Snort

• Blog
• VRT
• Community
• Docs
• Services
• About
• Swag Store
• Sign In
• 

Sourcefire VRT Rules Update

Date: 2012-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:

 * 1:23156 <-> ENABLED <-> BLACKLIST URI Nuclear Pack exploit kit landing page (blacklist.rules)
 * 1:23161 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules)
 * 1:23157 <-> ENABLED <-> BLACKLIST URI Nuclear Pack exploit kit binary download (blacklist.rules)
 * 1:23158 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch (specific-threats.rules)
 * 1:23160 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:23159 <-> ENABLED <-> SPECIFIC-THREATS Blackhole landing page with specific structure (specific-threats.rules)

Modified Rules:

 * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules)