Sourcefire VRT Certified Rules Update

Date: 2005-09-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
4140 - DOS tcpdump tcp LDP print zero length message denial of service attempt (dos.rules)
4141 - DOS tcpdump udp LDP print zero length message denial of service attempt (dos.rules)
4142 - ORACLE reports servlet command execution attempt (oracle.rules)
4143 - EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules)
4144 - EXPLOIT lpd Solaris unlink file attempt (exploit.rules)
4145 - WEB-CLIENT Windows Trouble Shooter ActiveX Object Access (web-client.rules)
4146 - WEB-CLIENT Share Point Portal Services Log Sink ActiveX Object Access (web-client.rules)
4147 - WEB-CLIENT ActiveLabel ActiveX Object Access (web-client.rules)
4148 - WEB-CLIENT DHTML Editing ActiveX Object Access (web-client.rules)
4149 - WEB-CLIENT HTML Help ActiveX Object Access (web-client.rules)
4150 - WEB-CLIENT Outlook View ActiveX Object Access (web-client.rules)
4151 - WEB-CLIENT System Monitor Source Properties ActiveX Object Access (web-client.rules)
4152 - WEB-CLIENT Windows Media Player 6.4 ActiveX Object Access (web-client.rules)
4153 - WEB-CLIENT Eyedog ActiveX Object Access (web-client.rules)
4154 - WEB-CLIENT Active Setup ActiveX Object Access (web-client.rules)
4155 - WEB-CLIENT htmlfile ActiveX Object Access (web-client.rules)
4156 - WEB-CLIENT Windows Media Player 7+ ActiveX Object Access (web-client.rules)
4157 - WEB-CLIENT MSN Setup BBS 4.71.0.10 ActiveX Object Access (web-client.rules)
4158 - WEB-CLIENT Windows Media Player Active Movie ActiveX Object Access (web-client.rules)
4159 - WEB-CLIENT Multimedia File Property Sheet ActiveX Object Access (web-client.rules)
4160 - WEB-CLIENT Microsoft Windows Reporting Tool ActiveX Object Access (web-client.rules)
4161 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4162 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4163 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4164 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)
4165 - WEB-CLIENT Image Control 1.0 ActiveX Object Access (web-client.rules)
4166 - WEB-CLIENT Shell.Explorer ActiveX Object Access (web-client.rules)
4167 - WEB-CLIENT MSN Heartbeat ActiveX Object Access (web-client.rules)
4168 - WEB-CLIENT Shell Automation Service ActiveX Object Access (web-client.rules)
4169 - WEB-CLIENT Internet Explorer Active Setup ActiveX Object Access (web-client.rules)
4170 - WEB-CLIENT Office 2000/2002 Web Components Data Source Control ActiveX Object Access (web-client.rules)
4171 - WEB-CLIENT Registration Wizard ActiveX Object Access (web-client.rules)
4172 - WEB-CLIENT Microsoft Agent v1.5 ActiveX Object Access (web-client.rules)
4173 - WEB-CLIENT MsnPUpld ActiveX Object Access (web-client.rules)
4174 - WEB-CLIENT Symantec RuFSI registry Information Class ActiveX Object Access (web-client.rules)
4175 - WEB-CLIENT Office 2000/2002 Web Components PivotTable ActiveX Object Access (web-client.rules)
4176 - WEB-CLIENT Office 2000 and 2002 Web Components Chart ActiveX Object Access (web-client.rules)
4177 - WEB-CLIENT Office 2000 and 2002 Web Components Spreadsheet ActiveX Object Access (web-client.rules)
4178 - WEB-CLIENT Office 2000 and 2002 Web Components Record Navigation Control ActiveX Object Access (web-client.rules)
4179 - WEB-CLIENT DirectX Files Viewer ActiveX Object Access (web-client.rules)
4180 - WEB-CLIENT Kodak Image Scan ActiveX Object Access (web-client.rules)
4181 - WEB-CLIENT Smartcard Enrollment ActiveX Object Access (web-client.rules)
4182 - WEB-CLIENT MSN Chat v4.5, 4.6 ActiveX Object Access (web-client.rules)
4183 - WEB-CLIENT HTML Help ActiveX Object Access (web-client.rules)
4184 - WEB-CLIENT Certificate Enrollment ActiveX Object Access (web-client.rules)
4185 - WEB-CLIENT Terminal Services Advanced Client ActiveX Object Access (web-client.rules)
4186 - WEB-CLIENT Kodak Image Editing ActiveX Object Access (web-client.rules)
4187 - WEB-CLIENT Terminal Services Advanced Client ActiveX Object Access (web-client.rules)
4188 - WEB-CLIENT RAV Online Scanner ActiveX Object Access (web-client.rules)
4189 - WEB-CLIENT Third-Party Plugin ActiveX Object Access (web-client.rules)
4190 - WEB-CLIENT Kodak Thumbnail Image ActiveX Object Access (web-client.rules)
4191 - WEB-CLIENT MsnPUpld ActiveX Object Access (web-client.rules)
4192 - WEB-CLIENT HHOpen ActiveX Object Access (web-client.rules)
4193 - WEB-CLIENT Kodak Image Editing ActiveX Object Access (web-client.rules)
4194 - WEB-CLIENT multipacket CBO CBL CBM file transfer start (web-client.rules)
4195 - WEB-CLIENT multipacket CBO CBL CBM file transfer attempt (web-client.rules)
4196 - WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules)

Updated rules:
 268 - DOS Jolt attack (dos.rules)
 270 - DOS Teardrop attack (dos.rules)
 271 - DOS UDP echo+chargen bomb (dos.rules)
 272 - DOS IGMP dos attack (dos.rules)
 274 - DOS ath (dos.rules)
 275 - DOS NAPTHA (dos.rules)
 276 - DOS Real Audio Server (dos.rules)
 277 - DOS Real Server template.html (dos.rules)
 278 - DOS Real Server template.html (dos.rules)
 279 - DOS Bay/Nortel Nautica Marlin (dos.rules)
 281 - DOS Ascend Route (dos.rules)
 282 - DOS arkiea backup (dos.rules)
 465 - ICMP ISS Pinger (icmp.rules)
 466 - ICMP L3retriever Ping (icmp.rules)
 467 - ICMP Nemesis v1.1 Echo (icmp.rules)
 469 - ICMP PING NMAP (icmp.rules)
 471 - ICMP icmpenum v1.1.1 (icmp.rules)
 472 - ICMP redirect host (icmp.rules)
 473 - ICMP redirect net (icmp.rules)
 474 - ICMP superscan echo (icmp.rules)
 475 - ICMP traceroute ipopts (icmp.rules)
 476 - ICMP webtrends scanner (icmp.rules)
 477 - ICMP Source Quench (icmp.rules)
 478 - ICMP Broadscan Smurf Scanner (icmp.rules)
 480 - ICMP PING speedera (icmp.rules)
 481 - ICMP TJPingPro1.1Build 2 Windows (icmp.rules)
 482 - ICMP PING WhatsupGold Windows (icmp.rules)
 483 - ICMP PING CyberKit 2.2 Windows (icmp.rules)
 484 - ICMP PING Sniffer Pro/NetXRay network scan (icmp.rules)
 485 - ICMP Destination Unreachable Communication Administratively Prohibited (icmp.rules)
 486 - ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited (icmp.rules)
 487 - ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited (icmp.rules)
 499 - ICMP Large ICMP Packet (icmp.rules)
 969 - WEB-IIS WebDAV file lock attempt (web-iis.rules)
 971 - WEB-IIS ISAPI .printer access (web-iis.rules)
 972 - WEB-IIS %2E-asp access (web-iis.rules)
 973 - WEB-IIS *.idc attempt (web-iis.rules)
 974 - WEB-IIS Directory transversal attempt (web-iis.rules)
 975 - WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules)
 976 - WEB-IIS .bat? access (web-iis.rules)
 977 - WEB-IIS .cnf access (web-iis.rules)
 978 - WEB-IIS ASP contents view (web-iis.rules)
 979 - WEB-IIS ASP contents view (web-iis.rules)
 980 - WEB-IIS CGImail.exe access (web-iis.rules)
 984 - WEB-IIS JET VBA access (web-iis.rules)
 985 - WEB-IIS JET VBA access (web-iis.rules)
 986 - WEB-IIS MSProxy access (web-iis.rules)
 987 - WEB-IIS .htr access (web-iis.rules)
 988 - WEB-IIS SAM Attempt (web-iis.rules)
 991 - WEB-IIS achg.htr access (web-iis.rules)
 992 - WEB-IIS adctest.asp access (web-iis.rules)
 993 - WEB-IIS iisadmin access (web-iis.rules)
 994 - WEB-IIS /scripts/iisadmin/default.htm access (web-iis.rules)
 995 - WEB-IIS ism.dll access (web-iis.rules)
 996 - WEB-IIS anot.htr access (web-iis.rules)
 997 - WEB-IIS asp-dot attempt (web-iis.rules)
 998 - WEB-IIS asp-srch attempt (web-iis.rules)
 999 - WEB-IIS bdir access (web-iis.rules)
1000 - WEB-IIS bdir.htr access (web-iis.rules)
1002 - WEB-IIS cmd.exe access (web-iis.rules)
1003 - WEB-IIS cmd? access (web-iis.rules)
1004 - WEB-IIS codebrowser Exair access (web-iis.rules)
1005 - WEB-IIS codebrowser SDK access (web-iis.rules)
1007 - WEB-IIS Form_JScript.asp access (web-iis.rules)
1008 - WEB-IIS del attempt (web-iis.rules)
1009 - WEB-IIS directory listing (web-iis.rules)
1010 - WEB-IIS encoding access (web-iis.rules)
1011 - WEB-IIS exec-src access (web-iis.rules)
1012 - WEB-IIS fpcount attempt (web-iis.rules)
1013 - WEB-IIS fpcount access (web-iis.rules)
1015 - WEB-IIS getdrvs.exe access (web-iis.rules)
1016 - WEB-IIS global.asa access (web-iis.rules)
1017 - WEB-IIS idc-srch attempt (web-iis.rules)
1018 - WEB-IIS iisadmpwd attempt (web-iis.rules)
1019 - IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
1020 - WEB-IIS isc$data attempt (web-iis.rules)
1021 - WEB-IIS ism.dll attempt (web-iis.rules)
1022 - WEB-IIS jet vba access (web-iis.rules)
1023 - WEB-IIS msadcs.dll access (web-iis.rules)
1024 - WEB-IIS newdsn.exe access (web-iis.rules)
1025 - WEB-IIS perl access (web-iis.rules)
1026 - WEB-IIS perl-browse newline attempt (web-iis.rules)
1027 - WEB-IIS perl-browse space attempt (web-iis.rules)
1028 - WEB-IIS query.asp access (web-iis.rules)
1029 - WEB-IIS scripts-browse access (web-iis.rules)
1030 - WEB-IIS search97.vts access (web-iis.rules)
1031 - WEB-IIS /SiteServer/Publishing/viewcode.asp access (web-iis.rules)
1032 - WEB-IIS showcode access (web-iis.rules)
1033 - WEB-IIS showcode access (web-iis.rules)
1034 - WEB-IIS showcode access (web-iis.rules)
1035 - WEB-IIS showcode access (web-iis.rules)
1036 - WEB-IIS showcode access (web-iis.rules)
1037 - WEB-IIS showcode.asp access (web-iis.rules)
1038 - WEB-IIS site server config access (web-iis.rules)
1039 - WEB-IIS srch.htm access (web-iis.rules)
1040 - WEB-IIS srchadm access (web-iis.rules)
1041 - WEB-IIS uploadn.asp access (web-iis.rules)
1042 - WEB-IIS view source via translate header (web-iis.rules)
1043 - WEB-IIS viewcode.asp access (web-iis.rules)
1044 - WEB-IIS webhits access (web-iis.rules)
1045 - WEB-IIS Unauthorized IP Access Attempt (web-iis.rules)
1046 - WEB-IIS site/iisamples access (web-iis.rules)
1075 - WEB-IIS postinfo.asp access (web-iis.rules)
1076 - WEB-IIS repost.asp access (web-iis.rules)
1242 - WEB-IIS ISAPI .ida access (web-iis.rules)
1243 - WEB-IIS ISAPI .ida attempt (web-iis.rules)
1244 - WEB-IIS ISAPI .idq attempt (web-iis.rules)
1245 - WEB-IIS ISAPI .idq access (web-iis.rules)
1256 - WEB-IIS CodeRed v2 root.exe access (web-iis.rules)
1257 - DOS Winnuke attack (dos.rules)
1283 - WEB-IIS outlook web dos (web-iis.rules)
1285 - WEB-IIS msdac access (web-iis.rules)
1286 - WEB-IIS _mem_bin access (web-iis.rules)
1287 - WEB-IIS scripts access (web-iis.rules)
1380 - WEB-IIS Form_VBScript.asp access (web-iis.rules)
1400 - WEB-IIS /scripts/samples/ access (web-iis.rules)
1401 - WEB-IIS /msadc/samples/ access (web-iis.rules)
1402 - WEB-IIS iissamples access (web-iis.rules)
1408 - DOS MSDTC attempt (dos.rules)
1484 - WEB-IIS /isapi/tstisapi.dll access (web-iis.rules)
1485 - WEB-IIS mkilog.exe access (web-iis.rules)
1486 - WEB-IIS ctss.idc access (web-iis.rules)
1487 - WEB-IIS /iisadmpwd/aexp2.htr access (web-iis.rules)
1545 - DOS Cisco attempt (dos.rules)
1567 - WEB-IIS /exchange/root.asp attempt (web-iis.rules)
1568 - WEB-IIS /exchange/root.asp access (web-iis.rules)
1595 - WEB-IIS htimage.exe access (web-iis.rules)
1605 - DOS iParty DOS attempt (dos.rules)
1618 - WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules)
1626 - WEB-IIS /StoreCSVS/InstantOrder.asmx request (web-iis.rules)
1641 - DOS DB2 dos attempt (dos.rules)
1660 - WEB-IIS trace.axd access (web-iis.rules)
1661 - WEB-IIS cmd32.exe access (web-iis.rules)
1725 - WEB-IIS +.htr code fragment attempt (web-iis.rules)
1726 - WEB-IIS doctodep.btr access (web-iis.rules)
1750 - WEB-IIS users.xml access (web-iis.rules)
1753 - WEB-IIS as_web.exe access (web-iis.rules)
1754 - WEB-IIS as_web4.exe access (web-iis.rules)
1756 - WEB-IIS NewsPro administration authentication attempt (web-iis.rules)
1772 - WEB-IIS pbserver access (web-iis.rules)
1801 - WEB-IIS .asp HTTP header buffer overflow attempt (web-iis.rules)
1802 - WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
1803 - WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
1804 - WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
1806 - WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
1813 - ICMP digital island bandwidth query (icmp.rules)
1817 - WEB-IIS MS Site Server default login attempt (web-iis.rules)
1818 - WEB-IIS MS Site Server admin attempt (web-iis.rules)
1841 - WEB-CLIENT Javascript URL host spoofing attempt (web-client.rules)
1882 - ATTACK-RESPONSES id check returned userid (attack-responses.rules)
1970 - WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
2090 - WEB-IIS WEBDAV exploit attempt (web-iis.rules)
2091 - WEB-IIS WEBDAV nessus safe scan attempt (web-iis.rules)
2117 - WEB-IIS Battleaxe Forum login.asp access (web-iis.rules)
2129 - WEB-IIS nsiislog.dll access (web-iis.rules)
2130 - WEB-IIS IISProtect siteadmin.asp access (web-iis.rules)
2131 - WEB-IIS IISProtect access (web-iis.rules)
2132 - WEB-IIS Synchrologic Email Accelerator userid list access attempt (web-iis.rules)
2133 - WEB-IIS MS BizTalk server access (web-iis.rules)
2134 - WEB-IIS register.asp access (web-iis.rules)
2157 - WEB-IIS IISProtect globaladmin.asp access (web-iis.rules)
2190 - NETBIOS DCERPC invalid bind attempt (netbios.rules)
2192 - NETBIOS DCERPC ISystemActivator bind attempt (netbios.rules)
2247 - WEB-IIS UploadScript11.asp access (web-iis.rules)
2248 - WEB-IIS DirectoryListing.asp access (web-iis.rules)
2249 - WEB-IIS /pcadmin/login.asp access (web-iis.rules)
2251 - NETBIOS DCERPC Remote Activation bind attempt (netbios.rules)
2321 - WEB-IIS foxweb.exe access (web-iis.rules)
2322 - WEB-IIS foxweb.dll access (web-iis.rules)
2324 - WEB-IIS VP-ASP shopsearch.asp access (web-iis.rules)
2325 - WEB-IIS VP-ASP ShopDisplayProducts.asp access (web-iis.rules)
2326 - WEB-IIS sgdynamo.exe access (web-iis.rules)
2350 - NETBIOS DCERPC ISystemActivator bind accept (netbios.rules)
2351 - NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode (netbios.rules)
2352 - NETBIOS DCERPC ISystemActivator path overflow attempt big endian unicode (netbios.rules)
2378 - EXPLOIT ISAKMP third payload certificate request length overflow attempt (exploit.rules)
2379 - EXPLOIT ISAKMP forth payload certificate request length overflow attempt (exploit.rules)
2380 - EXPLOIT ISAKMP fifth payload certificate request length overflow attempt (exploit.rules)
2386 - WEB-IIS NTLM ASN.1 vulnerability scan attempt (web-iis.rules)
2403 - NETBIOS SMB Session Setup AndX request unicode username overflow attempt (netbios.rules)
2404 - NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt (netbios.rules)
2486 - DOS ISAKMP invalid identification payload attempt (dos.rules)
2494 - NETBIOS DCEPRC ORPCThis request flood attempt (deleted.rules)
2495 - NETBIOS SMB DCEPRC ORPCThis request flood attempt (deleted.rules)
2496 - NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (deleted.rules)
2507 - NETBIOS DCERPC LSASS bind attempt (netbios.rules)
2508 - NETBIOS DCERPC LSASS DsRolerUpgradeDownlevelServer Exploit attempt (netbios.rules)
2523 - DOS BGP spoofed connection reset attempt (dos.rules)
2527 - SMTP STARTTLS attempt (smtp.rules)
2571 - WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (web-iis.rules)
2572 - WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt (web-iis.rules)
2573 - WEB-IIS SmarterTools SmarterMail frmCompose.asp access (web-iis.rules)
2667 - WEB-IIS ping.asp access (web-iis.rules)
3087 - WEB-IIS w3who.dll buffer overflow attempt (web-iis.rules)
3089 - DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules)
3148 - WEB-CLIENT winhelp clsid attempt (web-client.rules)
3150 - WEB-IIS SQLXML content type overflow (web-iis.rules)
3156 - NETBIOS DCERPC msqueue bind attempt (netbios.rules)
3157 - NETBIOS DCERPC msqueue little endian bind attempt (netbios.rules)
3158 - NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt (netbios.rules)
3159 - NETBIOS DCERPC CoGetInstanceFromFile overflow attempt (netbios.rules)
3193 - WEB-IIS .cmd executable file parsing attack (web-iis.rules)
3194 - WEB-IIS .bat executable file parsing attack (web-iis.rules)
3197 - NETBIOS DCERPC ISystemActivator path overflow attempt little endian (netbios.rules)
3198 - NETBIOS DCERPC ISystemActivator path overflow attempt big endian (netbios.rules)
3201 - WEB-IIS httpodbc.dll access - nimda (web-iis.rules)
3441 - FTP PORT bounce attempt (ftp.rules)
3442 - DOS WIN32 TCP print service denial of service attempt (dos.rules)
3463 - WEB-CGI awstats access (web-cgi.rules)
3464 - WEB-CGI awstats.pl command execution attempt (web-cgi.rules)
3474 - EXPLOIT ARCserve backup TCP slot info msg client name overflow (exploit.rules)
3475 - EXPLOIT ARCserve backup TCP slot info msg client domain overflow (exploit.rules)
3476 - EXPLOIT ARCserve backup TCP product info msg 0x9b client domain overflow (exploit.rules)
3477 - EXPLOIT ARCserve backup TCP product info msg 0x9b client name overflow (exploit.rules)
3478 - EXPLOIT ARCserve backup TCP product info msg 0x9c client domain overflow (exploit.rules)
3479 - EXPLOIT ARCserve backup TCP product info msg 0x9c client name overflow (exploit.rules)
3480 - EXPLOIT ARCserve backup UDP slot info msg client name overflow (exploit.rules)
3481 - EXPLOIT ARCserve backup UDP slot info msg client domain overflow (exploit.rules)
3482 - EXPLOIT ARCserve backup UDP product info msg 0x9b client name overflow (exploit.rules)
3483 - EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow (exploit.rules)
3484 - EXPLOIT ARCserve backup UDP product info msg 0x9c client name overflow (exploit.rules)
3485 - EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow (exploit.rules)
3530 - EXPLOIT ARCserve backup UDP msg 0x99 client name overflow (exploit.rules)
3531 - EXPLOIT ARCserve backup UDP msg 0x99 client domain overflow (exploit.rules)
3532 - FTP ORACLE password buffer overflow attempt (ftp.rules)
3542 - MS-SQL SA brute force login attempt (sql.rules)
3543 - MS-SQL SA brute force login attempt TDS v7/8 (sql.rules)
3544 - WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt (web-misc.rules)
3545 - WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure (web-misc.rules)
3549 - WEB-CLIENT HTML DOM invalid element creation attempt (web-client.rules)
3552 - WEB-CLIENT OLE32 MSHTA masquerade attempt (web-client.rules)
3553 - WEB-CLIENT HTML DOM null element insertion attempt (web-client.rules)
3626 - ICMP PATH MTU denial of service (icmp.rules)
3627 - POLICY X-LINK2STATE CHUNK attempt (policy.rules)
3630 - FTP ORACLE TEST command buffer overflow attempt (ftp.rules)
3631 - FTP ORACLE user name buffer overflow attempt (ftp.rules)
3664 - EXPLOIT PPTP echo request buffer overflow attempt (exploit.rules)
3665 - MYSQL server greeting (mysql.rules)
3666 - MYSQL server greeting finished (mysql.rules)
3667 - MYSQL protocol 41 client authentication bypass attempt (mysql.rules)
3668 - MYSQL client authentication bypass attempt (mysql.rules)
3669 - MYSQL protocol 41 secure client overflow attempt (mysql.rules)
3670 - MYSQL secure client overflow attempt (mysql.rules)
3671 - MYSQL protocol 41 client overflow attempt (mysql.rules)
3672 - MYSQL client overflow attempt (mysql.rules)
3676 - WEB-MISC newsscript.pl admin attempt (web-misc.rules)
3677 - EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules)
3678 - EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules)
3686 - WEB-CLIENT Internet Explorer Content Advisor attempted overflow (web-client.rules)
3813 - WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules)
3814 - WEB-CLIENT IE javaprxy.dll COM access (web-client.rules)
3815 - SMTP eXchange POP3 mail server overflow attempt (smtp.rules)
3816 - WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
4132 - WEB-CLIENT msdds clsid attempt (web-client.rules)
4133 - WEB-CLIENT devenum clsid attempt (web-client.rules)
4134 - WEB-CLIENT blnmgr clsid attempt (web-client.rules)