Sourcefire VRT Certified Rules Update
Date: 2005-05-04
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3628 - POLICY IDA Pro startup license check attempt (policy.rules) 3629 - WEB-MISC sambar /search/results.stm access (web-misc.rules) 3630 - FTP ORACLE TEST command buffer overflow attempt (ftp.rules) 3631 - FTP ORACLE user name buffer overflow attempt (ftp.rules) 3632 - WEB-CLIENT Mozilla bitmap width integer overflow attempt (web-client.rules) 3633 - WEB-CLIENT bitmap transfer (web-client.rules) 3634 - WEB-CLIENT Mozilla bitmap width integer overflow multipacket attempt (web-client.rules) 3635 - BACKDOOR Amanda 2.0 connection established (backdoor.rules) 3636 - BACKDOOR Crazzy Net 5.0 connection established (backdoor.rules) 3637 - EXPLOIT Computer Associates license PUTOLF directory traversal attempt (exploit.rules) 3638 - WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules) Updated rules: 716 - INFO TELNET access (deleted.rules) 2027 - RPC yppasswd old password overflow attempt UDP (rpc.rules) 2028 - RPC yppasswd old password overflow attempt TCP (rpc.rules) 2029 - RPC yppasswd new password overflow attempt UDP (rpc.rules) 2030 - RPC yppasswd new password overflow attempt TCP (rpc.rules) 2031 - RPC yppasswd user update UDP (rpc.rules) 2032 - RPC yppasswd user update TCP (rpc.rules) 2494 - NETBIOS DCEPRC ORPCThis request flood attempt (deleted.rules) 2495 - NETBIOS SMB DCEPRC ORPCThis request flood attempt (deleted.rules) 2496 - NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (deleted.rules) 3015 - BACKDOOR Insane Network 4.0 connection established (backdoor.rules) 3016 - BACKDOOR Insane Network 4.0 connection established port 63536 (backdoor.rules)
