Sourcefire VRT Certified Rules Update
Date: 2005-06-29
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3690 - WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules) 3691 - CHAT Yahoo Messenger Message (chat.rules) 3692 - CHAT Yahoo Messenger File Transfer Initiation Request (chat.rules) 3693 - WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules) 3694 - WEB-MISC Squid content length cache poisoning attempt (web-misc.rules) Updated rules: 272 - DOS IGMP dos attack (dos.rules) 500 - MISC source route lssr (misc.rules) 501 - MISC source route lssre (misc.rules) 658 - SMTP exchange mime DOS (smtp.rules) 661 - SMTP majordomo ifs (smtp.rules) 939 - WEB-FRONTPAGE posting (web-frontpage.rules) 978 - WEB-IIS ASP contents view (web-iis.rules) 979 - WEB-IIS ASP contents view (web-iis.rules) 1007 - WEB-IIS cross-site scripting attempt (web-iis.rules) 1010 - WEB-IIS encoding access (web-iis.rules) 1019 - IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules) 1021 - WEB-IIS ism.dll attempt (web-iis.rules) 1037 - WEB-IIS showcode.asp access (web-iis.rules) 1219 - WEB-CGI dfire.cgi access (web-cgi.rules) 1455 - WEB-CGI calendar.pl access (web-cgi.rules) 1507 - WEB-CGI alibaba.pl arbitrary command execution attempt (web-cgi.rules) 1725 - WEB-IIS +.htr code fragment attempt (web-iis.rules) 1847 - WEB-MISC webalizer access (web-misc.rules) 1911 - RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules) 1936 - POP3 AUTH overflow attempt (pop3.rules) 1970 - WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules) 1991 - CHAT MSN login attempt (chat.rules) 2128 - WEB-CGI swsrv.cgi access (web-cgi.rules) 2338 - FTP LIST buffer overflow attempt (ftp.rules) 2456 - CHAT Yahoo Messenger File Transfer Receive Request (chat.rules) 2485 - WEB-CLIENT Norton antivirus sysmspam.dll load attempt (web-client.rules) 3218 - NETBIOS SMB OpenKey overflow attempt (netbios.rules) 3233 - NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt (netbios.rules) 3442 - DOS WIN32 TCP print service denial of service attempt (dos.rules) 3687 - TELNET client ENV OPT USERVAR information disclosure (telnet.rules) 3688 - TELNET client ENV OPT VAR information disclosure (telnet.rules)
