Sourcefire VRT Rules Update

Date: 2013-07-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:27183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27181 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cinnamyn.com - W32/Kryptik (blacklist.rules)
 * 1:27218 <-> DISABLED <-> SERVER-WEBAPP Themescript remote file include in CheckUpload.php Language (server-webapp.rules)
 * 1:27217 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules)
 * 1:27219 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX activex control ActiveX clsid access attempt (browser-plugins.rules)
 * 1:27216 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules)
 * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:27215 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules)
 * 1:27208 <-> DISABLED <-> BROWSER-PLUGINS Symantec WinFax Pro ActiveX heap buffer overflow attempt (browser-plugins.rules)
 * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI 2.0 RAKP cipher zero remote authentication bypass attempt (server-other.rules)
 * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:27207 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules)
 * 1:27209 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveAudio ActiveX remote code execution attempt (browser-plugins.rules)
 * 1:27206 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules)
 * 1:27187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules)
 * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules)
 * 1:27205 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services CallHTMLHelp ActiveX buffer overflow attempt (browser-plugins.rules)
 * 1:27204 <-> DISABLED <-> MALWARE-CNC Potential Bancos Brazilian Banking Trojan Browser Proxy Autoconfig File (malware-cnc.rules)
 * 1:27203 <-> ENABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules)
 * 1:27202 <-> DISABLED <-> MALWARE-CNC Win.Harbinger Rootkit Click Fraud HTTP request (malware-cnc.rules)
 * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (server-webapp.rules)
 * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules)
 * 1:27201 <-> DISABLED <-> MALWARE-CNC Unknown Brazilian Banking Trojan (malware-cnc.rules)
 * 1:27186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27194 <-> ENABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:27189 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27188 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27195 <-> ENABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:27180 <-> ENABLED <-> BLACKLIST DNS request for known malware domain twinkcam.net - W32/Kryptik (blacklist.rules)
 * 1:27182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27196 <-> DISABLED <-> SERVER-WEBAPP OpenEngine filepool.php remote file include attempt (server-webapp.rules)
 * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules)
 * 1:27193 <-> ENABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)

Modified Rules:


 * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules)
 * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules)
 * 1:18099 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules)
 * 1:26019 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules)
 * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23335 <-> ENABLED <-> MALWARE-CNC Trojan.Swisyn outbound connection (malware-cnc.rules)
 * 1:21757 <-> ENABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules)
 * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules)
 * 1:25675 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules)
 * 1:2523 <-> DISABLED <-> SERVER-OTHER BGP spoofed connection reset attempt (server-other.rules)
 * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules)
 * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules)
 * 1:2486 <-> DISABLED <-> SERVER-OTHER ISAKMP invalid identification payload attempt (server-other.rules)
 * 1:1257 <-> DISABLED <-> SERVER-OTHER Winnuke attack (server-other.rules)
 * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules)
 * 1:24496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules)
 * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules)
 * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:14235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services CallHTMLHelp ActiveX buffer overflow attempt (browser-plugins.rules)
 * 1:24497 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules)
 * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules)
 * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules)
 * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules)
 * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules)
 * 1:21436 <-> ENABLED <-> MALWARE-CNC Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21347 <-> DISABLED <-> EXPLOIT-KIT URI possible Blackhole URL - .php?page= (exploit-kit.rules)
 * 1:21416 <-> DISABLED <-> MALWARE-CNC Trojan.Bankpatch.C authentication string detected (malware-cnc.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21188 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string API Guide test program (blacklist.rules)
 * 1:21042 <-> DISABLED <-> EXPLOIT-KIT URI possible Blackhole post-compromise download attempt - .php?f= (exploit-kit.rules)
 * 1:21043 <-> DISABLED <-> EXPLOIT-KIT URI possible Blackhole post-compromise download attempt - .php?e= (exploit-kit.rules)
 * 1:21041 <-> DISABLED <-> EXPLOIT-KIT URI possible Blackhole URL - main.php?page= (exploit-kit.rules)
 * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules)
 * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules)
 * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules)
 * 1:24372 <-> ENABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:3825 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger Message Send (policy-social.rules)
 * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules)
 * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules)
 * 1:277 <-> DISABLED <-> SERVER-OTHER RealNetworks Server template.html (server-other.rules)
 * 1:15295 <-> DISABLED <-> MALWARE-CNC Trojan.Bankpatch.C configuration (malware-cnc.rules)
 * 1:15296 <-> DISABLED <-> MALWARE-CNC Trojan.Bankpatch.C malicious file download (malware-cnc.rules)
 * 1:15297 <-> DISABLED <-> MALWARE-CNC Trojan.Bankpatch.C report home (malware-cnc.rules)
 * 1:15423 <-> DISABLED <-> MALWARE-CNC Clampi virus communication detected (malware-cnc.rules)
 * 1:1545 <-> DISABLED <-> SERVER-OTHER Cisco denial of service attempt (server-other.rules)
 * 1:15509 <-> ENABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules)
 * 1:15572 <-> ENABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules)
 * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules)
 * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules)
 * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules)
 * 1:1605 <-> DISABLED <-> SERVER-OTHER iParty DOS attempt (server-other.rules)
 * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules)
 * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules)
 * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules)
 * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules)
 * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules)
 * 1:1641 <-> DISABLED <-> SERVER-OTHER DB2 dos attempt (server-other.rules)
 * 1:16566 <-> DISABLED <-> BROWSER-PLUGINS Tumbleweed SecureTransport ActiveX clsid access (browser-plugins.rules)
 * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules)
 * 1:16709 <-> ENABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules)
 * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules)
 * 1:17815 <-> ENABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> ENABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18098 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules)
 * 1:18100 <-> DISABLED <-> MALWARE-CNC Tidserv malware command and control channel traffic (malware-cnc.rules)
 * 1:18293 <-> ENABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules)
 * 1:18458 <-> ENABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> ENABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules)
 * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules)
 * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules)
 * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules)
 * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules)
 * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules)
 * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules)
 * 1:18900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (W32.Swizzor -- malware-cnc.rules)
 * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules)
 * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules)
 * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules)
 * 1:19159 <-> ENABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules)
 * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:21758 <-> ENABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:1408 <-> DISABLED <-> SERVER-OTHER MSDTC attempt (server-other.rules)
 * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules)
 * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules)
 * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules)
 * 1:21961 <-> DISABLED <-> MALWARE-CNC IP2B communication protocol connection to server (malware-cnc.rules)
 * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules)
 * 1:23099 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23333 <-> DISABLED <-> MALWARE-CNC Trojan.Banker initial C&C checkin (malware-cnc.rules)
 * 1:21960 <-> DISABLED <-> MALWARE-CNC LURK communication protocol connection to server (malware-cnc.rules)
 * 1:23380 <-> DISABLED <-> MALWARE-CNC Trojan.Ventana initial outbound connection (malware-cnc.rules)
 * 1:21962 <-> DISABLED <-> MALWARE-CNC BB communication protocol connection to server (malware-cnc.rules)
 * 1:23331 <-> DISABLED <-> MALWARE-CNC Trojan.Mybot outbound connection (malware-cnc.rules)
 * 1:23382 <-> ENABLED <-> MALWARE-CNC Trojan.SpyEye outbound connection (malware-cnc.rules)
 * 1:23976 <-> DISABLED <-> MALWARE-CNC Trojan.Genome initial variant outbound connection (malware-cnc.rules)
 * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv outbound connection (malware-cnc.rules)
 * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd outbound connection (malware-cnc.rules)
 * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules)
 * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules)
 * 1:20221 <-> ENABLED <-> MALWARE-CNC Trojan.Injector outbound connection (malware-cnc.rules)
 * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (malware-cnc.rules)
 * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules)
 * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules)
 * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules)
 * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs outbound connection (malware-cnc.rules)
 * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules)
 * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj outbound connection (malware-cnc.rules)
 * 1:10403 <-> ENABLED <-> MALWARE-CNC Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules)
 * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:13625 <-> DISABLED <-> MALWARE-CNC MBR rootkit HTTP POST activity detected (malware-cnc.rules)
 * 1:271 <-> DISABLED <-> SERVER-OTHER UDP echo+chargen bomb (server-other.rules)
 * 1:26575 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kdb_ldap plugin kinit operation denial of service attempt (server-other.rules)
 * 1:26451 <-> DISABLED <-> EXPLOIT-KIT g01pack Javascript substr function wrapper attempt (exploit-kit.rules)
 * 1:9622 <-> DISABLED <-> SERVER-OTHER Spiffit UDP denial of service attempt (server-other.rules)
 * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules)
 * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules)
 * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules)
 * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules)
 * 1:26682 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules)
 * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules)
 * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:272 <-> DISABLED <-> OS-WINDOWS Microsoft WIndows IGMP dos attack (os-windows.rules)
 * 1:21473 <-> DISABLED <-> MALWARE-CNC Trojan.GameThief variant outbound connection (malware-cnc.rules)
 * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules)
 * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules)
 * 1:21477 <-> DISABLED <-> MALWARE-CNC Trojan.Noobot outbound connection (malware-cnc.rules)
 * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules)
 * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules)
 * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules)
 * 1:279 <-> DISABLED <-> SERVER-OTHER Bay/Nortel Nautica Marlin (server-other.rules)
 * 1:21755 <-> ENABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules)
 * 1:21756 <-> ENABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:23262 <-> ENABLED <-> MALWARE-CNC Trojan.Banker outbound connection (malware-cnc.rules)
 * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:23317 <-> DISABLED <-> MALWARE-CNC Trojan.Dropper initial outbound connection (malware-cnc.rules)
 * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules)
 * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules)
 * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:23450 <-> DISABLED <-> MALWARE-CNC Trojan.McRat connect to server (malware-cnc.rules)
 * 1:276 <-> DISABLED <-> SERVER-OTHER RealNetworks Audio Server denial of service attempt (server-other.rules)
 * 1:23345 <-> DISABLED <-> MALWARE-CNC RunTime Win.Trojan.tchfro.A outbound connection (malware-cnc.rules)
 * 1:2330 <-> DISABLED <-> PROTOCOL-IMAP auth overflow attempt (protocol-imap.rules)
 * 1:23334 <-> ENABLED <-> MALWARE-CNC Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:281 <-> DISABLED <-> SERVER-OTHER Ascend Route (server-other.rules)
 * 1:3089 <-> DISABLED <-> SERVER-OTHER squid WCCP I_SEE_YOU message overflow attempt (server-other.rules)
 * 1:3826 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger Message Receive (policy-social.rules)
 * 1:23261 <-> ENABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:4140 <-> DISABLED <-> SERVER-OTHER tcpdump tcp LDP print zero length message denial of service attempt (server-other.rules)
 * 1:3442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP print service overflow attempt (os-windows.rules)
 * 1:4141 <-> DISABLED <-> SERVER-OTHER tcpdump udp LDP print zero length message denial of service attempt (server-other.rules)
 * 1:21662 <-> ENABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules)
 * 1:278 <-> DISABLED <-> SERVER-OTHER RealNetworks Server template.html (server-other.rules)