Sourcefire VRT Certified Rules Update
Date: 2005-06-15
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3680 - P2P AOL Instant Messenger Message Send (p2p.rules) 3681 - P2P AOL Instant Messenger Message Receive (p2p.rules) 3682 - SMTP spoofed MIME-Type auto-execution attempt (smtp.rules) 3683 - WEB-CLIENT spoofed MIME-Type auto-execution attempt (web-client.rules) 3684 - WEB-CLIENT Bitmap Transfer (web-client.rules) 3685 - WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules) 3686 - WEB-CLIENT Internet Explorer Content Advisor attempted overflow (web-client.rules) 3687 - TELNET client ENV OPT USERVAR information disclosure (telnet.rules) 3688 - TELNET client ENV OPT VAR information disclosure (telnet.rules) 3689 - WEB-CLIENT Internet Explorer tRNS overflow attempt (web-client.rules) Updated rules: 1842 - IMAP login buffer overflow attempt (imap.rules) 2382 - NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules) 2383 - NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules) 2386 - WEB-IIS NTLM ASN.1 vulnerability scan attempt (web-iis.rules) 2586 - P2P eDonkey transfer (p2p.rules) 3000 - NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules) 3001 - NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules) 3002 - NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules) 3003 - NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules) 3004 - NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules) 3005 - NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules) 3072 - IMAP status overflow attempt (imap.rules)
