Sourcefire VRT Certified Rules Update
Date: 2005-04-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3554 - NETBIOS DCERPC-DIRECT mqqm bind attempt (netbios.rules) 3555 - NETBIOS DCERPC-DIRECT mqqm little endian bind attempt (netbios.rules) 3556 - NETBIOS DCERPC mqqm bind attempt (netbios.rules) 3557 - NETBIOS DCERPC mqqm little endian bind attempt (netbios.rules) 3558 - NETBIOS SMB mqqm WriteAndX andx bind attempt (netbios.rules) 3559 - NETBIOS SMB mqqm WriteAndX bind attempt (netbios.rules) 3560 - NETBIOS SMB mqqm WriteAndX little endian andx bind attempt (netbios.rules) 3561 - NETBIOS SMB mqqm WriteAndX little endian bind attempt (netbios.rules) 3562 - NETBIOS SMB mqqm WriteAndX unicode andx bind attempt (netbios.rules) 3563 - NETBIOS SMB mqqm WriteAndX unicode bind attempt (netbios.rules) 3564 - NETBIOS SMB mqqm WriteAndX unicode little endian andx bind attempt (netbios.rules) 3565 - NETBIOS SMB mqqm WriteAndX unicode little endian bind attempt (netbios.rules) 3566 - NETBIOS SMB mqqm andx bind attempt (netbios.rules) 3567 - NETBIOS SMB mqqm bind attempt (netbios.rules) 3568 - NETBIOS SMB mqqm little endian andx bind attempt (netbios.rules) 3569 - NETBIOS SMB mqqm little endian bind attempt (netbios.rules) 3570 - NETBIOS SMB mqqm unicode andx bind attempt (netbios.rules) 3571 - NETBIOS SMB mqqm unicode bind attempt (netbios.rules) 3572 - NETBIOS SMB mqqm unicode little endian andx bind attempt (netbios.rules) 3573 - NETBIOS SMB mqqm unicode little endian bind attempt (netbios.rules) 3574 - NETBIOS SMB-DS mqqm WriteAndX andx bind attempt (netbios.rules) 3575 - NETBIOS SMB-DS mqqm WriteAndX bind attempt (netbios.rules) 3576 - NETBIOS SMB-DS mqqm WriteAndX little endian andx bind attempt (netbios.rules) 3577 - NETBIOS SMB-DS mqqm WriteAndX little endian bind attempt (netbios.rules) 3578 - NETBIOS SMB-DS mqqm WriteAndX unicode andx bind attempt (netbios.rules) 3579 - NETBIOS SMB-DS mqqm WriteAndX unicode bind attempt (netbios.rules) 3580 - NETBIOS SMB-DS mqqm WriteAndX unicode little endian andx bind attempt (netbios.rules) 3581 - NETBIOS SMB-DS mqqm WriteAndX unicode little endian bind attempt (netbios.rules) 3582 - NETBIOS SMB-DS mqqm andx bind attempt (netbios.rules) 3583 - NETBIOS SMB-DS mqqm bind attempt (netbios.rules) 3584 - NETBIOS SMB-DS mqqm little endian andx bind attempt (netbios.rules) 3585 - NETBIOS SMB-DS mqqm little endian bind attempt (netbios.rules) 3586 - NETBIOS SMB-DS mqqm unicode andx bind attempt (netbios.rules) 3587 - NETBIOS SMB-DS mqqm unicode bind attempt (netbios.rules) 3588 - NETBIOS SMB-DS mqqm unicode little endian andx bind attempt (netbios.rules) 3589 - NETBIOS SMB-DS mqqm unicode little endian bind attempt (netbios.rules) 3590 - NETBIOS DCERPC-DIRECT mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3591 - NETBIOS DCERPC-DIRECT mqqm QMDeleteObject overflow attempt (netbios.rules) 3592 - NETBIOS DCERPC mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3593 - NETBIOS DCERPC mqqm QMDeleteObject overflow attempt (netbios.rules) 3594 - NETBIOS SMB mqqm QMDeleteObject WriteAndX andx overflow attempt (netbios.rules) 3595 - NETBIOS SMB mqqm QMDeleteObject WriteAndX little endian andx overflow attempt (netbios.rules) 3596 - NETBIOS SMB mqqm QMDeleteObject WriteAndX little endian overflow attempt (netbios.rules) 3597 - NETBIOS SMB mqqm QMDeleteObject WriteAndX overflow attempt (netbios.rules) 3598 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode andx overflow attempt (netbios.rules) 3599 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode little endian andx overflow attempt (netbios.rules) 3600 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode little endian overflow attempt (netbios.rules) 3601 - NETBIOS SMB mqqm QMDeleteObject WriteAndX unicode overflow attempt (netbios.rules) 3602 - NETBIOS SMB mqqm QMDeleteObject andx overflow attempt (netbios.rules) 3603 - NETBIOS SMB mqqm QMDeleteObject little endian andx overflow attempt (netbios.rules) 3604 - NETBIOS SMB mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3605 - NETBIOS SMB mqqm QMDeleteObject overflow attempt (netbios.rules) 3606 - NETBIOS SMB mqqm QMDeleteObject unicode andx overflow attempt (netbios.rules) 3607 - NETBIOS SMB mqqm QMDeleteObject unicode little endian andx overflow attempt (netbios.rules) 3608 - NETBIOS SMB mqqm QMDeleteObject unicode little endian overflow attempt (netbios.rules) 3609 - NETBIOS SMB mqqm QMDeleteObject unicode overflow attempt (netbios.rules) 3610 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX andx overflow attempt (netbios.rules) 3611 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian andx overflow attempt (netbios.rules) 3612 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian overflow attempt (netbios.rules) 3613 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX overflow attempt (netbios.rules) 3614 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode andx overflow attempt (netbios.rules) 3615 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian andx overflow attempt (netbios.rules) 3616 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian overflow attempt (netbios.rules) 3617 - NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode overflow attempt (netbios.rules) 3618 - NETBIOS SMB-DS mqqm QMDeleteObject andx overflow attempt (netbios.rules) 3619 - NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt (netbios.rules) 3620 - NETBIOS SMB-DS mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3621 - NETBIOS SMB-DS mqqm QMDeleteObject overflow attempt (netbios.rules) 3622 - NETBIOS SMB-DS mqqm QMDeleteObject unicode andx overflow attempt (netbios.rules) 3623 - NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian andx overflow attempt (netbios.rules) 3624 - NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian overflow attempt (netbios.rules) 3625 - NETBIOS SMB-DS mqqm QMDeleteObject unicode overflow attempt (netbios.rules) 3626 - ICMP PATH MTU denial of service (icmp.rules)
