Sourcefire VRT Certified Rules Update
Date: 2005-09-27
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 4194 - WEB-CLIENT multipacket CBO CBL CBM file transfer start (web-client.rules) 4195 - WEB-CLIENT multipacket CBO CBL CBM file transfer attempt (web-client.rules) 4196 - WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules) 4197 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules) Updated rules: 275 - DOS NAPTHA (dos.rules) 276 - DOS Real Audio Server (dos.rules) 277 - DOS Real Server template.html (dos.rules) 303 - DNS EXPLOIT named tsig overflow attempt (dns.rules) 306 - EXPLOIT VQServer admin (exploit.rules) 357 - FTP piss scan (ftp.rules) 806 - WEB-CGI yabb directory traversal attempt (web-cgi.rules) 811 - WEB-CGI websitepro path access (web-cgi.rules) 813 - WEB-CGI webplus directory traversal (web-cgi.rules) 820 - WEB-CGI anaconda directory transversal attempt (web-cgi.rules) 860 - WEB-CGI snork.bat access (web-cgi.rules) 908 - WEB-COLDFUSION administrator access (web-coldfusion.rules) 967 - WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules) 980 - WEB-IIS CGImail.exe access (web-iis.rules) 1018 - WEB-IIS iisadmpwd attempt (web-iis.rules) 1079 - WEB-MISC WebDAV propfind access (web-misc.rules) 1108 - WEB-MISC Tomcat server snoop access (web-misc.rules) 1109 - WEB-MISC ROXEN directory list attempt (web-misc.rules) 1160 - WEB-MISC Netscape dir index wp (web-misc.rules) 1187 - WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules) 1196 - WEB-CGI SGI InfoSearch fname attempt (web-cgi.rules) 1207 - WEB-MISC htgrep access (web-misc.rules) 1240 - EXPLOIT MDBMS overflow (exploit.rules) 1456 - WEB-CGI calender_admin.pl access (web-cgi.rules) 1468 - WEB-CGI Web Shopper shopper.cgi attempt (web-cgi.rules) 1536 - WEB-CGI calendar_admin.pl arbitrary command execution attempt (web-cgi.rules) 1537 - WEB-CGI calendar_admin.pl access (web-cgi.rules) 1538 - NNTP AUTHINFO USER overflow attempt (nntp.rules) 1539 - WEB-CGI /cgi-bin/ls access (web-cgi.rules) 1546 - WEB-MISC Cisco /%% DOS attempt (web-misc.rules) 1552 - WEB-MISC cvsweb version access (web-misc.rules) 1558 - WEB-MISC Delegate whois overflow attempt (web-misc.rules) 1569 - WEB-CGI loadpage.cgi directory traversal attempt (web-cgi.rules) 1570 - WEB-CGI loadpage.cgi access (web-cgi.rules) 1598 - WEB-CGI Home Free search.cgi directory traversal attempt (web-cgi.rules) 1605 - DOS iParty DOS attempt (dos.rules) 1615 - WEB-MISC htgrep attempt (web-misc.rules) 1621 - FTP CMD overflow attempt (ftp.rules) 1622 - FTP RNFR ././ attempt (ftp.rules) 1623 - FTP invalid MODE (ftp.rules) 1624 - FTP PWD overflow attempt (ftp.rules) 1625 - FTP SYST overflow attempt (ftp.rules) 1637 - WEB-CGI yabb access (web-cgi.rules) 1654 - WEB-CGI cart32.exe access (web-cgi.rules) 1890 - RPC status GHBN format string attack (rpc.rules) 1891 - RPC status GHBN format string attack (rpc.rules) 1913 - RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules) 1914 - RPC STATD TCP stat mon_name format string exploit attempt (rpc.rules) 1915 - RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules) 1916 - RPC STATD TCP monitor mon_name format string exploit attempt (rpc.rules) 1971 - FTP SITE EXEC format string attempt (ftp.rules) 2079 - RPC portmap nlockmgr request UDP (rpc.rules) 2080 - RPC portmap nlockmgr request TCP (rpc.rules) 2179 - FTP PASS format string attempt (ftp.rules) 2239 - WEB-MISC redirect.exe access (web-misc.rules) 2240 - WEB-MISC changepw.exe access (web-misc.rules) 2417 - FTP format string attempt (ftp.rules) 2921 - DNS UDP inverse query (dns.rules) 2922 - DNS TCP inverse query (dns.rules) 3077 - FTP RNFR overflow attempt (ftp.rules) 3218 - NETBIOS SMB OpenKey overflow attempt (netbios.rules) 3219 - NETBIOS SMB OpenKey little endian overflow attempt (netbios.rules) 3220 - NETBIOS SMB OpenKey unicode overflow attempt (netbios.rules) 3221 - NETBIOS SMB OpenKey unicode little endian overflow attempt (netbios.rules) 3222 - NETBIOS SMB OpenKey andx overflow attempt (netbios.rules) 3223 - NETBIOS SMB OpenKey little endian andx overflow attempt (netbios.rules) 3224 - NETBIOS SMB OpenKey unicode andx overflow attempt (netbios.rules) 3225 - NETBIOS SMB OpenKey unicode little endian andx overflow attempt (netbios.rules) 3226 - NETBIOS SMB-DS OpenKey overflow attempt (netbios.rules) 3227 - NETBIOS SMB-DS OpenKey little endian overflow attempt (netbios.rules) 3228 - NETBIOS SMB-DS OpenKey unicode overflow attempt (netbios.rules) 3229 - NETBIOS SMB-DS OpenKey unicode little endian overflow attempt (netbios.rules) 3230 - NETBIOS SMB-DS OpenKey andx overflow attempt (netbios.rules) 3231 - NETBIOS SMB-DS OpenKey little endian andx overflow attempt (netbios.rules) 3232 - NETBIOS SMB-DS OpenKey unicode andx overflow attempt (netbios.rules) 3233 - NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt (netbios.rules) 3523 - FTP SITE INDEX format string attempt (ftp.rules)
