Sourcefire VRT Rules Update

Date: 2009-03-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15388 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow over http attempt (exploit.rules, High)
15389 <-> SCADA OMRON-FINS memory area write attempt (scada.rules, Low)
15390 <-> SCADA OMRON-FINS memory area fill attempt (scada.rules, Low)
15391 <-> SCADA OMRON-FINS memory area transfer attempt (scada.rules, Low)
15392 <-> SCADA OMRON-FINS parameter area write attempt (scada.rules, Low)
15393 <-> SCADA OMRON-FINS parameter area clear attempt (scada.rules, Low)
15394 <-> SCADA OMRON-FINS program area protect attempt (scada.rules, Low)
15395 <-> SCADA OMRON-FINS program area protect clear attempt (scada.rules, Low)
15396 <-> SCADA OMRON-FINS program area write attempt (scada.rules, Low)
15397 <-> SCADA OMRON-FINS program area clear attempt (scada.rules, Low)
15398 <-> SCADA OMRON-FINS RUN attempt (scada.rules, Low)
15399 <-> SCADA OMRON-FINS STOP attempt (scada.rules, Low)
15400 <-> SCADA OMRON-FINS clock write attempt (scada.rules, Low)
15401 <-> SCADA OMRON-FINS access right acquire attempt (scada.rules, Low)
15402 <-> SCADA OMRON-FINS access right forced acquire attempt (scada.rules, Low)
15403 <-> SCADA OMRON-FINS single file write attempt (scada.rules, Low)
15404 <-> SCADA OMRON-FINS file delete attempt (scada.rules, Low)
15405 <-> SCADA OMRON-FINS forced set/reset attempt (scada.rules, Low)
15406 <-> SCADA OMRON-FINS forced set/reset cancel attempt (scada.rules, Low)
15407 <-> SCADA OMRON-FINS file memory write attempt (scada.rules, Low)
15408 <-> SCADA OMRON-FINS data link table write attempt (scada.rules, Low)
15409 <-> SCADA OMRON-FINS RESET attempt (scada.rules, Low)
15410 <-> SCADA OMRON-FINS name delete attempt (scada.rules, Low)
15411 <-> SCADA OMRON-FINS memory card format attempt (scada.rules, Low)
15412 <-> SCADA OMRON-FINS memory area write overflow attempt (scada.rules, Low)
15413 <-> SCADA OMRON-FINS memory area fill overflow attempt (scada.rules, Low)
15414 <-> SCADA OMRON-FINS program area protect clear brute force attempt (scada.rules, Low)
15415 <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules, High)
15416 <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules, High)
15417 <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules, High)
15418 <-> CHAT AIM server certificate for encrypted login (chat.rules, High)
15420 <-> CONTENT-REPLACE MSN deny login (content-replace.rules, High)
15421 <-> CONTENT-REPLACE AIM or ICQ deny login for unencrypted connection (content-replace.rules, High)
15422 <-> SPECIFIC-THREATS Sun One web proxy server overflow attempt (specific-threats.rules, High)

Updated rules:
3552 <-> WEB-CLIENT OLE32 MSHTA masquerade attempt (deleted.rules, High)
3553 <-> WEB-CLIENT HTML DOM null element insertion attempt (deleted.rules, High)
3626 <-> ICMP PATH MTU denial of service (deleted.rules, Medium)
3627 <-> POLICY X-LINK2STATE CHUNK attempt (deleted.rules, Low)
3658 <-> EXPLOIT ARCserve backup universal agent option 1000 little endian buffer overflow attempt (deleted.rules, High)
3659 <-> EXPLOIT ARCserve backup universal agent option 1000 buffer overflow attempt (deleted.rules, High)
3660 <-> EXPLOIT ARCserve backup universal agent option 00 little endian buffer overflow attempt (deleted.rules, High)
3661 <-> EXPLOIT ARCserve backup universal agent option 00 buffer overflow attempt (deleted.rules, High)
3662 <-> EXPLOIT ARCserve backup universal agent option 03 little endian buffer overflow attempt (deleted.rules, High)
3663 <-> EXPLOIT ARCserve backup universal agent option 03 buffer overflow attempt (deleted.rules, High)
3686 <-> WEB-CLIENT Internet Explorer Content Advisor attempted overflow (deleted.rules, High)
4180 <-> WEB-ACTIVEX Kodak Image Scan ActiveX Object Access (deleted.rules, High)
5749 <-> SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules, Medium)
5774 <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules, Low)
5778 <-> SPYWARE-PUT Keylogger runtime detection - hwpe windows activity logs (spyware-put.rules, Medium)
5779 <-> SPYWARE-PUT Keylogger runtime detection - hwpe shell file logs (spyware-put.rules, Medium)
5781 <-> SPYWARE-PUT Keylogger runtime detection - hwae windows activity logs (spyware-put.rules, Medium)
5783 <-> SPYWARE-PUT Keylogger runtime detection - hwae keystrokes log (spyware-put.rules, Medium)
5784 <-> SPYWARE-PUT Keylogger runtime detection - hwae urls browsed log (spyware-put.rules, Medium)
5789 <-> SPYWARE-PUT keylogger pc actmon pro runtime detection - http (spyware-put.rules, Medium)
5790 <-> SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules, Medium)
5795 <-> SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules, Low)
5800 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - request config (spyware-put.rules, Medium)
5801 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules, Medium)
5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules, Medium)
5812 <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - email notification (spyware-put.rules, Low)
5814 <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - create redirection (spyware-put.rules, Low)
5821 <-> SPYWARE-PUT Hacker-Tool stealthredirector runtime detection - destory log (spyware-put.rules, Low)
5835 <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules, Low)
5851 <-> SPYWARE-PUT Adware warez_p2p runtime detection - .txt .dat and .lst requests (spyware-put.rules, Low)
5857 <-> SPYWARE-PUT Hijacker funbuddyicons runtime detection - mysaconfg request (spyware-put.rules, Low)
5877 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - startup access (deleted.rules, Low)
5878 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - configuration retrieval (deleted.rules, Low)
5879 <-> DELETED SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (deleted.rules, Low)
5886 <-> SPYWARE-PUT Hijacker copernic meta toolbar runtime detection - pass info to server (spyware-put.rules, Low)
5889 <-> SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules, Low)
5898 <-> SPYWARE-PUT Trackware adtools runtime detection - track user activity (spyware-put.rules, Medium)
5899 <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules, Medium)
5901 <-> SPYWARE-PUT Trackware adtools-communicator runtime detection - download self-update (spyware-put.rules, Medium)
5910 <-> SPYWARE-PUT Trackware casalemedia runtime detection (spyware-put.rules, Medium)
5921 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules, Medium)
5922 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules, Medium)
5937 <-> SPYWARE-PUT Hijacker dropspam runtime detection - pass information to its controlling server (spyware-put.rules, Low)
5938 <-> SPYWARE-PUT Hijacker dropspam runtime detection - third party information collection (spyware-put.rules, Low)
5941 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - track (spyware-put.rules, Medium)
5942 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules, Medium)
5943 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules, Medium)
5953 <-> SPYWARE-PUT Hijacker 123mania runtime detection - sidesearch hijacking (spyware-put.rules, Low)
5967 <-> SPYWARE-PUT trackware searchinweb detection - click result links (spyware-put.rules, Medium)
5968 <-> SPYWARE-PUT trackware searchinweb detection - redirect (spyware-put.rules, Medium)
5969 <-> SPYWARE-PUT trackware searchinweb detection - collect information (spyware-put.rules, Medium)
5984 <-> SPYWARE-PUT Trackware push toolbar installtime detection - user information collect (spyware-put.rules, Medium)
5986 <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules, Low)
5989 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules, Low)
5990 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules, Low)
6193 <-> SPYWARE-PUT Adware seekmo runtime detection - pop up ads (spyware-put.rules, Low)
6197 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules, Low)
6209 <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules, Low)
6211 <-> SPYWARE-PUT Adware deskwizz runtime detection - pop-up ad request (spyware-put.rules, Low)
6216 <-> SPYWARE-PUT Adware aornum/iwon copilot runtime detection - config (spyware-put.rules, Low)
6224 <-> SPYWARE-PUT Hijacker ieplugin runtime detection - search (spyware-put.rules, Low)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low)
6275 <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules, Low)
6276 <-> DELETED SPYWARE-PUT Hijacker incredifind runtime detection - autosearch (deleted.rules, Low)
6280 <-> SPYWARE-PUT Hijacker sidefind runtime detection - cookie (spyware-put.rules, Low)
6282 <-> SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules, Low)
6340 <-> SPYWARE-PUT Keylogger handy keylogger runtime detection (spyware-put.rules, Medium)
8711 <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules, High)
12031 <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules, High)
12032 <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules, High)
12033 <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules, High)
12034 <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules, High)
12035 <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules, High)
12036 <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules, High)
12037 <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules, High)
12038 <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules, High)
12039 <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules, High)
12040 <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules, High)
12041 <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules, High)
12042 <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules, High)
12031 <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules, High)
12032 <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules, High)
12033 <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules, High)
12034 <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules, High)
12035 <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules, High)
12036 <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules, High)
12037 <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules, High)
12038 <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules, High)
12039 <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules, High)
12040 <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules, High)
12041 <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules, High)
12042 <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules, High)
12984 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
12985 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules, Low)
12986 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules, Low)
12987 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules, Low)
12988 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules, Low)
12989 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
12990 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules, Low)
12991 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules, Low)
12992 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules, Low)
12993 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules, Low)
12994 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
12995 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules, Low)
12996 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules, Low)
12997 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules, Low)
12998 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
12999 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules, Low)
13000 <-> NETBIOS SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13001 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules, Low)
13002 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules, Low)
13003 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules, Low)
13004 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13005 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules, Low)
13006 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules, Low)
13007 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules, Low)
13008 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13009 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules, Low)
13010 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules, Low)
13011 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules, Low)
13012 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13013 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules, Low)
13014 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules, Low)
13015 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules, Low)
13016 <-> NETBIOS SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules, Low)
13017 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules, Low)
13018 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules, Low)
13019 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules, Low)
13020 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules, Low)
13021 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules, Low)
13022 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules, Low)
13023 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules, Low)
13024 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules, Low)
13025 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules, Low)
13026 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules, Low)
13027 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules, Low)
13028 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules, Low)
13029 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules, Low)
13030 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules, Low)
13031 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules, Low)
13032 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules, Low)
13033 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules, Low)
13034 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules, Low)
13035 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules, Low)
13036 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules, Low)
13037 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules, Low)
13038 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules, Low)
13039 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules, Low)
13040 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules, Low)
13041 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules, Low)
13042 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules, Low)
13043 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules, Low)
13044 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules, Low)
13045 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules, Low)
13046 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules, Low)
13047 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules, Low)
13048 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules, Low)
13049 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules, Low)
13050 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules, Low)
13051 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules, Low)
13052 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules, Low)
13053 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules, Low)
13054 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules, Low)
13055 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules, Low)
13056 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules, Low)
13057 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules, Low)
13058 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules, Low)
13059 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules, Low)
13060 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules, Low)
13061 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules, Low)
13062 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules, Low)
13063 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules, Low)
13064 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules, Low)
13065 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules, Low)
13066 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules, Low)
13067 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules, Low)
13068 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules, Low)
13069 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules, Low)
13070 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules, Low)
13071 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules, Low)
13072 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules, Low)
13073 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules, Low)
13074 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules, Low)
13075 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules, Low)
13076 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules, Low)
13077 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules, Low)
13078 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules, Low)
13079 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules, Low)
13080 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13081 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13082 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13083 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13084 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13085 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13086 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13087 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13088 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13089 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13090 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13091 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules, Low)
13092 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules, Low)
13093 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules, Low)
13094 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules, Low)
13095 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules, Low)
13096 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules, Low)
13097 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules, Low)
13098 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (deleted.rules, Low)
13099 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (deleted.rules, Low)
13100 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (deleted.rules, Low)
13101 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (deleted.rules, Low)
13102 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (deleted.rules, Low)
13103 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (deleted.rules, Low)
13104 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (deleted.rules, Low)
13105 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (deleted.rules, Low)
13106 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (deleted.rules, Low)
13107 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (deleted.rules, Low)
13108 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity andx object call integer overflow attempt (deleted.rules, Low)
13109 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (deleted.rules, Low)
13110 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (deleted.rules, Low)
13111 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (deleted.rules, Low)
13112 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (deleted.rules, Low)
13113 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (deleted.rules, Low)
13114 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (deleted.rules, Low)
13115 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (deleted.rules, Low)
13116 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (deleted.rules, Low)
13117 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (deleted.rules, Low)
13118 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13119 <-> DELETED NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13120 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (deleted.rules, Low)
13121 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (deleted.rules, Low)
13122 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13123 <-> DELETED NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13124 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (deleted.rules, Low)
13125 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (deleted.rules, Low)
13126 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13127 <-> DELETED NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (deleted.rules, Low)
13128 <-> DELETED NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13129 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13130 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13131 <-> DELETED NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13132 <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13133 <-> DELETED NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13134 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13135 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13136 <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13137 <-> DELETED NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13138 <-> DELETED NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13139 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13140 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13141 <-> DELETED NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13142 <-> DELETED NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13143 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13144 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13145 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian integer overflow attempt (deleted.rules, Low)
13146 <-> DELETED NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13147 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity integer overflow attempt (deleted.rules, Low)
13148 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity object call integer overflow attempt (deleted.rules, Low)
13149 <-> DELETED NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity object call integer overflow attempt (deleted.rules, Low)
13150 <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (deleted.rules, Low)
13151 <-> DELETED NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian object call integer overflow attempt (deleted.rules, Low)
13152 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (deleted.rules, Low)
13153 <-> DELETED NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (deleted.rules, Low)
13154 <-> DELETED NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (deleted.rules, Low)
13155 <-> DELETED NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (deleted.rules, Low)
13156 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (deleted.rules, Low)
13157 <-> DELETED NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity object call integer overflow attempt (deleted.rules, Low)