Sourcefire VRT Rules Update

Date: 2012-04-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21671 <-> DISABLED <-> WEB-PHP PECL zip URL wrapper buffer overflow attempt (web-php.rules)
 * 1:21680 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21683 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21684 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21685 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21686 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21682 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21678 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21673 <-> DISABLED <-> VOIP Digium Asterisk SCCP overly large mem copy attempt (voip.rules)
 * 1:21660 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Landing Page Requested - /Index/index.php (specific-threats.rules)
 * 1:21663 <-> DISABLED <-> EXPLOIT CA BrightStor Agent for Microsoft SQL overflow attempt (exploit.rules)
 * 1:21658 <-> ENABLED <-> SPECIFIC-THREATS Blackhole possible landing page (specific-threats.rules)
 * 1:21662 <-> ENABLED <-> DOS Blue Coat Systems WinProxy telnet denial of service attempt (dos.rules)
 * 1:21668 <-> DISABLED <-> SPECIFIC-THREATS Java exploit kit iframe drive by attempt (specific-threats.rules)
 * 1:21661 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - catch (specific-threats.rules)
 * 1:21670 <-> DISABLED <-> SPECIFIC-THREATS PHP phpinfo GET POST and COOKIE Parameters cross site scripting attempt (specific-threats.rules)
 * 1:21659 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Landing Page Requested - /Home/index.php (specific-threats.rules)
 * 1:21669 <-> DISABLED <-> VOIP-SIP-UDP Asterisk expires header denial of service attempt (voip.rules)
 * 1:21657 <-> ENABLED <-> SPECIFIC-THREATS Blackhole Applet landing page (specific-threats.rules)
 * 1:21667 <-> ENABLED <-> WEB-CLIENT Oracle Java JRE sandbox Atomic breach attempt (web-client.rules)
 * 1:21664 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java JRE sandbox Atomic breach attempt (specific-threats.rules)
 * 1:21666 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java JRE sandbox Atomic breach attempt (specific-threats.rules)
 * 1:21665 <-> ENABLED <-> SPECIFIC-THREATS Oracle Java JRE sandbox Atomic breach attempt (specific-threats.rules)
 * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21672 <-> DISABLED <-> VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (voip.rules)
 * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21679 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)
 * 1:21681 <-> ENABLED <-> SPECIFIC-THREATS Bleeding Life exploit module call (specific-threats.rules)

Modified Rules:


 * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:18685 <-> DISABLED <-> FILE-OTHER RTF file with embedded OLE object (file-other.rules)
 * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules)
 * 1:18683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:18684 <-> ENABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object (file-pdf.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:1846 <-> DISABLED <-> POLICY-MULTIMEDIA vncviewer Java applet download attempt (policy-multimedia.rules)
 * 1:17442 <-> ENABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of JavaScript unescape function - likely malware obfuscation (indicator-obfuscation.rules)
 * 1:16523 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:17291 <-> ENABLED <-> POLICY-OTHER base64-encoded uri data object found (policy-other.rules)
 * 1:16390 <-> DISABLED <-> FILE-PDF Adobe PDF alternate file magic obfuscation (file-pdf.rules)
 * 1:15727 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded Flash (file-pdf.rules)
 * 1:16354 <-> DISABLED <-> FILE-PDF Adobe PDF start-of-file alternate header obfuscation (file-pdf.rules)
 * 1:15361 <-> DISABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15171 <-> ENABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules)
 * 1:15172 <-> ENABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules)
 * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:2044 <-> DISABLED <-> POLICY-OTHER PPTP Start Control Request attempt (policy-other.rules)
 * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules)
 * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules)
 * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules)
 * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules)
 * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules)
 * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules)
 * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules)
 * 1:20079 <-> DISABLED <-> BACKDOOR Win32.Russkill.C outbound connection (backdoor.rules)
 * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules)
 * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules)
 * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19647 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19648 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19646 <-> ENABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19551 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19280 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19278 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19279 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19277 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19276 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19275 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over pop3 (file-pdf.rules)
 * 1:19273 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19274 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19271 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19272 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19270 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smtp (file-pdf.rules)
 * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash over smb (file-pdf.rules)
 * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19158 <-> ENABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:15170 <-> ENABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules)
 * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules)
 * 1:1445 <-> DISABLED <-> INDICATOR-COMPROMISE FTP file_id.diz access possible warez site (indicator-compromise.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules)
 * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules)
 * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules)
 * 1:13593 <-> ENABLED <-> MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (mysql.rules)
 * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules)
 * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules)
 * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules)
 * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules)
 * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules)
 * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules)
 * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules)
 * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules)
 * 1:12210 <-> DISABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules)
 * 1:12211 <-> DISABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12209 <-> DISABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules)
 * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules)
 * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Watson error reporting attempt (policy-other.rules)
 * 1:15169 <-> ENABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules)
 * 1:15476 <-> DISABLED <-> SPYWARE-PUT Waledac spam bot HTTP POST request (spyware-put.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string (file-pdf.rules)
 * 1:18545 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules)
 * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules)
 * 1:18547 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules)
 * 1:18548 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules)
 * 1:18549 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules)
 * 1:18550 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript string (file-pdf.rules)
 * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:21190 <-> DISABLED <-> POLICY-OTHER Mozilla Multiple Products MozOrientation loading attempt (policy-other.rules)
 * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:21519 <-> ENABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules)
 * 1:21538 <-> ENABLED <-> BOTNET-CNC W32.Dofoil variant outbound payload request (botnet-cnc.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Visual Studio .addin file access (file-other.rules)
 * 1:9324 <-> DISABLED <-> POLICY-OTHER TOR traffic anonymizer server request (policy-other.rules)
 * 1:21581 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - BBB (specific-threats.rules)
 * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules)
 * 1:3825 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger Message Send (policy-social.rules)
 * 1:3826 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger Message Receive (policy-social.rules)
 * 1:8484 <-> DISABLED <-> POLICY-SOCIAL Xfire login successful (policy-social.rules)
 * 1:490 <-> DISABLED <-> SERVER-MAIL battle-mail traffic (server-mail.rules)
 * 1:510 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules)
 * 1:543 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'STOR 1MB' possible warez site (indicator-compromise.rules)
 * 1:544 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'RETR 1MB' possible warez site (indicator-compromise.rules)
 * 1:8483 <-> DISABLED <-> POLICY-SOCIAL Xfire login attempted (policy-social.rules)
 * 1:545 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD / ' possible warez site (indicator-compromise.rules)
 * 1:546 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD  ' possible warez site (indicator-compromise.rules)
 * 1:547 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD  ' possible warez site (indicator-compromise.rules)
 * 1:8482 <-> DISABLED <-> POLICY-SOCIAL Xfire session initiated (policy-social.rules)
 * 1:548 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD .' possible warez site (indicator-compromise.rules)
 * 1:553 <-> DISABLED <-> POLICY-OTHER FTP anonymous login attempt (policy-other.rules)
 * 1:554 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD / ' possible warez site (indicator-compromise.rules)
 * 1:555 <-> DISABLED <-> POLICY-OTHER WinGate telnet server response (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:567 <-> DISABLED <-> SERVER-MAIL SMTP relaying denied (server-mail.rules)
 * 1:568 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules)
 * 1:5706 <-> DISABLED <-> POLICY-SOCIAL Namazu incoming namazu.cgi access (policy-social.rules)
 * 1:5707 <-> DISABLED <-> POLICY-SOCIAL Namazu outbound namazu.cgi access (policy-social.rules)
 * 1:7860 <-> DISABLED <-> PUA-TOOLBARS Google Desktop search query (pua-toolbars.rules)
 * 1:7859 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install  - installer request (pua-toolbars.rules)
 * 1:7858 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install - firstuse request (pua-toolbars.rules)
 * 1:21056 <-> ENABLED <-> FILE-OTHER Java attempt to write in system32 (file-other.rules)
 * 1:7030 <-> DISABLED <-> POLICY-SOCIAL silc server response (policy-social.rules)
 * 1:6408 <-> DISABLED <-> POLICY-SOCIAL webshots desktop traffic (policy-social.rules)
 * 1:7031 <-> DISABLED <-> POLICY-SOCIAL silc client outbound connection (policy-social.rules)
 * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:6406 <-> DISABLED <-> POLICY-SOCIAL Gizmo VOIP client start-up version check (policy-social.rules)
 * 1:11273 <-> DISABLED <-> WEB-MISC Apache header parsing space saturation denial of service attempt (web-misc.rules)