Sourcefire VRT Rules Update

Date: 2012-06-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:23154 <-> ENABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules)
 * 1:23143 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (web-activex.rules)
 * 1:23140 <-> ENABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules)
 * 1:23148 <-> ENABLED <-> INDICATOR-COMPROMISE Suspicous StrReverse - Shell (indicator-compromise.rules)
 * 1:23147 <-> ENABLED <-> INDICATOR-COMPROMISE Suspicious taskkill script - StrReverse (indicator-compromise.rules)
 * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules)
 * 1:23142 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (web-activex.rules)
 * 1:23149 <-> ENABLED <-> INDICATOR-COMPROMISE Suspicious StrReverse - Scripting.FileSystemObject (indicator-compromise.rules)
 * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules)
 * 1:23155 <-> ENABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules)
 * 1:23141 <-> ENABLED <-> SPECIFIC-THREATS Fake transaction redirect page to exploit kit (specific-threats.rules)
 * 1:23146 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (web-activex.rules)
 * 1:23145 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (web-activex.rules)
 * 1:23153 <-> ENABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules)
 * 1:23144 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (web-activex.rules)
 * 1:23152 <-> ENABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules)

Modified Rules:


 * 1:2107 <-> DISABLED <-> IMAP create buffer overflow attempt (imap.rules)
 * 1:713 <-> DISABLED <-> TELNET livingston DOS (telnet.rules)
 * 1:718 <-> DISABLED <-> TELNET login incorrect (telnet.rules)
 * 1:719 <-> DISABLED <-> TELNET root login (telnet.rules)
 * 1:8057 <-> DISABLED <-> MYSQL Date_Format denial of service attempt (mysql.rules)
 * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules)
 * 1:17346 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Notes Cross Site Scripting attempt (specific-threats.rules)
 * 1:17273 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17274 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (specific-threats.rules)
 * 1:17269 <-> DISABLED <-> TELNET Client env_opt_add Buffer Overflow attempt (telnet.rules)
 * 1:16788 <-> DISABLED <-> EXPLOIT RealVNC VNC Server ClientCutText message memory corruption attempt (exploit.rules)
 * 1:16707 <-> DISABLED <-> MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (mysql.rules)
 * 1:16708 <-> DISABLED <-> MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (mysql.rules)
 * 1:16694 <-> DISABLED <-> DOS RealNetworks Helix Server RTSP SETUP request denial of service attempt (dos.rules)
 * 1:16703 <-> ENABLED <-> WEB-MISC Oracle MySQL Database COM_FIELD_LIST Buffer Overflow attempt (web-misc.rules)
 * 1:16594 <-> DISABLED <-> POP3 STAT command (pop3.rules)
 * 1:16606 <-> DISABLED <-> ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (oracle.rules)
 * 1:16385 <-> ENABLED <-> MYSQL yaSSL library cert parsing stack overflow attempt (mysql.rules)
 * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules)
 * 1:16374 <-> DISABLED <-> EXPLOIT Oracle Internet Directory heap corruption attempt (exploit.rules)
 * 1:16349 <-> ENABLED <-> SPECIFIC-THREATS Oracle MySQL database Procedure Analyse denial of service attempt - 2 (specific-threats.rules)
 * 1:1635 <-> DISABLED <-> POP3 APOP overflow attempt (pop3.rules)
 * 1:16344 <-> DISABLED <-> SPECIFIC-THREATS Mozilla Firefox top-level script object offset calculation memory corruption attempt (specific-threats.rules)
 * 1:16348 <-> ENABLED <-> SPECIFIC-THREATS Oracle MySQL database PROCEDURE ANALYSE denial of service attempt - 1 (specific-threats.rules)
 * 1:16216 <-> DISABLED <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules)
 * 1:1634 <-> DISABLED <-> POP3 PASS overflow attempt (pop3.rules)
 * 1:16060 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino LDAP server memory exception attempt (specific-threats.rules)
 * 1:16197 <-> DISABLED <-> SPECIFIC-THREATS OpenLDAP ber_get_next BER decoding denial of service attempt (specific-threats.rules)
 * 1:16017 <-> ENABLED <-> SPECIFIC-THREATS IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (specific-threats.rules)
 * 1:16020 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL login handshake information disclosure attempt (specific-threats.rules)
 * 1:15963 <-> DISABLED <-> SPECIFIC-THREATS Red Hat Enterprise Linux DNS resolver buffer overflow attempt (specific-threats.rules)
 * 1:15443 <-> ENABLED <-> MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (mysql.rules)
 * 1:15952 <-> ENABLED <-> MYSQL create function libc arbitrary code execution attempt (mysql.rules)
 * 1:15701 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows 2000 domain authentication bypass attempt (specific-threats.rules)
 * 1:15479 <-> DISABLED <-> EXPLOIT RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (exploit.rules)
 * 1:14777 <-> DISABLED <-> DNS single byte encoded name response (dns.rules)
 * 1:15442 <-> ENABLED <-> MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (mysql.rules)
 * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules)
 * 1:13948 <-> DISABLED <-> DNS large number of NXDOMAIN replies - possible DNS cache poisoning (dns.rules)
 * 1:13713 <-> DISABLED <-> MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt (mysql.rules)
 * 1:13714 <-> DISABLED <-> MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (mysql.rules)
 * 1:13711 <-> DISABLED <-> MYSQL yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt (mysql.rules)
 * 1:13712 <-> DISABLED <-> MYSQL yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt (mysql.rules)
 * 1:13709 <-> DISABLED <-> MYSQL yaSSL SSLv2 Server_Hello request (mysql.rules)
 * 1:13710 <-> DISABLED <-> MYSQL yaSSL TLSv1 Server_Hello request (mysql.rules)
 * 1:13694 <-> DISABLED <-> EXPLOIT RealNetworks Helix RTSP long get request exploit attempt (exploit.rules)
 * 1:13695 <-> DISABLED <-> EXPLOIT RealNetworks Helix RTSP long setup request exploit attempt (exploit.rules)
 * 1:13359 <-> DISABLED <-> POLICY failed IMAP login attempt - invalid username/password (policy.rules)
 * 1:13593 <-> ENABLED <-> MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (mysql.rules)
 * 1:13357 <-> DISABLED <-> POLICY failed Oracle Mysql login attempt (policy.rules)
 * 1:13358 <-> DISABLED <-> POLICY Oracle Mysql login attempt from unauthorized location (policy.rules)
 * 1:1252 <-> DISABLED <-> TELNET bsd telnet exploit response (telnet.rules)
 * 1:1253 <-> DISABLED <-> TELNET bsd exploit client finishing (telnet.rules)
 * 1:12422 <-> DISABLED <-> EXPLOIT RealNetworks Helix RTSP long describe request exploit attempt (exploit.rules)
 * 1:11965 <-> DISABLED <-> WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (web-misc.rules)
 * 1:12421 <-> DISABLED <-> EXPLOIT RealNetworks Helix RTSP long transport header (exploit.rules)
 * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules)
 * 1:11671 <-> DISABLED <-> WEB-MISC SSLv2 Server_Hello request from SSLv3 Client_Hello request (web-misc.rules)
 * 1:10997 <-> DISABLED <-> WEB-MISC SSLv2 OpenSSl KEY_ARG buffer overflow attempt (web-misc.rules)
 * 1:11263 <-> DISABLED <-> DOS Apache mod_ssl non-SSL connection to SSL port denial of service attempt (dos.rules)
 * 1:10464 <-> DISABLED <-> TELNET kerberos login environment variable authentication bypass attempt (telnet.rules)
 * 1:2521 <-> DISABLED <-> WEB-MISC SSLv3 Server_Hello request (web-misc.rules)
 * 1:23104 <-> ENABLED <-> BOTNET-CNC Trojan.Scar variant outbound connection attempt (botnet-cnc.rules)
 * 1:2118 <-> DISABLED <-> IMAP list overflow attempt (imap.rules)
 * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:10136 <-> DISABLED <-> TELNET Oracle Solaris login environment variable authentication bypass attempt (telnet.rules)
 * 1:717 <-> DISABLED <-> TELNET not on console (telnet.rules)
 * 1:714 <-> DISABLED <-> TELNET resolv_host_conf (telnet.rules)
 * 1:715 <-> DISABLED <-> TELNET Attempted SU from wrong group (telnet.rules)
 * 1:712 <-> DISABLED <-> TELNET ld_library_path (telnet.rules)
 * 1:711 <-> DISABLED <-> TELNET SGI telnetd format bug (telnet.rules)
 * 1:20813 <-> ENABLED <-> TELNET FreeBSD telnetd dec_keyid overflow attempt (telnet.rules)
 * 1:2109 <-> DISABLED <-> POP3 TOP overflow attempt (pop3.rules)
 * 1:23096 <-> ENABLED <-> SPECIFIC-THREATS VERITAS NetBackup java authentication service format string exploit attempt (specific-threats.rules)
 * 1:20812 <-> ENABLED <-> TELNET FreeBSD telnetd enc_keyid overflow attempt (telnet.rules)
 * 1:2112 <-> DISABLED <-> POP3 RSET overflow attempt (pop3.rules)
 * 1:2406 <-> DISABLED <-> TELNET APC SmartSlot default admin account attempt (telnet.rules)
 * 1:2274 <-> DISABLED <-> POP3 login brute force attempt (pop3.rules)
 * 1:2250 <-> DISABLED <-> POP3 USER format string attempt (pop3.rules)
 * 1:2662 <-> DISABLED <-> WEB-MISC TLSv1 Server_Hello request (web-misc.rules)
 * 1:253 <-> DISABLED <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 * 1:2664 <-> DISABLED <-> IMAP login format string attempt (imap.rules)
 * 1:265 <-> DISABLED <-> DNS EXPLOIT x86 Linux overflow attempt ADMv2 (dns.rules)
 * 1:19092 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL ssl3_get_key_exchange use-after-free attempt (specific-threats.rules)
 * 1:17396 <-> DISABLED <-> EXPLOIT VNC client authentication response (exploit.rules)
 * 1:17397 <-> ENABLED <-> EXPLOIT VNCViewer Authenticate buffer overflow attempt (exploit.rules)
 * 1:17412 <-> ENABLED <-> MYSQL create function mysql.func arbitrary library injection attempt (mysql.rules)
 * 1:17450 <-> DISABLED <-> WEB-MISC CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (web-misc.rules)
 * 1:17483 <-> DISABLED <-> DNS squid proxy dns A record response denial of service attempt (dns.rules)
 * 1:17484 <-> DISABLED <-> DNS squid proxy dns PTR record response denial of service attempt (dns.rules)
 * 1:17503 <-> ENABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules)
 * 1:1755 <-> DISABLED <-> IMAP partial body buffer overflow attempt (imap.rules)
 * 1:1776 <-> DISABLED <-> MYSQL show databases attempt (mysql.rules)
 * 1:1775 <-> DISABLED <-> MYSQL root login attempt (mysql.rules)
 * 1:1845 <-> DISABLED <-> IMAP list literal overflow attempt (imap.rules)
 * 1:1842 <-> DISABLED <-> IMAP login buffer overflow attempt (imap.rules)
 * 1:18513 <-> DISABLED <-> MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (mysql.rules)
 * 1:18525 <-> DISABLED <-> EXPLOIT Lotus Domino LDAP Heap Buffer Overflow Attempt (exploit.rules)
 * 1:18533 <-> DISABLED <-> DOS MIT Kerberos KDC authentication denial of service attempt (dos.rules)
 * 1:18581 <-> DISABLED <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules)
 * 1:18534 <-> DISABLED <-> DOS MIT Kerberos KDC authentication denial of service attempt (dos.rules)
 * 1:18582 <-> DISABLED <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules)
 * 1:1866 <-> DISABLED <-> POP3 USER overflow attempt (pop3.rules)
 * 1:18713 <-> DISABLED <-> DOS OpenSSL TLS connection record handling denial of service attempt (dos.rules)
 * 1:18769 <-> DISABLED <-> EXPLOIT LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (exploit.rules)
 * 1:18804 <-> DISABLED <-> WEB-MISC OpenLDAP Modrdn utf-8 string code execution attempt (web-misc.rules)
 * 1:18807 <-> DISABLED <-> DOS OpenLDAP Modrdn RDN NULL string denial of service attempt (dos.rules)
 * 1:1887 <-> DISABLED <-> MISC OpenSSL Worm traffic (misc.rules)
 * 1:19000 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL Database CASE NULL argument denial of service attempt (specific-threats.rules)
 * 1:19001 <-> DISABLED <-> MYSQL IN NULL argument denial of service attempt (mysql.rules)
 * 1:1902 <-> DISABLED <-> IMAP lsub literal overflow attempt (imap.rules)
 * 1:1903 <-> DISABLED <-> IMAP rename overflow attempt (imap.rules)
 * 1:1904 <-> DISABLED <-> IMAP find overflow attempt (imap.rules)
 * 1:18901 <-> DISABLED <-> SPECIFIC-THREATS MIT Kerberos KDC Ticket validation double free memory corruption attempt (specific-threats.rules)
 * 1:20212 <-> DISABLED <-> MISC SSL CBC encryption mode weakness brute force attempt (misc.rules)
 * 1:19093 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL Database unique set column denial of service attempt (specific-threats.rules)
 * 1:19094 <-> DISABLED <-> SPECIFIC-THREATS Oracle MySQL Database unique set column denial of service attempt (specific-threats.rules)
 * 1:19091 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL ssl3_get_key_exchange use-after-free attempt (specific-threats.rules)
 * 1:1936 <-> DISABLED <-> POP3 AUTH overflow attempt (pop3.rules)
 * 1:1937 <-> DISABLED <-> POP3 LIST overflow attempt (pop3.rules)
 * 1:1938 <-> DISABLED <-> POP3 XTND overflow attempt (pop3.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:20242 <-> DISABLED <-> DNS Oracle Secure Backup observice.exe dns response overflow attempt (dns.rules)
 * 1:19659 <-> DISABLED <-> BACKDOOR Win32.Soleseq.A outbound connection (backdoor.rules)
 * 1:19125 <-> DISABLED <-> DOS ISC BIND DNSSEC authority response record overflow attempt (dos.rules)
 * 1:19677 <-> DISABLED <-> DNS Microsoft DNS NAPTR remote unauthenticated code execution vulnerability attempt (dns.rules)
 * 1:19938 <-> ENABLED <-> EXPLOIT IBM Tivoli Directory Server ibmslapd.exe Stack Buffer Overflow (exploit.rules)
 * 1:20053 <-> DISABLED <-> SPECIFIC-THREATS MySQL Database SELECT subquery denial of service attempt (specific-threats.rules)
 * 1:2105 <-> DISABLED <-> IMAP authenticate literal overflow attempt (imap.rules)
 * 1:2046 <-> DISABLED <-> IMAP partial body.peek buffer overflow attempt (imap.rules)
 * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules)
 * 1:1993 <-> DISABLED <-> IMAP login literal buffer overflow attempt (imap.rules)
 * 1:2106 <-> DISABLED <-> IMAP lsub overflow attempt (imap.rules)
 * 1:2108 <-> DISABLED <-> POP3 CAPA overflow attempt (pop3.rules)
 * 1:3007 <-> DISABLED <-> IMAP command overflow attempt (imap.rules)
 * 1:288 <-> DISABLED <-> POP3 EXPLOIT x86 Linux overflow (pop3.rules)
 * 1:3669 <-> DISABLED <-> MYSQL protocol 41 secure client overflow attempt (mysql.rules)
 * 1:3687 <-> DISABLED <-> TELNET client ENV OPT USERVAR information disclosure (telnet.rules)
 * 1:5698 <-> DISABLED <-> IMAP list directory traversal attempt (imap.rules)
 * 1:3456 <-> DISABLED <-> MYSQL 4.0 root login attempt (mysql.rules)
 * 1:4646 <-> DISABLED <-> IMAP search literal format string attempt (imap.rules)
 * 1:3058 <-> DISABLED <-> IMAP copy literal overflow attempt (imap.rules)
 * 1:3070 <-> DISABLED <-> IMAP fetch overflow attempt (imap.rules)
 * 1:3008 <-> DISABLED <-> IMAP delete literal overflow attempt (imap.rules)
 * 1:3670 <-> DISABLED <-> MYSQL secure client overflow attempt (mysql.rules)
 * 1:4649 <-> DISABLED <-> MYSQL create function buffer overflow attempt (mysql.rules)
 * 1:3666 <-> DISABLED <-> MYSQL server greeting finished (mysql.rules)
 * 1:3065 <-> DISABLED <-> IMAP append literal overflow attempt (imap.rules)
 * 1:3668 <-> DISABLED <-> MYSQL client authentication bypass attempt (mysql.rules)
 * 1:3667 <-> DISABLED <-> MYSQL protocol 41 client authentication bypass attempt (mysql.rules)
 * 1:4645 <-> DISABLED <-> IMAP search format string attempt (imap.rules)
 * 1:3533 <-> DISABLED <-> TELNET client LINEMODE SLC overflow attempt (telnet.rules)
 * 1:5696 <-> DISABLED <-> IMAP delete directory traversal attempt (imap.rules)
 * 1:3071 <-> DISABLED <-> IMAP status literal overflow attempt (imap.rules)
 * 1:5697 <-> DISABLED <-> IMAP examine directory traversal attempt (imap.rules)
 * 1:3075 <-> DISABLED <-> IMAP unsubscribe literal overflow attempt (imap.rules)
 * 1:3537 <-> DISABLED <-> TELNET client ENV OPT escape overflow attempt (telnet.rules)
 * 1:3274 <-> DISABLED <-> TELNET login buffer non-evasive overflow attempt (telnet.rules)
 * 1:290 <-> DISABLED <-> POP3 EXPLOIT qpopper overflow (pop3.rules)
 * 1:3147 <-> DISABLED <-> TELNET login buffer overflow attempt (telnet.rules)
 * 1:3671 <-> DISABLED <-> MYSQL protocol 41 client overflow attempt (mysql.rules)
 * 1:3076 <-> DISABLED <-> IMAP UNSUBSCRIBE overflow attempt (imap.rules)
 * 1:3688 <-> DISABLED <-> TELNET client ENV OPT VAR information disclosure (telnet.rules)
 * 1:3672 <-> DISABLED <-> MYSQL client overflow attempt (mysql.rules)
 * 1:3528 <-> DISABLED <-> MYSQL create function access attempt (mysql.rules)
 * 1:492 <-> DISABLED <-> TELNET login failed (telnet.rules)
 * 1:3665 <-> DISABLED <-> MYSQL server greeting (mysql.rules)
 * 1:2579 <-> DISABLED <-> EXPLOIT kerberos principal name overflow TCP (exploit.rules)
 * 1:2657 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules)
 * 1:709 <-> DISABLED <-> TELNET 4Dgifts SGI account attempt (telnet.rules)
 * 1:286 <-> DISABLED <-> POP3 EXPLOIT x86 BSD overflow (pop3.rules)
 * 1:5705 <-> DISABLED <-> IMAP CAPABILITY overflow attempt (imap.rules)
 * 1:21421 <-> DISABLED <-> DOS ISC BIND DNSSEC authority response record overflow attempt (dos.rules)
 * 1:2121 <-> DISABLED <-> POP3 DELE negative argument attempt (pop3.rules)
 * 1:254 <-> DISABLED <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 * 1:23115 <-> ENABLED <-> SQL MySQL/MariaDB client authentication bypass attempt (sql.rules)
 * 1:5704 <-> DISABLED <-> IMAP SELECT overflow attempt (imap.rules)
 * 1:5699 <-> DISABLED <-> IMAP lsub directory traversal attempt (imap.rules)
 * 1:267 <-> DISABLED <-> DNS EXPLOIT sparc overflow attempt (dns.rules)
 * 1:264 <-> DISABLED <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 * 1:2656 <-> DISABLED <-> WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt (web-misc.rules)
 * 1:287 <-> DISABLED <-> POP3 EXPLOIT x86 BSD overflow (pop3.rules)
 * 1:2273 <-> DISABLED <-> IMAP login brute force attempt (imap.rules)
 * 1:5702 <-> DISABLED <-> IMAP SUBSCRIBE directory traversal attempt (imap.rules)
 * 1:2120 <-> DISABLED <-> IMAP create literal buffer overflow attempt (imap.rules)
 * 1:2578 <-> DISABLED <-> EXPLOIT kerberos principal name overflow UDP (exploit.rules)
 * 1:2119 <-> DISABLED <-> IMAP rename literal overflow attempt (imap.rules)
 * 1:2666 <-> DISABLED <-> POP3 PASS format string attempt (pop3.rules)
 * 1:2409 <-> DISABLED <-> POP3 APOP USER overflow attempt (pop3.rules)
 * 1:266 <-> DISABLED <-> DNS EXPLOIT x86 FreeBSD overflow attempt (dns.rules)
 * 1:21939 <-> ENABLED <-> TELNET RuggedCom telnet initial banner (telnet.rules)
 * 1:2122 <-> DISABLED <-> POP3 UIDL negative argument attempt (pop3.rules)
 * 1:5701 <-> DISABLED <-> IMAP status directory traversal attempt (imap.rules)
 * 1:289 <-> DISABLED <-> POP3 EXPLOIT x86 SCO overflow (pop3.rules)
 * 1:262 <-> DISABLED <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules)
 * 1:2110 <-> DISABLED <-> POP3 STAT overflow attempt (pop3.rules)
 * 1:2111 <-> DISABLED <-> POP3 DELE overflow attempt (pop3.rules)
 * 1:3072 <-> DISABLED <-> IMAP status overflow attempt (imap.rules)
 * 1:5700 <-> DISABLED <-> IMAP rename directory traversal attempt (imap.rules)
 * 1:5703 <-> DISABLED <-> IMAP unsubscribe directory traversal attempt (imap.rules)
 * 1:3066 <-> DISABLED <-> IMAP append overflow attempt (imap.rules)
 * 1:710 <-> DISABLED <-> TELNET EZsetup account attempt (telnet.rules)
 * 3:15117 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed OBJ record arbitrary code execution attempt (web-client.rules)