 <-> DISABLED <-> FTP .rhosts (ftp.rules)
 * 1:336 <-> DISABLED <-> FTP CWD ~root attempt (ftp.rules)
 * 1:3441 <-> DISABLED <-> FTP PORT bounce attempt (ftp.rules)
 * 1:3460 <-> DISABLED <-> FTP REST with numeric argument (ftp.rules)
 * 1:3461 <-> ENABLED <-> SMTP Content-Type overflow attempt (smtp.rules)
 * 1:3462 <-> ENABLED <-> SMTP Content-Encoding overflow attempt (smtp.rules)
 * 1:3467 <-> DISABLED <-> WEB-MISC CISCO VoIP Portinformation access (web-misc.rules)
 * 1:3473 <-> ENABLED <-> WEB-CLIENT RealPlayer SMIL file overflow attempt (web-client.rules)
 * 1:3486 <-> DISABLED <-> WEB-MISC SSLv3 invalid data version attempt (web-misc.rules)
 * 1:3493 <-> DISABLED <-> SMTP SSLv2 Client_Hello request (smtp.rules)
 * 1:3494 <-> DISABLED <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
 * 1:3495 <-> DISABLED <-> SMTP TLSv1 Client_Hello request (smtp.rules)
 * 1:3496 <-> DISABLED <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
 * 1:3497 <-> DISABLED <-> SMTP SSLv2 Server_Hello request (smtp.rules)
 * 1:3498 <-> DISABLED <-> SMTP TLSv1 Server_Hello request (smtp.rules)
 * 1:3499 <-> DISABLED <-> POP3 SSLv2 Client_Hello request (pop3.rules)
 * 1:3500 <-> DISABLED <-> POP3 SSLv2 Client_Hello with pad request (pop3.rules)
 * 1:3501 <-> DISABLED <-> POP3 TLSv1 Client_Hello request (pop3.rules)
 * 1:3502 <-> DISABLED <-> POP3 TLSv1 Client_Hello via SSLv2 handshake request (pop3.rules)
 * 1:3503 <-> DISABLED <-> POP3 SSLv2 Server_Hello request (pop3.rules)
 * 1:3504 <-> DISABLED <-> POP3 TLSv1 Server_Hello request (pop3.rules)
 * 1:3511 <-> DISABLED <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
 * 1:3518 <-> DISABLED <-> WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow (web-misc.rules)
 * 1:3519 <-> DISABLED <-> WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow default port (web-misc.rules)
 * 1:3523 <-> DISABLED <-> FTP SITE INDEX format string attempt (ftp.rules)
 * 1:353 <-> DISABLED <-> FTP adm scan (ftp.rules)
 * 1:354 <-> DISABLED <-> FTP iss scan (ftp.rules)
 * 1:3544 <-> DISABLED <-> WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt (web-misc.rules)
 * 1:3545 <-> DISABLED <-> WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure (web-misc.rules)
 * 1:3546 <-> DISABLED <-> WEB-MISC TrackerCam User-Agent buffer overflow attempt (web-misc.rules)
 * 1:3547 <-> DISABLED <-> WEB-MISC TrackerCam overly long php parameter overflow attempt (web-misc.rules)
 * 1:3548 <-> DISABLED <-> WEB-MISC TrackerCam negative Content-Length attempt (web-misc.rules)
 * 1:355 <-> DISABLED <-> FTP pass wh00t (ftp.rules)
 * 1:356 <-> DISABLED <-> FTP passwd retrieval attempt (ftp.rules)
 * 1:357 <-> DISABLED <-> FTP piss scan (ftp.rules)
 * 1:358 <-> DISABLED <-> FTP saint scan (ftp.rules)
 * 1:359 <-> DISABLED <-> FTP satan scan (ftp.rules)
 * 1:360 <-> DISABLED <-> FTP serv-u directory transversal (ftp.rules)
 * 1:361 <-> DISABLED <-> FTP SITE EXEC attempt (ftp.rules)
 * 1:362 <-> DISABLED <-> FTP tar parameters (ftp.rules)
 * 1:3629 <-> DISABLED <-> WEB-MISC sambar /search/results.stm access (web-misc.rules)
 * 1:3653 <-> ENABLED <-> SMTP SAML overflow attempt (smtp.rules)
 * 1:3654 <-> ENABLED <-> SMTP SOML overflow attempt (smtp.rules)
 * 1:3655 <-> ENABLED <-> SMTP SEND overflow attempt (smtp.rules)
 * 1:3656 <-> DISABLED <-> SMTP MDaemon 6.5.1 and prior versions MAIL overflow attempt (smtp.rules)
 * 1:3676 <-> DISABLED <-> WEB-MISC newsscript.pl admin attempt (web-misc.rules)
 * 1:3682 <-> DISABLED <-> SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)
 * 1:3683 <-> DISABLED <-> WEB-CLIENT spoofed MIME-Type auto-execution attempt (web-client.rules)
 * 1:3686 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Content Advisor memory corruption attempt (web-client.rules)
 * 1:3693 <-> DISABLED <-> WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules)
 * 1:3815 <-> ENABLED <-> SMTP eXchange POP3 mail server overflow attempt (smtp.rules)
 * 1:3816 <-> DISABLED <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
 * 1:3822 <-> DISABLED <-> WEB-MISC Real Player realtext long URI request (web-misc.rules)
 * 1:3823 <-> DISABLED <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
 * 1:3824 <-> DISABLED <-> SMTP AUTH user overflow attempt (smtp.rules)
 * 1:4135 <-> DISABLED <-> WEB-CLIENT IE JPEG heap overflow single packet attempt (web-client.rules)
 * 1:4136 <-> DISABLED <-> WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules)
 * 1:4650 <-> DISABLED <-> WEB-MISC cacti graph_image.php access (web-misc.rules)
 * 1:4681 <-> DISABLED <-> WEB-MISC Symantec admin interface client negative Content-Length attempt (web-misc.rules)
 * 1:4985 <-> DISABLED <-> WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules)
 * 1:4986 <-> DISABLED <-> WEB-MISC Twiki view rev command injection attempt (web-misc.rules)
 * 1:4987 <-> DISABLED <-> WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules)
 * 1:4988 <-> DISABLED <-> WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules)
 * 1:509 <-> DISABLED <-> WEB-MISC PCCS mysql database admin tool access (web-misc.rules)
 * 1:5685 <-> DISABLED <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules)
 * 1:5686 <-> DISABLED <-> SMTP TLSv1 Server_Hello request (smtp.rules)
 * 1:5687 <-> DISABLED <-> SMTP SSLv2 Client_Hello request (smtp.rules)
 * 1:5688 <-> DISABLED <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules)
 * 1:5689 <-> DISABLED <-> SMTP TLSv1 Client_Hello request (smtp.rules)
 * 1:5690 <-> DISABLED <-> SMTP SSLv3 Client_Hello request (smtp.rules)
 * 1:5691 <-> DISABLED <-> SMTP SSLv2 Server_Hello request (smtp.rules)
 * 1:5695 <-> DISABLED <-> WEB-IIS web agent redirect overflow attempt (web-iis.rules)
 * 1:5710 <-> ENABLED <-> WEB-CLIENT Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules)
 * 1:5713 <-> ENABLED <-> WEB-CLIENT Windows Metafile invalid header size integer overflow (web-client.rules)
 * 1:5714 <-> ENABLED <-> SMTP x-unix-mode executable mail attachment (smtp.rules)
 * 1:5715 <-> DISABLED <-> WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules)
 * 1:572 <-> DISABLED <-> RPC DOS ttdbserv Solaris (rpc.rules)
 * 1:5739 <-> ENABLED <-> SMTP headers too long server response (smtp.rules)
 * 1:574 <-> ENABLED <-> RPC mountd TCP export request (rpc.rules)
 * 1:575 <-> ENABLED <-> RPC portmap admind request UDP (rpc.rules)
 * 1:576 <-> ENABLED <-> RPC portmap amountd request UDP (rpc.rules)
 * 1:577 <-> ENABLED <-> RPC portmap bootparam request UDP (rpc.rules)
 * 1:578 <-> ENABLED <-> RPC portmap cmsd request UDP (rpc.rules)
 * 1:579 <-> ENABLED <-> RPC portmap mountd request UDP (rpc.rules)
 * 1:580 <-> DISABLED <-> RPC portmap nisd request UDP (rpc.rules)
 * 1:581 <-> ENABLED <-> RPC portmap pcnfsd request UDP (rpc.rules)
 * 1:582 <-> ENABLED <-> RPC portmap rexd request UDP (rpc.rules)
 * 1:583 <-> ENABLED <-> RPC portmap rstatd request UDP (rpc.rules)
 * 1:584 <-> ENABLED <-> RPC portmap rusers request UDP (rpc.rules)
 * 1:585 <-> ENABLED <-> RPC portmap sadmind request UDP (rpc.rules)
 * 1:586 <-> ENABLED <-> RPC portmap selection_svc request UDP (rpc.rules)
 * 1:587 <-> ENABLED <-> RPC portmap status request UDP (rpc.rules)
 * 1:588 <-> DISABLED <-> RPC portmap ttdbserv request UDP (rpc.rules)
 * 1:589 <-> ENABLED <-> RPC portmap yppasswd request UDP (rpc.rules)
 * 1:591 <-> ENABLED <-> RPC portmap ypupdated request TCP (rpc.rules)
 * 1:593 <-> DISABLED <-> RPC portmap snmpXdmi request TCP (rpc.rules)
 * 1:595 <-> ENABLED <-> RPC portmap espd request TCP (rpc.rules)
 * 1:598 <-> ENABLED <-> RPC portmap listing TCP 111 (rpc.rules)
 * 1:599 <-> ENABLED <-> RPC portmap listing TCP 32771 (rpc.rules)
 * 1:612 <-> ENABLED <-> RPC rusers query UDP (rpc.rules)
 * 1:631 <-> ENABLED <-> SMTP ehlo cybercop attempt (smtp.rules)
 * 1:632 <-> ENABLED <-> SMTP expn cybercop attempt (smtp.rules)
 * 1:6400 <-> ENABLED <-> BACKDOOR snowdoor runtime detection client-to-server (backdoor.rules)
 * 1:6401 <-> ENABLED <-> BACKDOOR snowdoor runtime detection server-to-client (backdoor.rules)
 * 1:6412 <-> DISABLED <-> SMTP Windows Address Book attachment detected (smtp.rules)
 * 1:6413 <-> DISABLED <-> SMTP Base64 encoded Windows Address Book attachment detected (smtp.rules)
 * 1:6507 <-> DISABLED <-> WEB-MISC novell edirectory imonitor overflow attempt (web-misc.rules)
 * 1:6511 <-> DISABLED <-> WEB-MISC ALT-N WebAdmin user param overflow attempt (web-misc.rules)
 * 1:654 <-> DISABLED <-> SMTP RCPT TO overflow (smtp.rules)
 * 1:655 <-> ENABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:657 <-> ENABLED <-> SMTP chameleon overflow (smtp.rules)
 * 1:658 <-> ENABLED <-> SMTP exchange mime DOS (smtp.rules)
 * 1:659 <-> ENABLED <-> SMTP expn decode (smtp.rules)
 * 1:660 <-> ENABLED <-> SMTP expn root (smtp.rules)
 * 1:661 <-> ENABLED <-> SMTP majordomo ifs (smtp.rules)
 * 1:662 <-> ENABLED <-> SMTP sendmail 5.5.5 exploit (smtp.rules)
 * 1:663 <-> ENABLED <-> SMTP rcpt to command attempt (smtp.rules)
 * 1:664 <-> ENABLED <-> SMTP RCPT TO decode attempt (smtp.rules)
 * 1:665 <-> ENABLED <-> SMTP sendmail 5.6.5 exploit (smtp.rules)
 * 1:667 <-> ENABLED <-> SMTP sendmail 8.6.10 exploit (smtp.rules)
 * 1:668 <-> ENABLED <-> SMTP sendmail 8.6.10 exploit (smtp.rules)
 * 1:669 <-> ENABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:670 <-> ENABLED <-> SMTP sendmail 8.6.9 exploit (smtp.rules)
 * 1:6700 <-> DISABLED <-> WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules)
 * 1:671 <-> ENABLED <-> SMTP sendmail 8.6.9c exploit (smtp.rules)
 * 1:672 <-> ENABLED <-> SMTP vrfy decode (smtp.rules)
 * 1:7020 <-> DISABLED <-> WEB-CLIENT isComponentInstalled function buffer overflow (web-client.rules)
 * 1:7022 <-> ENABLED <-> WEB-CLIENT windows explorer invalid url file overflow attempt (web-client.rules)
 * 1:7027 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7028 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7029 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7048 <-> ENABLED <-> WEB-CLIENT excel object record overflow attempt (web-client.rules)
 * 1:7070 <-> DISABLED <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules)
 * 1:7071 <-> DISABLED <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
 * 1:7199 <-> DISABLED <-> WEB-CLIENT excel label record overflow attempt (web-client.rules)
 * 1:7204 <-> ENABLED <-> WEB-CLIENT excel object ftCmo overflow attempt (web-client.rules)
 * 1:8085 <-> DISABLED <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:8086 <-> DISABLED <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:8087 <-> DISABLED <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules)
 * 1:8088 <-> DISABLED <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules)
 * 1:8089 <-> DISABLED <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules)
 * 1:8090 <-> ENABLED <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
 * 1:8349 <-> DISABLED <-> WEB-IIS Indexing Service ciRestriction cross-site scripting attempt (web-iis.rules)
 * 1:8414 <-> DISABLED <-> WEB-CLIENT GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:8415 <-> DISABLED <-> FTP SIZE overflow attempt (ftp.rules)
 * 1:8426 <-> DISABLED <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
 * 1:8427 <-> DISABLED <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules)
 * 1:8429 <-> DISABLED <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
 * 1:8430 <-> DISABLED <-> POP3 SSLv3 openssl get shared ciphers overflow attempt (pop3.rules)
 * 1:8431 <-> DISABLED <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
 * 1:8432 <-> DISABLED <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8433 <-> DISABLED <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8434 <-> DISABLED <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8435 <-> DISABLED <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8436 <-> DISABLED <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8437 <-> DISABLED <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
 * 1:8441 <-> DISABLED <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
 * 1:8443 <-> DISABLED <-> WEB-CLIENT Mozilla regular expression heap corruption attempt (web-client.rules)
 * 1:8444 <-> DISABLED <-> WEB-MISC Trend Micro atxconsole format string server response attempt (web-misc.rules)
 * 1:8481 <-> DISABLED <-> FTP Microsoft NLST * dos attempt (ftp.rules)
 * 1:8700 <-> DISABLED <-> WEB-IIS ASP.NET 2.0 cross-site scripting attempt (web-iis.rules)
 * 1:8701 <-> DISABLED <-> WEB-MISC IceCast header buffer overflow attempt (web-misc.rules)
 * 1:8704 <-> DISABLED <-> SMTP YPOPS Banner (smtp.rules)
 * 1:8705 <-> DISABLED <-> SMTP YPOPS buffer overflow attempt (smtp.rules)
 * 1:8707 <-> DISABLED <-> FTP WZD-FTPD SITE arbitrary command execution attempt (ftp.rules)
 * 1:8711 <-> DISABLED <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules)
 * 1:9620 <-> DISABLED <-> WEB-MISC pajax call_dispatcher remote exec attempt (web-misc.rules)
 * 1:9623 <-> ENABLED <-> RPC UNIX authentication machinename string overflow attempt TCP (rpc.rules)
 * 1:9624 <-> ENABLED <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules)
 * 1:969 <-> DISABLED <-> WEB-IIS WebDAV file lock attempt (web-iis.rules)
 * 1:971 <-> DISABLED <-> WEB-IIS ISAPI .printer access (web-iis.rules)
 * 1:973 <-> DISABLED <-> WEB-IIS *.idc attempt (web-iis.rules)
 * 1:974 <-> DISABLED <-> WEB-IIS Directory transversal attempt (web-iis.rules)
 * 1:975 <-> DISABLED <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules)
 * 1:976 <-> DISABLED <-> WEB-MISC .bat? access (web-misc.rules)
 * 1:977 <-> DISABLED <-> WEB-IIS .cnf access (web-iis.rules)
 * 1:978 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:979 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:9791 <-> DISABLED <-> WEB-MISC .cmd? access (web-misc.rules)
 * 1:980 <-> DISABLED <-> WEB-IIS CGImail.exe access (web-iis.rules)
 * 1:984 <-> DISABLED <-> WEB-IIS JET VBA access (web-iis.rules)
 * 1:9840 <-> ENABLED <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules)
 * 1:985 <-> DISABLED <-> WEB-IIS JET VBA access (web-iis.rules)
 * 1:986 <-> DISABLED <-> WEB-IIS MSProxy access (web-iis.rules)
 * 1:987 <-> DISABLED <-> WEB-IIS .htr access (web-iis.rules)
 * 1:991 <-> DISABLED <-> WEB-IIS achg.htr access (web-iis.rules)
 * 1:992 <-> DISABLED <-> WEB-IIS adctest.asp access (web-iis.rules)
 * 1:993 <-> DISABLED <-> WEB-IIS iisadmin access (web-iis.rules)
 * 1:994 <-> DISABLED <-> WEB-IIS /scripts/iisadmin/default.htm access (web-iis.rules)
 * 1:995 <-> DISABLED <-> WEB-IIS ism.dll access (web-iis.rules)
 * 1:996 <-> DISABLED <-> WEB-IIS anot.htr access (web-iis.rules)
 * 1:997 <-> DISABLED <-> WEB-IIS asp-dot attempt (web-iis.rules)
 * 1:998 <-> DISABLED <-> WEB-IIS asp-srch attempt (web-iis.rules)
 * 1:999 <-> DISABLED <-> WEB-IIS bdir access (web-iis.rules)
 * 3:16232 <-> ENABLED <-> WEB-CLIENT Windows TrueType font file parsing integer overflow attempt (web-client.rules)
 * 3:16413 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 3:17126 <-> ENABLED <-> NETBIOS SMB large session length with small packet (netbios.rules)
 * 3:17753 <-> ENABLED <-> MULTIMEDIA Windows Media Player network sharing service RTSP code execution attempt (multimedia.rules)