Sourcefire VRT Certified Rules Update

Date: 2005-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3628 - POLICY IDA Pro startup license check attempt (policy.rules)
3629 - WEB-MISC sambar /search/results.stm access (web-misc.rules)
3630 - FTP ORACLE TEST command buffer overflow attempt (ftp.rules)
3631 - FTP ORACLE user name buffer overflow attempt (ftp.rules)
3632 - WEB-CLIENT Mozilla bitmap width integer overflow attempt (web-client.rules)
3633 - WEB-CLIENT bitmap transfer (web-client.rules)
3634 - WEB-CLIENT Mozilla bitmap width integer overflow multipacket attempt (web-client.rules)
3635 - BACKDOOR Amanda 2.0 connection established (backdoor.rules)
3636 - BACKDOOR Crazzy Net 5.0 connection established (backdoor.rules)
3637 - EXPLOIT Computer Associates license PUTOLF directory traversal attempt (exploit.rules)
3638 - WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules)

Updated rules:
 716 - INFO TELNET access (deleted.rules)
2027 - RPC yppasswd old password overflow attempt UDP (rpc.rules)
2028 - RPC yppasswd old password overflow attempt TCP (rpc.rules)
2029 - RPC yppasswd new password overflow attempt UDP (rpc.rules)
2030 - RPC yppasswd new password overflow attempt TCP (rpc.rules)
2031 - RPC yppasswd user update UDP (rpc.rules)
2032 - RPC yppasswd user update TCP (rpc.rules)
2494 - NETBIOS DCEPRC ORPCThis request flood attempt (deleted.rules)
2495 - NETBIOS SMB DCEPRC ORPCThis request flood attempt (deleted.rules)
2496 - NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (deleted.rules)
3015 - BACKDOOR Insane Network 4.0 connection established (backdoor.rules)
3016 - BACKDOOR Insane Network 4.0 connection established port 63536 (backdoor.rules)