Sourcefire VRT Rules Update

Date: 2009-05-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15507 <-> SPECIFIC-THREATS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids translated_names overflow attempt (specific-threats.rules, Low)
15508 <-> SPECIFIC-THREATS DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (specific-threats.rules, Low)

Updated rules:
 529 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low)
2349 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt (netbios.rules, Low)
2508 <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules, High)
2511 <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules, High)
2936 <-> NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (netbios.rules, High)
2942 <-> NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt (netbios.rules, Low)
3114 <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (netbios.rules, High)
3158 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules, Low)
3159 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules, Low)
3171 <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (netbios.rules, High)
3218 <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules, High)
3238 <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (netbios.rules, High)
3239 <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (netbios.rules, High)
3397 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (netbios.rules, Low)
3398 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (netbios.rules, Low)
3409 <-> NETBIOS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (netbios.rules, High)
3590 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules, High)
3591 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules, High)
3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules, Low)
3967 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (netbios.rules, Low)
4072 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (netbios.rules, Low)
4245 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt (netbios.rules, High)
4246 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt (netbios.rules, High)
4334 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules, Low)
4358 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (netbios.rules, Low)
4413 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (netbios.rules, High)
4608 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (netbios.rules, High)
4754 <-> NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (netbios.rules, High)
4755 <-> NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (netbios.rules, High)
4826 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (netbios.rules, Low)
4918 <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (netbios.rules, Low)
5095 <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules, Low)
5096 <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules, Low)
5485 <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (netbios.rules, High)
6419 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (netbios.rules, High)
6420 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (netbios.rules, High)
6431 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (netbios.rules, High)
6432 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (netbios.rules, High)
6443 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (netbios.rules, High)
6444 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt (netbios.rules, High)
6455 <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt (netbios.rules, High)
6456 <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt (netbios.rules, High)
6584 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules, High)
6714 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences phonebook mode overflow attempt (netbios.rules, High)
6810 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (netbios.rules, High)
6906 <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences callback number overflow attempt (netbios.rules, High)
7209 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules, High)
7210 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules, High)
8157 <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (netbios.rules, High)
8253 <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection username overflow attempt (netbios.rules, High)
8711 <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules, High)
8925 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules, High)
9027 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (netbios.rules, High)
9132 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules, High)
9228 <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (netbios.rules, High)
9441 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules, High)
9769 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (netbios.rules, High)
9772 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules, High)
9773 <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 1 overflow attempt (netbios.rules, High)
9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules, High)
9914 <-> NETBIOS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (netbios.rules, High)
10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules, Low)
10024 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules, Low)
10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 attempt (netbios.rules, Low)
10036 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules, High)
10050 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules, High)
10117 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules, High)
10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules, Low)
10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules, Low)
10285 <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules, Low)
10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules, Low)
10603 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules, High)
10900 <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules, High)
11073 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (netbios.rules, Low)
11074 <-> NETBIOS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (netbios.rules, Low)
11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules, High)
11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules, High)
11843 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (netbios.rules, High)
12100 <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules, High)
12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low)
12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules, Low)
12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low)
12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low)
12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High)
12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low)
12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low)
12489 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules, Low)
12808 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules, High)
12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules, Low)
12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules, Low)
12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules, Low)
12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules, Low)
12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules, Low)
12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules, High)
12977 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules, High)
12978 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules, High)
12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules, Low)
13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules, High)
13210 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules, High)
13211 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules, High)
13367 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules, Low)
14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules, Low)
14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules, Low)
15448 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low)