Sourcefire VRT Rules Update

Date: 2007-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
12672 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - get ads (spyware-put.rules)
12673 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules)
12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules)
12675 <-> BACKDOOR Versi TheTheef Detection (backdoor.rules)
12676 <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules)
12677 <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules)
12678 <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules)
12679 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules)
12680 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt - TCP (voip.rules)
12681 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules)
12682 <-> VOIP-SIP From header field buffer overflow attempt - TCP (voip.rules)
12683 <-> VOIP-SIP From header field buffer overflow attempt - UDP (voip.rules)
12684 <-> BACKDOOR Sygate Remote Administration Engine (backdoor.rules)
12685 <-> EXPLOIT IBM Tivoli Storage Manger Express CAD Host buffer overflow (exploit.rules)
12686 <-> POLICY AIM Express Usage (policy.rules)
12687 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
12688 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)

Updated rules:
 113 <-> DELETED BACKDOOR DeepThroat access (deleted.rules)
 116 <-> DELETED BACKDOOR BackOrifice access (deleted.rules)
 122 <-> DELETED BACKDOOR DeepThroat 3.1 System Info Client Request (deleted.rules)
 124 <-> DELETED BACKDOOR DeepThroat 3.1 FTP Status Client Request (deleted.rules)
 125 <-> DELETED BACKDOOR DeepThroat 3.1 E-Mail Info From Server (deleted.rules)
 126 <-> DELETED BACKDOOR DeepThroat 3.1 E-Mail Info Client Request (deleted.rules)
 127 <-> DELETED BACKDOOR DeepThroat 3.1 Server Status From Server (deleted.rules)
 128 <-> DELETED BACKDOOR DeepThroat 3.1 Server Status Client Request (deleted.rules)
 129 <-> DELETED BACKDOOR DeepThroat 3.1 Drive Info From Server (deleted.rules)
 130 <-> DELETED BACKDOOR DeepThroat 3.1 System Info From Server (deleted.rules)
 131 <-> DELETED BACKDOOR DeepThroat 3.1 Drive Info Client Request (deleted.rules)
 132 <-> DELETED BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server (deleted.rules)
 133 <-> DELETED BACKDOOR DeepThroat 3.1 Cached Passwords Client Request (deleted.rules)
 134 <-> DELETED BACKDOOR DeepThroat 3.1 RAS Passwords Client Request (deleted.rules)
 135 <-> DELETED BACKDOOR DeepThroat 3.1 Server Password Change Client Request (deleted.rules)
 136 <-> DELETED BACKDOOR DeepThroat 3.1 Server Password Remove Client Request (deleted.rules)
 137 <-> DELETED BACKDOOR DeepThroat 3.1 Rehash Client Request (deleted.rules)
 138 <-> DELETED BACKDOOR DeepThroat 3.1 Server Rehash Client Request (deleted.rules)
 140 <-> DELETED BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request (deleted.rules)
 142 <-> DELETED BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request (deleted.rules)
 143 <-> DELETED BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request (deleted.rules)
 148 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger Active on Network (deleted.rules)
 149 <-> DELETED BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network (deleted.rules)
 150 <-> DELETED BACKDOOR DeepThroat 3.1 Server Active on Network (deleted.rules)
 151 <-> DELETED BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network (deleted.rules)
 154 <-> DELETED BACKDOOR DeepThroat 3.1 Wrong Password (deleted.rules)
 156 <-> DELETED BACKDOOR DeepThroat 3.1 Visible Window List Client Request (deleted.rules)
 161 <-> BACKDOOR Matrix 2.0 Client connect (backdoor.rules)
 162 <-> BACKDOOR Matrix 2.0 Server access (backdoor.rules)
 164 <-> DELETED BACKDOOR DeepThroat 3.1 Server Active on Network (deleted.rules)
 165 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger on Server ON (deleted.rules)
 166 <-> DELETED BACKDOOR DeepThroat 3.1 Show Picture Client Request (deleted.rules)
 167 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request (deleted.rules)
 168 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request (deleted.rules)
 169 <-> DELETED BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request (deleted.rules)
 170 <-> DELETED BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request (deleted.rules)
 171 <-> DELETED BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request (deleted.rules)
 172 <-> DELETED BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request (deleted.rules)
 173 <-> DELETED BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request (deleted.rules)
 174 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request (deleted.rules)
 175 <-> DELETED BACKDOOR DeepThroat 3.1 Resolution Change Client Request (deleted.rules)
 176 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request (deleted.rules)
 177 <-> DELETED BACKDOOR DeepThroat 3.1 Keylogger on Server OFF (deleted.rules)
 179 <-> DELETED BACKDOOR DeepThroat 3.1 FTP Server Port Client Request (deleted.rules)
 180 <-> DELETED BACKDOOR DeepThroat 3.1 Process List Client request (deleted.rules)
 181 <-> DELETED BACKDOOR DeepThroat 3.1 Close Port Scan Client Request (deleted.rules)
 182 <-> DELETED BACKDOOR DeepThroat 3.1 Registry Add Client Request (deleted.rules)
 186 <-> DELETED BACKDOOR DeepThroat 3.1 Monitor on/off Client Request (deleted.rules)
 187 <-> DELETED BACKDOOR DeepThroat 3.1 Delete File Client Request (deleted.rules)
 188 <-> DELETED BACKDOOR DeepThroat 3.1 Kill Window Client Request (deleted.rules)
 189 <-> DELETED BACKDOOR DeepThroat 3.1 Disable Window Client Request (deleted.rules)
 190 <-> DELETED BACKDOOR DeepThroat 3.1 Enable Window Client Request (deleted.rules)
 191 <-> DELETED BACKDOOR DeepThroat 3.1 Change Window Title Client Request (deleted.rules)
 192 <-> DELETED BACKDOOR DeepThroat 3.1 Hide Window Client Request (deleted.rules)
 193 <-> DELETED BACKDOOR DeepThroat 3.1 Show Window Client Request (deleted.rules)
 194 <-> DELETED BACKDOOR DeepThroat 3.1 Send Text to Window Client Request (deleted.rules)
 195 <-> BACKDOOR DeepThroat 3.1 Server Response (backdoor.rules)
 196 <-> DELETED BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request (deleted.rules)
 197 <-> DELETED BACKDOOR DeepThroat 3.1 Create Directory Client Request (deleted.rules)
 198 <-> DELETED BACKDOOR DeepThroat 3.1 All Window List Client Request (deleted.rules)
 199 <-> DELETED BACKDOOR DeepThroat 3.1 Play Sound Client Request (deleted.rules)
 200 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Normal Client Request (deleted.rules)
 201 <-> DELETED BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request (deleted.rules)
 202 <-> DELETED BACKDOOR DeepThroat 3.1 Get NET File Client Request (deleted.rules)
 203 <-> DELETED BACKDOOR DeepThroat 3.1 Find File Client Request (deleted.rules)
 204 <-> DELETED BACKDOOR DeepThroat 3.1 Find File Client Request (deleted.rules)
 205 <-> DELETED BACKDOOR DeepThroat 3.1 HUP Modem Client Request (deleted.rules)
 206 <-> DELETED BACKDOOR DeepThroat 3.1 CD ROM Open Client Request (deleted.rules)
 207 <-> DELETED BACKDOOR DeepThroat 3.1 CD ROM Close Client Request (deleted.rules)
 223 <-> DDOS Trin00 Daemon to Master PONG message detected (ddos.rules)
 231 <-> DDOS Trin00 Daemon to Master message detected (ddos.rules)
 232 <-> DDOS Trin00 Daemon to Master *HELLO* message detected (ddos.rules)
 237 <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules)
 238 <-> DDOS TFN server response (ddos.rules)
 239 <-> DDOS shaft handler to agent (ddos.rules)
 240 <-> DDOS shaft agent to handler (ddos.rules)
 243 <-> DDOS mstream agent to handler (ddos.rules)
 244 <-> DDOS mstream handler to agent (ddos.rules)
 245 <-> DDOS mstream handler ping to agent (ddos.rules)
 246 <-> DDOS mstream agent pong to handler (ddos.rules)
 252 <-> DELETED DNS named iquery attempt (deleted.rules)
 253 <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 254 <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 256 <-> DNS named authors attempt (dns.rules)
 271 <-> DOS UDP echo+chargen bomb (dos.rules)
 279 <-> DOS Bay/Nortel Nautica Marlin (dos.rules)
 281 <-> DOS Ascend Route (dos.rules)
 312 <-> EXPLOIT ntpdx overflow attempt (exploit.rules)
 313 <-> EXPLOIT ntalkd x86 Linux overflow (exploit.rules)
 314 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules)
 315 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules)
 316 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules)
 317 <-> EXPLOIT x86 Linux mountd overflow (exploit.rules)
 318 <-> DELETED EXPLOIT bootp x86 bsd overfow (deleted.rules)
 319 <-> DELETED EXPLOIT bootp x86 linux overflow (deleted.rules)
 516 <-> MISC SNMP NT UserList (misc.rules)
 517 <-> MISC xdmcp query (misc.rules)
 518 <-> TFTP Put (tftp.rules)
 519 <-> TFTP parent directory (tftp.rules)
 520 <-> TFTP root directory (tftp.rules)
 525 <-> BAD-TRAFFIC udp port 0 traffic (bad-traffic.rules)
 566 <-> POLICY PCAnywhere server response (policy.rules)
 575 <-> RPC portmap admind request UDP (rpc.rules)
 576 <-> RPC portmap amountd request UDP (rpc.rules)
 577 <-> RPC portmap bootparam request UDP (rpc.rules)
 578 <-> RPC portmap cmsd request UDP (rpc.rules)
 579 <-> RPC portmap mountd request UDP (rpc.rules)
 580 <-> RPC portmap nisd request UDP (rpc.rules)
 581 <-> RPC portmap pcnfsd request UDP (rpc.rules)
 582 <-> RPC portmap rexd request UDP (rpc.rules)
 583 <-> RPC portmap rstatd request UDP (rpc.rules)
 584 <-> RPC portmap rusers request UDP (rpc.rules)
 585 <-> RPC portmap sadmind request UDP (rpc.rules)
 586 <-> RPC portmap selection_svc request UDP (rpc.rules)
 587 <-> RPC portmap status request UDP (rpc.rules)
 590 <-> RPC portmap ypserv request UDP (rpc.rules)
 592 <-> DELETED RPC rstatd query (deleted.rules)
 634 <-> SCAN Amanda client-version request (scan.rules)
1277 <-> RPC portmap ypupdated request UDP (rpc.rules)
1279 <-> RPC portmap snmpXdmi request UDP (rpc.rules)
1280 <-> RPC portmap listing UDP 111 (rpc.rules)
1281 <-> RPC portmap listing UDP 32771 (rpc.rules)
1289 <-> TFTP GET Admin.dll (tftp.rules)
1296 <-> DELETED RPC portmap request yppasswdd (deleted.rules)
1299 <-> DELETED RPC portmap tooltalk request UDP (deleted.rules)
1384 <-> MISC UPnP malformed advertisement (misc.rules)
1409 <-> SNMP community string buffer overflow attempt (snmp.rules)
1411 <-> SNMP public access udp (snmp.rules)
1413 <-> SNMP private access udp (snmp.rules)
1415 <-> SNMP Broadcast request (snmp.rules)
1416 <-> SNMP broadcast trap (snmp.rules)
1417 <-> SNMP request udp (snmp.rules)
1419 <-> SNMP trap udp (snmp.rules)
1422 <-> SNMP community string buffer overflow attempt with evasion (snmp.rules)
1441 <-> TFTP GET nc.exe (tftp.rules)
1442 <-> TFTP GET shadow (tftp.rules)
1443 <-> TFTP GET passwd (tftp.rules)
1444 <-> TFTP Get (tftp.rules)
1504 <-> MISC AFS access (misc.rules)
1616 <-> DNS named version attempt (dns.rules)
1732 <-> RPC portmap rwalld request UDP (rpc.rules)
1746 <-> RPC portmap cachefsd request UDP (rpc.rules)
1771 <-> POLICY IPSec PGPNet connection attempt (policy.rules)
1853 <-> BACKDOOR win-trin00 connection attempt (backdoor.rules)
1867 <-> MISC xdmcp info query (misc.rules)
1890 <-> RPC status GHBN format string attack (rpc.rules)
1905 <-> RPC AMD UDP amqproc_mount plog overflow attempt (rpc.rules)
1907 <-> RPC CMSD UDP CMSD_CREATE buffer overflow attempt (rpc.rules)
1910 <-> RPC CMSD udp CMSD_INSERT buffer overflow attempt (rpc.rules)
1911 <-> RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules)
1913 <-> RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules)
1915 <-> RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules)
1923 <-> RPC portmap proxy attempt UDP (rpc.rules)
1924 <-> RPC mountd UDP export request (rpc.rules)
1926 <-> RPC mountd UDP exportall request (rpc.rules)
1939 <-> MISC bootp hardware address length overflow (misc.rules)
1940 <-> MISC bootp invalid hardware type (misc.rules)
1941 <-> TFTP GET filename overflow attempt (tftp.rules)
1948 <-> DNS zone transfer UDP (dns.rules)
1950 <-> RPC portmap SET attempt UDP 111 (rpc.rules)
1952 <-> RPC mountd UDP mount request (rpc.rules)
1954 <-> RPC AMD UDP pid request (rpc.rules)
1956 <-> RPC AMD UDP version request (rpc.rules)
1964 <-> RPC tooltalk UDP overflow attempt (rpc.rules)
1966 <-> MISC GlobalSunTech Access Point Information Disclosure attempt (misc.rules)
1980 <-> BACKDOOR DeepThroat 3.1 Connection attempt (backdoor.rules)
1981 <-> BACKDOOR DeepThroat 3.1 Connection attempt [3150] (backdoor.rules)
1982 <-> BACKDOOR DeepThroat 3.1 Server Response [3150] (backdoor.rules)
1983 <-> BACKDOOR DeepThroat 3.1 Connection attempt [4120] (backdoor.rules)
1984 <-> BACKDOOR DeepThroat 3.1 Server Response [4120] (backdoor.rules)
2003 <-> MS-SQL Worm propagation attempt (sql.rules)
2005 <-> RPC portmap kcms_server request UDP (rpc.rules)
2015 <-> RPC portmap UNSET attempt UDP 111 (rpc.rules)
2017 <-> RPC portmap espd request UDP (rpc.rules)
2019 <-> RPC mountd UDP dump request (rpc.rules)
2021 <-> RPC mountd UDP unmount request (rpc.rules)
2023 <-> RPC mountd UDP unmountall request (rpc.rules)
2025 <-> RPC yppasswd username overflow attempt UDP (rpc.rules)
2027 <-> RPC yppasswd old password overflow attempt UDP (rpc.rules)
2029 <-> RPC yppasswd new password overflow attempt UDP (rpc.rules)
2031 <-> RPC yppasswd user update UDP (rpc.rules)
2033 <-> RPC ypserv maplist request UDP (rpc.rules)
2035 <-> RPC portmap network-status-monitor request UDP (rpc.rules)
2037 <-> RPC network-status-monitor mon-callback request UDP (rpc.rules)
2039 <-> MISC bootp hostname format string attempt (misc.rules)
2040 <-> POLICY xtacacs login attempt (policy.rules)
2041 <-> MISC xtacacs failed login response (misc.rules)
2042 <-> POLICY xtacacs accepted login response (policy.rules)
2045 <-> RPC snmpXdmi overflow attempt UDP (rpc.rules)
2049 <-> MS-SQL ping attempt (sql.rules)
2079 <-> RPC portmap nlockmgr request UDP (rpc.rules)
2081 <-> RPC portmap rpc.xfsmd request UDP (rpc.rules)
2083 <-> RPC rpc.xfsmd xfs_export attempt UDP (rpc.rules)
2092 <-> RPC portmap proxy integer overflow attempt UDP (rpc.rules)
2094 <-> RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
2185 <-> RPC mountd UDP mount path overflow attempt (rpc.rules)
2256 <-> RPC sadmind query with root credentials attempt UDP (rpc.rules)
2316 <-> DELETED NETBIOS DCERPC Workstation Service direct service access attempt (deleted.rules)
2329 <-> MS-SQL probe response overflow attempt (sql.rules)
2332 <-> FTP MKD format string attempt (ftp.rules)
2336 <-> DELETED TFTP NULL command attempt (deleted.rules)
2337 <-> TFTP PUT filename overflow attempt (tftp.rules)
2339 <-> TFTP NULL command attempt (tftp.rules)
2376 <-> EXPLOIT ISAKMP first payload certificate request length overflow attempt (exploit.rules)
2377 <-> EXPLOIT ISAKMP second payload certificate request length overflow attempt (exploit.rules)
2378 <-> EXPLOIT ISAKMP third payload certificate request length overflow attempt (exploit.rules)
2379 <-> EXPLOIT ISAKMP forth payload certificate request length overflow attempt (exploit.rules)
2380 <-> EXPLOIT ISAKMP fifth payload certificate request length overflow attempt (exploit.rules)
2413 <-> EXPLOIT ISAKMP delete hash with empty hash attempt (exploit.rules)
2414 <-> EXPLOIT ISAKMP initial contact notification without SPI attempt (exploit.rules)
2415 <-> EXPLOIT ISAKMP second payload initial contact notification without SPI attempt (exploit.rules)
2446 <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt (exploit.rules)
2465 <-> DELETED NETBIOS-DG SMB IPC$ share access (deleted.rules)
2466 <-> DELETED NETBIOS-DG SMB IPC$ unicode share access (deleted.rules)
2486 <-> DOS ISAKMP invalid identification payload attempt (dos.rules)
2578 <-> EXPLOIT kerberos principal name overflow UDP (exploit.rules)
2921 <-> DNS UDP inverse query (dns.rules)
3006 <-> EXPLOIT Volition Freespace 2 buffer overflow attempt (exploit.rules)
3080 <-> MISC Unreal Tournament secure overflow attempt (misc.rules)
3089 <-> DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules)
3154 <-> DNS UDP inverse query overflow (dns.rules)
3200 <-> EXPLOIT WINS name query overflow attempt UDP (exploit.rules)
3443 <-> DELETED MS-SQL DNS query with 1 requests (deleted.rules)
3444 <-> DELETED MS-SQL DNS query with 2 requests (deleted.rules)
3445 <-> DELETED MS-SQL DNS query with 3 requests (deleted.rules)
3446 <-> DELETED MS-SQL DNS query with 4 requests (deleted.rules)
3447 <-> DELETED MS-SQL DNS query with 5 requests (deleted.rules)
3448 <-> DELETED MS-SQL DNS query with 6 requests (deleted.rules)
3449 <-> DELETED MS-SQL DNS query with 7 requests (deleted.rules)
3450 <-> DELETED MS-SQL DNS query with 8 requests (deleted.rules)
3451 <-> DELETED MS-SQL DNS query with 9 requests (deleted.rules)
3452 <-> DELETED MS-SQL DNS query with 10 requests (deleted.rules)
3459 <-> P2P Manolito Search Query (p2p.rules)
3472 <-> EXPLOIT ARCserve discovery service overflow (exploit.rules)
3480 <-> EXPLOIT ARCserve backup UDP slot info msg client name overflow (exploit.rules)
3481 <-> EXPLOIT ARCserve backup UDP slot info msg client domain overflow (exploit.rules)
3482 <-> EXPLOIT ARCserve backup UDP product info msg 0x9b client name overflow (exploit.rules)
3483 <-> EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow (exploit.rules)
3484 <-> EXPLOIT ARCserve backup UDP product info msg 0x9c client name overflow (exploit.rules)
3485 <-> EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow (exploit.rules)
3530 <-> EXPLOIT ARCserve backup UDP msg 0x99 client name overflow (exploit.rules)
3531 <-> EXPLOIT ARCserve backup UDP msg 0x99 client domain overflow (exploit.rules)
3538 <-> EXPLOIT RADIUS registration MSID overflow attempt (exploit.rules)
3539 <-> EXPLOIT RADIUS MSID overflow attempt (exploit.rules)
3540 <-> EXPLOIT RADIUS registration vendor ATTR_TYPE_STR overflow attempt (exploit.rules)
3541 <-> EXPLOIT RADIUS ATTR_TYPE_STR overflow attempt (exploit.rules)
3628 <-> POLICY Data Rescue IDA Pro startup license check attempt (policy.rules)
3677 <-> EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules)
3773 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas alter context attempt (deleted.rules)
3774 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas bind attempt (deleted.rules)
3775 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian alter context attempt (deleted.rules)
3776 <-> DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian bind attempt (deleted.rules)
3777 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas alter context attempt (deleted.rules)
3778 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas bind attempt (deleted.rules)
3779 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian alter context attempt (deleted.rules)
3780 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian bind attempt (deleted.rules)
3781 <-> DELETED NETBIOS-DG SMB veritas WriteAndX alter context attempt (deleted.rules)
3782 <-> DELETED NETBIOS-DG SMB veritas WriteAndX andx alter context attempt (deleted.rules)
3783 <-> DELETED NETBIOS-DG SMB veritas WriteAndX andx bind attempt (deleted.rules)
3784 <-> DELETED NETBIOS-DG SMB veritas WriteAndX bind attempt (deleted.rules)
3785 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian alter context attempt (deleted.rules)
3786 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx alter context attempt (deleted.rules)
3787 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx bind attempt (deleted.rules)
3788 <-> DELETED NETBIOS-DG SMB veritas WriteAndX little endian bind attempt (deleted.rules)
3789 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode alter context attempt (deleted.rules)
3790 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx alter context attempt (deleted.rules)
3791 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx bind attempt (deleted.rules)
3792 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode bind attempt (deleted.rules)
3793 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian alter context attempt (deleted.rules)
3794 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian andx alter context attempt (deleted.rules)
3795 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian andx bind attempt (deleted.rules)
3796 <-> DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian bind attempt (deleted.rules)
3797 <-> DELETED NETBIOS-DG SMB veritas alter context attempt (deleted.rules)
3798 <-> DELETED NETBIOS-DG SMB veritas andx alter context attempt (deleted.rules)
3799 <-> DELETED NETBIOS-DG SMB veritas andx bind attempt (deleted.rules)
3800 <-> DELETED NETBIOS-DG SMB veritas bind attempt (deleted.rules)
3801 <-> DELETED NETBIOS-DG SMB veritas little endian alter context attempt (deleted.rules)
3802 <-> DELETED NETBIOS-DG SMB veritas little endian andx alter context attempt (deleted.rules)
3803 <-> DELETED NETBIOS-DG SMB veritas little endian andx bind attempt (deleted.rules)
3804 <-> DELETED NETBIOS-DG SMB veritas little endian bind attempt (deleted.rules)
3805 <-> DELETED NETBIOS-DG SMB veritas unicode alter context attempt (deleted.rules)
3806 <-> DELETED NETBIOS-DG SMB veritas unicode andx alter context attempt (deleted.rules)
3807 <-> DELETED NETBIOS-DG SMB veritas unicode andx bind attempt (deleted.rules)
3808 <-> DELETED NETBIOS-DG SMB veritas unicode bind attempt (deleted.rules)
3809 <-> DELETED NETBIOS-DG SMB veritas unicode little endian alter context attempt (deleted.rules)
3810 <-> DELETED NETBIOS-DG SMB veritas unicode little endian andx alter context attempt (deleted.rules)
3811 <-> DELETED NETBIOS-DG SMB veritas unicode little endian andx bind attempt (deleted.rules)
3812 <-> DELETED NETBIOS-DG SMB veritas unicode little endian bind attempt (deleted.rules)
3817 <-> TFTP GET transfer mode overflow attempt (tftp.rules)
3818 <-> TFTP PUT transfer mode overflow attempt (tftp.rules)
3904 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr alter context attempt (deleted.rules)
3905 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr bind attempt (deleted.rules)
3906 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr little endian alter context attempt (deleted.rules)
3907 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr little endian bind attempt (deleted.rules)
3908 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr alter context attempt (deleted.rules)
3909 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr bind attempt (deleted.rules)
3910 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr little endian alter context attempt (deleted.rules)
3911 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr little endian bind attempt (deleted.rules)
3912 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX alter context attempt (deleted.rules)
3913 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX andx alter context attempt (deleted.rules)
3914 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX andx bind attempt (deleted.rules)
3915 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX bind attempt (deleted.rules)
3916 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian alter context attempt (deleted.rules)
3917 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian andx alter context attempt (deleted.rules)
3918 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian andx bind attempt (deleted.rules)
3919 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX little endian bind attempt (deleted.rules)
3920 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode alter context attempt (deleted.rules)
3921 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx alter context attempt (deleted.rules)
3922 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode andx bind attempt (deleted.rules)
3923 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode bind attempt (deleted.rules)
3924 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian alter context attempt (deleted.rules)
3925 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian andx alter context attempt (deleted.rules)
3926 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian andx bind attempt (deleted.rules)
3927 <-> DELETED NETBIOS-DG SMB umpnpmgr WriteAndX unicode little endian bind attempt (deleted.rules)
3928 <-> DELETED NETBIOS-DG SMB umpnpmgr alter context attempt (deleted.rules)
3929 <-> DELETED NETBIOS-DG SMB umpnpmgr andx alter context attempt (deleted.rules)
3930 <-> DELETED NETBIOS-DG SMB umpnpmgr andx bind attempt (deleted.rules)
3931 <-> DELETED NETBIOS-DG SMB umpnpmgr bind attempt (deleted.rules)
3932 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian alter context attempt (deleted.rules)
3933 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian andx alter context attempt (deleted.rules)
3934 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian andx bind attempt (deleted.rules)
3935 <-> DELETED NETBIOS-DG SMB umpnpmgr little endian bind attempt (deleted.rules)
3936 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode alter context attempt (deleted.rules)
3937 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode andx alter context attempt (deleted.rules)
3938 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode andx bind attempt (deleted.rules)
3939 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode bind attempt (deleted.rules)
3940 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian alter context attempt (deleted.rules)
3941 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx alter context attempt (deleted.rules)
3942 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian andx bind attempt (deleted.rules)
3943 <-> DELETED NETBIOS-DG SMB umpnpmgr unicode little endian bind attempt (deleted.rules)
4020 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4021 <-> DELETED NETBIOS DCERPC DIRECT-UDP umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4022 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4023 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4024 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4025 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4026 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4027 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4028 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX andx attempt (deleted.rules)
4029 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules)
4030 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian andx attempt (deleted.rules)
4031 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (deleted.rules)
4032 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules)
4033 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (deleted.rules)
4034 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian andx attempt (deleted.rules)
4035 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (deleted.rules)
4036 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList andx attempt (deleted.rules)
4037 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4038 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList little endian andx attempt (deleted.rules)
4039 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4040 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode andx attempt (deleted.rules)
4041 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode attempt (deleted.rules)
4042 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode little endian andx attempt (deleted.rules)
4043 <-> DELETED NETBIOS-DG SMB umpnpmgr PNP_QueryResConfList unicode little endian attempt (deleted.rules)
4044 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX andx attempt (deleted.rules)
4045 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX attempt (deleted.rules)
4046 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian andx attempt (deleted.rules)
4047 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX little endian attempt (deleted.rules)
4048 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode andx attempt (deleted.rules)
4049 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode attempt (deleted.rules)
4050 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian andx attempt (deleted.rules)
4051 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList WriteAndX unicode little endian attempt (deleted.rules)
4052 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList andx attempt (deleted.rules)
4053 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList attempt (deleted.rules)
4054 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList little endian andx attempt (deleted.rules)
4055 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList little endian attempt (deleted.rules)
4056 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode andx attempt (deleted.rules)
4057 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode attempt (deleted.rules)
4058 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode little endian andx attempt (deleted.rules)
4059 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_QueryResConfList unicode little endian attempt (deleted.rules)
4125 <-> DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt (deleted.rules)
4141 <-> DOS tcpdump udp LDP print zero length message denial of service attempt (dos.rules)
5806 <-> DELETED SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (deleted.rules)
5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules)
6097 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6098 <-> BACKDOOR alvgus 2000 runtime detection - check server (backdoor.rules)
6099 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6100 <-> BACKDOOR alvgus 2000 runtime detection - view content of directory (backdoor.rules)
6101 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6102 <-> BACKDOOR alvgus 2000 runtime detection - execute command (backdoor.rules)
6103 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6104 <-> BACKDOOR alvgus 2000 runtime detection - upload file (backdoor.rules)
6105 <-> BACKDOOR alvgus 2000 runtime detection (backdoor.rules)
6106 <-> BACKDOOR alvgus 2000 runtime detection - download file (backdoor.rules)
6123 <-> BACKDOOR ambush 1.0 runtime detection - ping client-to-server (backdoor.rules)
6124 <-> BACKDOOR ambush 1.0 runtime detection - ping server-to-client (backdoor.rules)
6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules)
6152 <-> BACKDOOR dirtxt runtime detection - chdir client-to-server (backdoor.rules)
6153 <-> BACKDOOR dirtxt runtime detection - chdir server-to-client (backdoor.rules)
6154 <-> BACKDOOR dirtxt runtime detection - info client-to-server (backdoor.rules)
6155 <-> BACKDOOR dirtxt runtime detection - info server-to-client (backdoor.rules)
6156 <-> BACKDOOR dirtxt runtime detection - view client-to-server (backdoor.rules)
6157 <-> BACKDOOR dirtxt runtime detection - view server-to-client (backdoor.rules)
6320 <-> BACKDOOR ptakks2.1 runtime detection - keepalive (backdoor.rules)
6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules)
6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules)
6384 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules)
6513 <-> EXPLOIT Asterisk IAX2 truncated video mini-frame packet overflow attempt (exploit.rules)
6514 <-> EXPLOIT Asterisk IAX2 truncated full-frame packet overflow attempt (exploit.rules)
6515 <-> EXPLOIT Asterisk IAX2 truncated mini-frame packet overflow attempt (exploit.rules)
7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules)
7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules)
7119 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7120 <-> BACKDOOR y3k 1.2 runtime detection - init connection 1 (backdoor.rules)
7121 <-> BACKDOOR y3k 1.2 runtime detection (backdoor.rules)
7122 <-> BACKDOOR y3k 1.2 runtime detection - init connection 2 (backdoor.rules)
7151 <-> SPYWARE-PUT Hacker-Tool sars notifier runtime detection - net send notification (spyware-put.rules)
7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules)
7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules)
8056 <-> DOS ISC DHCP server 2 client_id length denial of service attempt (dos.rules)
8710 <-> DNS Windows NAT helper components udp denial of service attempt (dns.rules)
9402 <-> SPECIFIC-THREATS welchia tftp propagation detection (specific-threats.rules)
9621 <-> TFTP 3COM server transport mode buffer overflow attempt (tftp.rules)
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules)
9624 <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules)
9635 <-> EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (exploit.rules)
9636 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (exploit.rules)
9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules)
10113 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules)
10114 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules)
10125 <-> MISC bomberclone buffer overflow attempt (misc.rules)
10132 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10134 <-> SPECIFIC-THREATS CA Brightstor discovery service buffer overflow attempt (specific-threats.rules)
10160 <-> DELETED NETBIOS-DG SMB writex possible Snort dcerpc preprocessor overflow attempt (deleted.rules)
10192 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid access (web-client.rules)
10193 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode access (web-client.rules)
10194 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call access (web-client.rules)
10409 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
10411 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
10483 <-> RPC portmap CA BrightStor ARCserve udp request (rpc.rules)
10485 <-> RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (rpc.rules)
10525 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX object call overflow attempt (deleted.rules)
10526 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10528 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode object call overflow attempt (deleted.rules)
10532 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX overflow attempt (deleted.rules)
10533 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian overflow attempt (deleted.rules)
10534 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10539 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10540 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian object call overflow attempt (deleted.rules)
10543 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode object call overflow attempt (deleted.rules)
10547 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian object call overflow attempt (deleted.rules)
10548 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian object call overflow attempt (deleted.rules)
10551 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode little endian overflow attempt (deleted.rules)
10553 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode overflow attempt (deleted.rules)
10554 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10561 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10562 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX overflow attempt (deleted.rules)
10564 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX little endian overflow attempt (deleted.rules)
10567 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode overflow attempt (deleted.rules)
10569 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode overflow attempt (deleted.rules)
10575 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode little endian overflow attempt (deleted.rules)
10579 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10583 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode overflow attempt (deleted.rules)
10588 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian overflow attempt (deleted.rules)
10590 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian overflow attempt (deleted.rules)
10597 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX andx object call overflow attempt (deleted.rules)
10598 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 andx object call overflow attempt (deleted.rules)
10600 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx object call overflow attempt (deleted.rules)
10604 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX andx overflow attempt (deleted.rules)
10605 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian andx overflow attempt (deleted.rules)
10606 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian andx overflow attempt (deleted.rules)
10611 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 little endian andx object call overflow attempt (deleted.rules)
10612 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX little endian andx object call overflow attempt (deleted.rules)
10615 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode andx object call overflow attempt (deleted.rules)
10619 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian andx object call overflow attempt (deleted.rules)
10620 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian andx object call overflow attempt (deleted.rules)
10623 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode little endian andx overflow attempt (deleted.rules)
10625 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules)
10626 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 little endian andx overflow attempt (deleted.rules)
10633 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 andx overflow attempt (deleted.rules)
10634 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX andx overflow attempt (deleted.rules)
10636 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX little endian andx overflow attempt (deleted.rules)
10639 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 WriteAndX unicode andx overflow attempt (deleted.rules)
10641 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode andx overflow attempt (deleted.rules)
10647 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs2 unicode little endian andx overflow attempt (deleted.rules)
10651 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 andx overflow attempt (deleted.rules)
10655 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode andx overflow attempt (deleted.rules)
10660 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 WriteAndX unicode little endian andx overflow attempt (deleted.rules)
10662 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs2 unicode little endian andx overflow attempt (deleted.rules)
10668 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10675 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10676 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10678 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10681 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10683 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10684 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian overflow attempt (deleted.rules)
10687 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 overflow attempt (deleted.rules)
10692 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10694 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10695 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs2 little endian object call overflow attempt (deleted.rules)
10697 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs2 object call overflow attempt (deleted.rules)
10703 <-> DELETED NETBIOS-DG SMB dns alter context attempt (deleted.rules)
10704 <-> DELETED NETBIOS-DG SMB dns WriteAndX alter context attempt (deleted.rules)
10705 <-> DELETED NETBIOS-DG SMB dns unicode alter context attempt (deleted.rules)
10709 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode alter context attempt (deleted.rules)
10718 <-> DELETED NETBIOS-DG SMB dns little endian alter context attempt (deleted.rules)
10719 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian alter context attempt (deleted.rules)
10720 <-> DELETED NETBIOS-DG SMB dns unicode little endian alter context attempt (deleted.rules)
10721 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian alter context attempt (deleted.rules)
10730 <-> DELETED NETBIOS-DG SMB dns bind attempt (deleted.rules)
10731 <-> DELETED NETBIOS-DG SMB dns WriteAndX bind attempt (deleted.rules)
10732 <-> DELETED NETBIOS-DG SMB dns unicode bind attempt (deleted.rules)
10733 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode bind attempt (deleted.rules)
10742 <-> DELETED NETBIOS-DG SMB dns little endian bind attempt (deleted.rules)
10743 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian bind attempt (deleted.rules)
10744 <-> DELETED NETBIOS-DG SMB dns unicode little endian bind attempt (deleted.rules)
10745 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian bind attempt (deleted.rules)
10751 <-> DELETED NETBIOS-DG SMB dns andx alter context attempt (deleted.rules)
10752 <-> DELETED NETBIOS-DG SMB dns WriteAndX andx alter context attempt (deleted.rules)
10753 <-> DELETED NETBIOS-DG SMB dns unicode andx alter context attempt (deleted.rules)
10757 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode andx alter context attempt (deleted.rules)
10766 <-> DELETED NETBIOS-DG SMB dns little endian andx alter context attempt (deleted.rules)
10767 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian andx alter context attempt (deleted.rules)
10768 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx alter context attempt (deleted.rules)
10769 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian andx alter context attempt (deleted.rules)
10778 <-> DELETED NETBIOS-DG SMB dns andx bind attempt (deleted.rules)
10779 <-> DELETED NETBIOS-DG SMB dns WriteAndX andx bind attempt (deleted.rules)
10780 <-> DELETED NETBIOS-DG SMB dns unicode andx bind attempt (deleted.rules)
10781 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode andx bind attempt (deleted.rules)
10790 <-> DELETED NETBIOS-DG SMB dns little endian andx bind attempt (deleted.rules)
10791 <-> DELETED NETBIOS-DG SMB dns WriteAndX little endian andx bind attempt (deleted.rules)
10792 <-> DELETED NETBIOS-DG SMB dns unicode little endian andx bind attempt (deleted.rules)
10793 <-> DELETED NETBIOS-DG SMB dns WriteAndX unicode little endian andx bind attempt (deleted.rules)
10795 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns alter context attempt (deleted.rules)
10797 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns alter context attempt (deleted.rules)
10798 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian alter context attempt (deleted.rules)
10799 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian alter context attempt (deleted.rules)
10803 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns bind attempt (deleted.rules)
10805 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns bind attempt (deleted.rules)
10806 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns little endian bind attempt (deleted.rules)
10807 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns little endian bind attempt (deleted.rules)
10819 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules)
10820 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10821 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode little endian overflow attempt (deleted.rules)
10822 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode little endian overflow attempt (deleted.rules)
10830 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX object call overflow attempt (deleted.rules)
10831 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode object call overflow attempt (deleted.rules)
10832 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode object call overflow attempt (deleted.rules)
10834 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10843 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian object call overflow attempt (deleted.rules)
10844 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10845 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian object call overflow attempt (deleted.rules)
10846 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian object call overflow attempt (deleted.rules)
10848 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode overflow attempt (deleted.rules)
10849 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode overflow attempt (deleted.rules)
10855 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX overflow attempt (deleted.rules)
10856 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode overflow attempt (deleted.rules)
10857 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode overflow attempt (deleted.rules)
10860 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10862 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10870 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian overflow attempt (deleted.rules)
10871 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10872 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian overflow attempt (deleted.rules)
10873 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian overflow attempt (deleted.rules)
10881 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX overflow attempt (deleted.rules)
10891 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX little endian andx overflow attempt (deleted.rules)
10892 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 andx overflow attempt (deleted.rules)
10893 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode little endian andx overflow attempt (deleted.rules)
10894 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode little endian andx overflow attempt (deleted.rules)
10902 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX andx object call overflow attempt (deleted.rules)
10903 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode andx object call overflow attempt (deleted.rules)
10904 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode andx object call overflow attempt (deleted.rules)
10906 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian andx object call overflow attempt (deleted.rules)
10915 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian andx object call overflow attempt (deleted.rules)
10916 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 andx object call overflow attempt (deleted.rules)
10917 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian andx object call overflow attempt (deleted.rules)
10918 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian andx object call overflow attempt (deleted.rules)
10920 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode andx overflow attempt (deleted.rules)
10921 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode andx overflow attempt (deleted.rules)
10927 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX andx overflow attempt (deleted.rules)
10928 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 WriteAndX unicode andx overflow attempt (deleted.rules)
10929 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 unicode andx overflow attempt (deleted.rules)
10932 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 little endian andx overflow attempt (deleted.rules)
10934 <-> DELETED NETBIOS-DG SMB v4 dns R_Dnssrv funcs1 little endian andx overflow attempt (deleted.rules)
10942 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX little endian andx overflow attempt (deleted.rules)
10943 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 andx overflow attempt (deleted.rules)
10944 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX unicode little endian andx overflow attempt (deleted.rules)
10945 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 unicode little endian andx overflow attempt (deleted.rules)
10953 <-> DELETED NETBIOS-DG SMB dns R_Dnssrv funcs1 WriteAndX andx overflow attempt (deleted.rules)
10955 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10956 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10958 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10960 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10961 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10964 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 little endian overflow attempt (deleted.rules)
10965 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10967 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 dns R_Dnssrv funcs1 overflow attempt (deleted.rules)
10971 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10972 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
10974 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 little endian object call overflow attempt (deleted.rules)
10975 <-> DELETED NETBIOS DCERPC DIRECT-UDP dns R_Dnssrv funcs1 object call overflow attempt (deleted.rules)
11265 <-> EXPLOIT Sentinel license manager buffer overflow attempt (exploit.rules)
11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules)
11321 <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules)
11952 <-> BACKDOOR winshadow runtime detection - udp response (backdoor.rules)
11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules)
11976 <-> VOIP-SIP Overflow In URI Type - SIP (voip.rules)
11977 <-> VOIP-SIP Overflow In URI Type - Tel (voip.rules)
11978 <-> VOIP-SIP From Header Field Buffer Overflow Attempt (voip.rules)
11980 <-> VOIP-SIP SDP Attribute Possible Buffer Overflow Attempt (voip.rules)
11981 <-> VOIP-SIP MultiTech INVITE Field Buffer Overflow Attempt (voip.rules)
11985 <-> VOIP-SIP Expires Header Overflow Attempt (voip.rules)
12065 <-> POLICY Outbound Teredo traffic detected (policy.rules)
12066 <-> POLICY Inbound Teredo traffic detected (policy.rules)
12067 <-> POLICY Outbound Teredo traffic detected (policy.rules)
12068 <-> POLICY Inbound Teredo traffic detected (policy.rules)
12076 <-> DOS Ipswitch WS_FTP log server long unicode string (dos.rules)
12113 <-> VOIP-SIP SIP URI Possible Overflow (voip.rules)
12121 <-> SPYWARE-PUT Adware pprich runtime detection - udp info sent out (spyware-put.rules)
12167 <-> VOIP-SIP Multiple At Signs In SIP URI (voip.rules)
12186 <-> RPC portmap 2112 udp request (rpc.rules)
12188 <-> RPC portmap 2112 udp rename_principal attempt (rpc.rules)
12198 <-> SNMP MS Windows getbulk request (snmp.rules)
12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules)
12357 <-> EXPLOIT Apple mDNSresponder excessive HTTP headers (exploit.rules)
12426 <-> POLICY Ruckus P2P broadcast domain probe (policy.rules)
12488 <-> DELETED SPYWARE-PUT Adware adblaster 2.0 runtime detection (deleted.rules)
12608 <-> RPC portmap walld udp request (rpc.rules)
12609 <-> RPC portmap walld udp format string attack attempt (rpc.rules)
12626 <-> RPC portmap Solaris sadmin port query udp request (rpc.rules)
12628 <-> RPC portmap Solaris sadmin port query udp portmapper sadmin port query attempt (rpc.rules)
12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules)
12663 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call unicode access (web-client.rules)
12665 <-> EXPLOIT CA BrightStor LGSever username buffer overflow attempt (exploit.rules)
12668 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid vulnerable function access (web-client.rules)
12669 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode vulnerable function access (web-client.rules)
12670 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call vulnerable function access (web-client.rules)
12671 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call unicode vulnerable function access (web-client.rules)