Sourcefire VRT Certified Rules Update
Date: 2005-03-28
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3441 - FTP PORT bounce attempt (ftp.rules) 3523 - FTP SITE INDEX format string attempt (ftp.rules) 3524 - EXPLOIT Computer Associates license invalid GCR CHECKSUMS attempt (exploit.rules) 3525 - EXPLOIT Computer Associates license invalid GCR NETWORK attempt (exploit.rules) 3526 - ORACLE XDB FTP UNLOCK overflow attempt (oracle.rules) 3527 - EXPLOIT Solaris LPD overflow attempt (exploit.rules) 3528 - MYSQL CREATE FUNCTION attempt (mysql.rules) 3529 - EXPLOIT Computer Associates license GETCONFIG client overflow attempt (exploit.rules) 3530 - EXPLOIT ARCserve backup UDP msg 0x99 client name overflow (exploit.rules) 3531 - EXPLOIT ARCserve backup UDP msg 0x99 client domain overflow (exploit.rules) Updated rules: 256 - DNS named authors attempt (dns.rules) 257 - DNS named version attempt (dns.rules) 1435 - DNS named authors attempt (dns.rules) 1616 - DNS named version attempt (dns.rules) 3465 - WEB-CGI RiSearch show.pl proxy attempt (web-cgi.rules) 3466 - WEB-MISC Authorization Basic overflow attempt (web-misc.rules) 3469 - WEB-CGI Ipswitch WhatsUp Gold dos attempt (web-cgi.rules) 3481 - EXPLOIT ARCserve backup UDP slot info msg client domain overflow (exploit.rules) 3483 - EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow (exploit.rules) 3485 - EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow (exploit.rules) 3517 - EXPLOIT Computer Associates license PUTOLF overflow attempt (exploit.rules) 3520 - EXPLOIT Computer Associates license GCR NETWORK overflow attempt (exploit.rules) 3521 - EXPLOIT Computer Associates license GCR CHECKSUMS overflow attempt (exploit.rules) 3522 - EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules)
