Sourcefire VRT Rules Update

Date: 2013-04-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:26466 <-> DISABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26465 <-> DISABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A outbound connection (malware-cnc.rules)
 * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A outbound connection (malware-cnc.rules)
 * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26455 <-> ENABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules)
 * 1:26454 <-> ENABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules)
 * 1:26453 <-> ENABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules)
 * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr function rename attempt (indicator-obfuscation.rules)
 * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules)
 * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26443 <-> ENABLED <-> MALWARE-CNC Android MDK encrypted information leak (malware-cnc.rules)
 * 1:26442 <-> ENABLED <-> MALWARE-CNC Android MDK encrypted information leak (malware-cnc.rules)
 * 1:26441 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26439 <-> ENABLED <-> FILE-OTHER Oracle Java known malicious jar file download - specific structure (file-other.rules)
 * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules)
 * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules)
 * 1:26436 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center FaultDownloadServlet information disclosure attempt (server-webapp.rules)
 * 1:26435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules)
 * 1:26434 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:26431 <-> DISABLED <-> SERVER-WEBAPP Apache mod_proxy_balancer cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:8706 <-> DISABLED <-> SERVER-MAIL YPOPS buffer overflow attempt (server-mail.rules)
 * 1:4638 <-> DISABLED <-> SERVER-OTHER RSVP Protocol zero length object DoS attempt (server-other.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AIM goaway message buffer overflow attempt (server-other.rules)
 * 1:308 <-> DISABLED <-> SERVER-OTHER NextFTP client overflow (server-other.rules)
 * 1:266 <-> DISABLED <-> OS-OTHER OS-OTHER x86 FreeBSD overflow attempt (os-other.rules)
 * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26423 <-> ENABLED <-> FILE-IDENTIFY Metalink File file attachment detected (file-identify.rules)
 * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:26365 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26364 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26363 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26362 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26361 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26360 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26359 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26358 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26357 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26356 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26355 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Vectmp variant outbound connection (malware-cnc.rules)
 * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Sonide variant outbound connection (malware-cnc.rules)
 * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules)
 * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules)
 * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules)
 * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules)
 * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules)
 * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules)
 * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules)
 * 1:26200 <-> ENABLED <-> FILE-OTHER Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-other.rules)
 * 1:26199 <-> ENABLED <-> FILE-OTHER Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-other.rules)
 * 1:26198 <-> ENABLED <-> FILE-OTHER Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-other.rules)
 * 1:26194 <-> ENABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules)
 * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules)
 * 1:26175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:26174 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:26173 <-> DISABLED <-> FILE-FLASH Adobe Flashplayer sortOn heap overflow attempt (file-flash.rules)
 * 1:26164 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules)
 * 1:26131 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26124 <-> ENABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules)
 * 1:26121 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26120 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26118 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules)
 * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules)
 * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Pass (blacklist.rules)
 * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules)
 * 1:25974 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25804 <-> ENABLED <-> EXPLOIT-KIT Whitehole exploit kit initial redirection successful (exploit-kit.rules)
 * 1:255 <-> DISABLED <-> DNS dns zone transfer via TCP detected (dns.rules)
 * 1:25286 <-> ENABLED <-> SERVER-WEBAPP MoinMoin arbitrary file upload attempt (server-webapp.rules)
 * 1:24737 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24736 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24735 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24734 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24733 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24732 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24731 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24730 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24729 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24728 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24642 <-> ENABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 1:2464 <-> DISABLED <-> SERVER-OTHER Ethereal EIGRP prefix length overflow attempt (server-other.rules)
 * 1:2463 <-> DISABLED <-> SERVER-OTHER Ethereal IGMP IGAP message overflow attempt (server-other.rules)
 * 1:2462 <-> DISABLED <-> SERVER-OTHER Ethereal IGMP IGAP account overflow attempt (server-other.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24561 <-> DISABLED <-> SERVER-WEBAPP WordPress XSS fs-admin.php injection attempt (server-webapp.rules)
 * 1:24519 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code execution attempt (server-webapp.rules)
 * 1:24518 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code injection attempt (server-webapp.rules)
 * 1:24517 <-> DISABLED <-> SERVER-WEBAPP F5 Networks FirePass my.activation.php3 state parameter sql injection attempt (server-webapp.rules)
 * 1:24509 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:2446 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt - ISS Witty Worm (server-other.rules)
 * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules)
 * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23466 <-> ENABLED <-> SERVER-WEBAPP IBM System Storage DS storage manager profiler XSS attempt (server-webapp.rules)
 * 1:23434 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino cross site scripting attempt (server-webapp.rules)
 * 1:23433 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino cross site scripting attempt (server-webapp.rules)
 * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules)
 * 1:23402 <-> DISABLED <-> SERVER-WEBAPP CVS remote file information disclosure attempt (server-webapp.rules)
 * 1:23328 <-> ENABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules)
 * 1:23260 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver cross site scripting attempt (server-webapp.rules)
 * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22082 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:21762 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CMailServer CMailCOM Buffer Overflow attempt (server-webapp.rules)
 * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole Landing Page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole Landing Page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor outbound connection (malware-cnc.rules)
 * 1:21351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli kuddb2 denial of service attempt (server-other.rules)
 * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules)
 * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules)
 * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules)
 * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules)
 * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules)
 * 1:20737 <-> DISABLED <-> SERVER-WEBAPP 427BB cookie-based authentication bypass attempt (server-webapp.rules)
 * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules)
 * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules)
 * 1:20529 <-> DISABLED <-> FILE-OTHER Oracle Java trusted method chaining attempt (file-other.rules)
 * 1:20249 <-> ENABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules)
 * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules)
 * 1:20110 <-> ENABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules)
 * 1:19661 <-> ENABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules)
 * 1:1966 <-> DISABLED <-> SERVER-OTHER GlobalSunTech Access Point Information Disclosure attempt (server-other.rules)
 * 1:19657 <-> ENABLED <-> MALWARE-CNC FakeAV variant traffic (malware-cnc.rules)
 * 1:1948 <-> DISABLED <-> DNS dns zone transfer via UDP detected (dns.rules)
 * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules)
 * 1:19299 <-> DISABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19298 <-> DISABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules)
 * 1:19297 <-> DISABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules)
 * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules)
 * 1:19136 <-> ENABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules)
 * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules)
 * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules)
 * 1:18679 <-> ENABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules)
 * 1:1838 <-> DISABLED <-> SERVER-OTHER SSH server banner overflow (server-other.rules)
 * 1:18293 <-> ENABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules)
 * 1:18274 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18188 <-> ENABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules)
 * 1:17817 <-> ENABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17778 <-> ENABLED <-> SERVER-OTHER BitDefender Internet Security script code execution attempt (server-other.rules)
 * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules)
 * 1:17660 <-> ENABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules)
 * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules)
 * 1:17621 <-> DISABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules)
 * 1:17620 <-> DISABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules)
 * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules)
 * 1:17566 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules)
 * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules)
 * 1:17528 <-> ENABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules)
 * 1:17397 <-> ENABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules)
 * 1:17370 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules)
 * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules)
 * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules)
 * 1:17315 <-> ENABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules)
 * 1:17305 <-> ENABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17299 <-> ENABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules)
 * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules)
 * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules)
 * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules)
 * 1:16785 <-> ENABLED <-> BROWSER-PLUGINS AwingSoft Winds3D Player SceneURL method command execution attempt (browser-plugins.rules)
 * 1:16776 <-> DISABLED <-> BROWSER-PLUGINS KeyWorks KeyHelp ActiveX control JumpURL method access attempt (browser-plugins.rules)
 * 1:16774 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX function call access (browser-plugins.rules)
 * 1:16772 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules)
 * 1:16745 <-> DISABLED <-> BROWSER-PLUGINS DjVu ActiveX control access attempt (browser-plugins.rules)
 * 1:16738 <-> ENABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules)
 * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules)
 * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules)
 * 1:16731 <-> ENABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules)
 * 1:16714 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX Control access attempt (browser-plugins.rules)
 * 1:16598 <-> ENABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules)
 * 1:16587 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities buffer overflow attempt (file-other.rules)
 * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules)
 * 1:16556 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules)
 * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules)
 * 1:16078 <-> DISABLED <-> SERVER-WEBAPP PHP memory_limit vulnerability exploit attempt (server-webapp.rules)
 * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules)
 * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules)
 * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules)
 * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules)
 * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules)
 * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules)
 * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules)
 * 1:15939 <-> ENABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules)
 * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules)
 * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules)
 * 1:14040 <-> ENABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules)
 * 1:14041 <-> ENABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules)
 * 1:13928 <-> ENABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:13912 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules)
 * 1:13818 <-> DISABLED <-> SERVER-WEBAPP alternate xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:1382 <-> DISABLED <-> SERVER-OTHER CHAT IRC Ettercap parse overflow attempt (server-other.rules)
 * 1:13817 <-> DISABLED <-> SERVER-WEBAPP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:13816 <-> DISABLED <-> SERVER-WEBAPP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:13591 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13521 <-> ENABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:13520 <-> ENABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules)
 * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13292 <-> ENABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules)
 * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules)
 * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules)
 * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules)
 * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules)
 * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)