Sourcefire VRT Update
Date: 2005-12-30
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 4982 - WEB-CLIENT Adodb.Stream ActiveX Object Access (web-client.rules) 4983 - WEB-CLIENT Adodb.Stream ActiveX Object Access CreateObject Function (web-client.rules) 4984 - MS-SQL/SMB sa brute force failed login unicode attempt (sql.rules) 4985 - WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules) 4986 - WEB-MISC Twiki view rev command injection attempt (web-misc.rules) 4987 - WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules) 4988 - WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules) 4989 - MS-SQL Heap-Based Overflow Attempt (sql.rules) 4990 - MS-SQL Heap-Based Overflow Attempt (sql.rules) 4991 - NETBIOS SMB lsass unicode alter context attempt (netbios.rules) 4992 - NETBIOS SMB lsass WriteAndX unicode alter context attempt (netbios.rules) 4993 - NETBIOS SMB lsass unicode bind attempt (netbios.rules) 4994 - NETBIOS SMB lsass WriteAndX unicode bind attempt (netbios.rules) 4995 - NETBIOS SMB-DS lsass bind attempt (netbios.rules) 4996 - NETBIOS SMB-DS lsass WriteAndX bind attempt (netbios.rules) 4997 - NETBIOS SMB-DS lsass unicode bind attempt (netbios.rules) 4998 - NETBIOS SMB-DS lsass WriteAndX unicode bind attempt (netbios.rules) 4999 - NETBIOS-DG SMB lsass bind attempt (netbios.rules) 5000 - NETBIOS-DG SMB lsass WriteAndX bind attempt (netbios.rules) 5001 - NETBIOS-DG SMB lsass unicode bind attempt (netbios.rules) 5002 - NETBIOS-DG SMB lsass WriteAndX unicode bind attempt (netbios.rules) 5003 - NETBIOS SMB lsass little endian bind attempt (netbios.rules) 5004 - NETBIOS SMB lsass WriteAndX little endian bind attempt (netbios.rules) 5005 - NETBIOS SMB-DS lsass alter context attempt (netbios.rules) 5006 - NETBIOS-DG SMB lsass WriteAndX unicode alter context attempt (netbios.rules) 5007 - NETBIOS SMB lsass little endian alter context attempt (netbios.rules) 5008 - NETBIOS SMB lsass WriteAndX little endian alter context attempt (netbios.rules) 5009 - NETBIOS SMB lsass unicode little endian alter context attempt (netbios.rules) 5010 - NETBIOS SMB lsass WriteAndX unicode little endian alter context attempt (netbios.rules) 5011 - NETBIOS SMB-DS lsass little endian alter context attempt (netbios.rules) 5012 - NETBIOS SMB-DS lsass WriteAndX little endian alter context attempt (netbios.rules) 5013 - NETBIOS SMB-DS lsass unicode little endian alter context attempt (netbios.rules) 5014 - NETBIOS SMB-DS lsass WriteAndX unicode little endian alter context attempt (netbios.rules) 5015 - NETBIOS-DG SMB lsass little endian alter context attempt (netbios.rules) 5016 - NETBIOS-DG SMB lsass WriteAndX little endian alter context attempt (netbios.rules) 5017 - NETBIOS-DG SMB lsass unicode little endian alter context attempt (netbios.rules) 5018 - NETBIOS-DG SMB lsass WriteAndX unicode little endian alter context attempt (netbios.rules) 5019 - NETBIOS SMB lsass bind attempt (netbios.rules) 5020 - NETBIOS SMB lsass WriteAndX bind attempt (netbios.rules) 5021 - NETBIOS SMB lsass unicode little endian bind attempt (netbios.rules) 5022 - NETBIOS SMB lsass WriteAndX unicode little endian bind attempt (netbios.rules) 5023 - NETBIOS SMB-DS lsass little endian bind attempt (netbios.rules) 5024 - NETBIOS SMB-DS lsass WriteAndX little endian bind attempt (netbios.rules) 5025 - NETBIOS SMB-DS lsass unicode little endian bind attempt (netbios.rules) 5026 - NETBIOS SMB-DS lsass WriteAndX unicode little endian bind attempt (netbios.rules) 5027 - NETBIOS-DG SMB lsass little endian bind attempt (netbios.rules) 5028 - NETBIOS-DG SMB lsass WriteAndX little endian bind attempt (netbios.rules) 5029 - NETBIOS-DG SMB lsass unicode little endian bind attempt (netbios.rules) 5030 - NETBIOS-DG SMB lsass WriteAndX unicode little endian bind attempt (netbios.rules) 5031 - NETBIOS SMB lsass andx alter context attempt (netbios.rules) 5032 - NETBIOS SMB-DS lsass WriteAndX andx alter context attempt (netbios.rules) 5033 - NETBIOS SMB-DS lsass unicode andx alter context attempt (netbios.rules) 5034 - NETBIOS SMB lsass WriteAndX andx alter context attempt (netbios.rules) 5035 - NETBIOS SMB-DS lsass WriteAndX unicode andx alter context attempt (netbios.rules) 5036 - NETBIOS-DG SMB lsass andx alter context attempt (netbios.rules) 5037 - NETBIOS-DG SMB lsass WriteAndX andx alter context attempt (netbios.rules) 5038 - NETBIOS-DG SMB lsass unicode andx alter context attempt (netbios.rules) 5039 - NETBIOS SMB lsass unicode andx alter context attempt (netbios.rules) 5040 - NETBIOS SMB lsass WriteAndX unicode andx alter context attempt (netbios.rules) 5041 - NETBIOS SMB lsass unicode andx bind attempt (netbios.rules) 5042 - NETBIOS SMB lsass WriteAndX unicode andx bind attempt (netbios.rules) 5043 - NETBIOS SMB-DS lsass andx bind attempt (netbios.rules) 5044 - NETBIOS SMB-DS lsass WriteAndX andx bind attempt (netbios.rules) 5045 - NETBIOS SMB-DS lsass unicode andx bind attempt (netbios.rules) 5046 - NETBIOS SMB-DS lsass WriteAndX unicode andx bind attempt (netbios.rules) 5047 - NETBIOS-DG SMB lsass andx bind attempt (netbios.rules) 5048 - NETBIOS-DG SMB lsass WriteAndX andx bind attempt (netbios.rules) 5049 - NETBIOS-DG SMB lsass unicode andx bind attempt (netbios.rules) 5050 - NETBIOS-DG SMB lsass WriteAndX unicode andx bind attempt (netbios.rules) 5051 - NETBIOS SMB lsass little endian andx bind attempt (netbios.rules) 5052 - NETBIOS SMB lsass WriteAndX little endian andx bind attempt (netbios.rules) 5053 - NETBIOS SMB-DS lsass andx alter context attempt (netbios.rules) 5054 - NETBIOS-DG SMB lsass WriteAndX unicode andx alter context attempt (netbios.rules) 5055 - NETBIOS SMB lsass little endian andx alter context attempt (netbios.rules) 5056 - NETBIOS SMB lsass WriteAndX little endian andx alter context attempt (netbios.rules) 5057 - NETBIOS SMB lsass unicode little endian andx alter context attempt (netbios.rules) 5058 - NETBIOS SMB lsass WriteAndX unicode little endian andx alter context attempt (netbios.rules) 5059 - NETBIOS SMB-DS lsass little endian andx alter context attempt (netbios.rules) 5060 - NETBIOS SMB-DS lsass WriteAndX little endian andx alter context attempt (netbios.rules) 5061 - NETBIOS SMB-DS lsass unicode little endian andx alter context attempt (netbios.rules) 5062 - NETBIOS SMB-DS lsass WriteAndX unicode little endian andx alter context attempt (netbios.rules) 5063 - NETBIOS-DG SMB lsass little endian andx alter context attempt (netbios.rules) 5064 - NETBIOS-DG SMB lsass WriteAndX little endian andx alter context attempt (netbios.rules) 5065 - NETBIOS-DG SMB lsass unicode little endian andx alter context attempt (netbios.rules) 5066 - NETBIOS-DG SMB lsass WriteAndX unicode little endian andx alter context attempt (netbios.rules) 5067 - NETBIOS SMB lsass andx bind attempt (netbios.rules) 5068 - NETBIOS SMB lsass WriteAndX andx bind attempt (netbios.rules) 5069 - NETBIOS SMB lsass unicode little endian andx bind attempt (netbios.rules) 5070 - NETBIOS SMB lsass WriteAndX unicode little endian andx bind attempt (netbios.rules) 5071 - NETBIOS SMB-DS lsass little endian andx bind attempt (netbios.rules) 5072 - NETBIOS SMB-DS lsass WriteAndX little endian andx bind attempt (netbios.rules) 5073 - NETBIOS SMB-DS lsass unicode little endian andx bind attempt (netbios.rules) 5074 - NETBIOS SMB-DS lsass WriteAndX unicode little endian andx bind attempt (netbios.rules) 5075 - NETBIOS-DG SMB lsass little endian andx bind attempt (netbios.rules) 5076 - NETBIOS-DG SMB lsass WriteAndX little endian andx bind attempt (netbios.rules) 5077 - NETBIOS-DG SMB lsass unicode little endian andx bind attempt (netbios.rules) 5078 - NETBIOS-DG SMB lsass WriteAndX unicode little endian andx bind attempt (netbios.rules) 5079 - NETBIOS DCERPC DIRECT lsass little endian alter context attempt (netbios.rules) 5080 - NETBIOS DCERPC NCACN-HTTP lsass alter context attempt (netbios.rules) 5081 - NETBIOS DCERPC NCACN-IP-TCP lsass alter context attempt (netbios.rules) 5082 - NETBIOS DCERPC NCADG-IP-UDP lsass alter context attempt (netbios.rules) 5083 - NETBIOS DCERPC NCACN-IP-TCP lsass little endian alter context attempt (netbios.rules) 5084 - NETBIOS DCERPC NCACN-HTTP lsass little endian alter context attempt (netbios.rules) 5085 - NETBIOS DCERPC NCADG-IP-UDP lsass little endian alter context attempt (netbios.rules) 5086 - NETBIOS DCERPC DIRECT lsass alter context attempt (netbios.rules) 5087 - NETBIOS DCERPC DIRECT lsass little endian bind attempt (netbios.rules) 5088 - NETBIOS DCERPC NCACN-HTTP lsass bind attempt (netbios.rules) 5089 - NETBIOS DCERPC NCACN-IP-TCP lsass bind attempt (netbios.rules) 5090 - NETBIOS DCERPC NCADG-IP-UDP lsass bind attempt (netbios.rules) 5091 - NETBIOS DCERPC NCACN-IP-TCP lsass little endian bind attempt (netbios.rules) 5092 - NETBIOS DCERPC NCACN-HTTP lsass little endian bind attempt (netbios.rules) 5093 - NETBIOS DCERPC NCADG-IP-UDP lsass little endian bind attempt (netbios.rules) 5094 - NETBIOS DCERPC DIRECT lsass bind attempt (netbios.rules) 5095 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5096 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5097 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5098 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5099 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5100 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5101 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5102 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5103 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5104 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5105 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5106 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5107 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5108 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5109 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5110 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5111 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5112 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5113 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5114 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5115 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5116 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5117 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5118 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5119 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5120 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5121 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5122 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5123 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5124 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5125 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5126 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5127 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5128 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5129 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5130 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5131 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5132 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5133 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX attempt (netbios.rules) 5134 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode attempt (netbios.rules) 5135 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode attempt (netbios.rules) 5136 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5137 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5138 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian attempt (netbios.rules) 5139 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5140 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian attempt (netbios.rules) 5141 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5142 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian attempt (netbios.rules) 5143 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5144 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5145 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5146 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5147 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5148 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5149 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5150 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5151 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5152 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5153 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5154 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5155 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5156 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5157 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5158 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5159 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5160 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5161 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5162 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5163 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5164 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5165 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5166 - NETBIOS-DG SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5167 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5168 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5169 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5170 - NETBIOS SMB lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5171 - NETBIOS SMB-DS lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5172 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5173 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5174 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5175 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5176 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation andx attempt (netbios.rules) 5177 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5178 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5179 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5180 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5181 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX andx attempt (netbios.rules) 5182 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode andx attempt (netbios.rules) 5183 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode andx attempt (netbios.rules) 5184 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation little endian andx attempt (netbios.rules) 5185 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5186 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX little endian andx attempt (netbios.rules) 5187 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5188 - NETBIOS-DG SMB v4 lsass DsRolerGetPrimaryDomainInformation unicode little endian andx attempt (netbios.rules) 5189 - NETBIOS SMB v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5190 - NETBIOS SMB-DS v4 lsass DsRolerGetPrimaryDomainInformation WriteAndX unicode little endian andx attempt (netbios.rules) 5191 - NETBIOS DCERPC DIRECT v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5192 - NETBIOS DCERPC NCACN-IP-TCP v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5193 - NETBIOS DCERPC DIRECT v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5194 - NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5195 - NETBIOS DCERPC NCADG-IP-UDP v4 lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5196 - NETBIOS DCERPC NCACN-IP-TCP v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5197 - NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5198 - NETBIOS DCERPC NCADG-IP-UDP v4 lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5199 - NETBIOS DCERPC DIRECT lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5200 - NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5201 - NETBIOS DCERPC DIRECT lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5202 - NETBIOS DCERPC NCACN-HTTP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5203 - NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules) 5204 - NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5205 - NETBIOS DCERPC NCACN-HTTP lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5206 - NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation little endian attempt (netbios.rules) 5207 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5208 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5209 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5210 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5211 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 5212 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5213 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5214 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5215 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5216 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5217 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5218 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5219 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5220 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5221 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5222 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5223 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5224 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5225 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5226 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 5227 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5228 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5229 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5230 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5231 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5232 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5233 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5234 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5235 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5236 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX overflow attempt (netbios.rules) 5237 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5238 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer unicode overflow attempt (netbios.rules) 5239 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5240 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode overflow attempt (netbios.rules) 5241 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 5242 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5243 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5244 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5245 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5246 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5247 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5248 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5249 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer unicode little endian overflow attempt (netbios.rules) 5250 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 5251 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian overflow attempt (netbios.rules) 5252 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5253 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5254 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5255 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5256 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5257 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5258 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5259 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5260 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5261 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5262 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5263 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5264 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5265 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5266 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5267 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5268 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5269 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5270 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5271 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5272 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5273 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5274 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5275 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5276 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5277 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5278 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5279 - NETBIOS-DG SMB lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5280 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5281 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5282 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5283 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5284 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX andx overflow attempt (netbios.rules) 5285 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5286 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer unicode andx overflow attempt (netbios.rules) 5287 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer andx overflow attempt (netbios.rules) 5288 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode andx overflow attempt (netbios.rules) 5289 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5290 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5291 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5292 - NETBIOS SMB v4 lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5293 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5294 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5295 - NETBIOS SMB-DS v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5296 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer little endian andx overflow attempt (netbios.rules) 5297 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer unicode little endian andx overflow attempt (netbios.rules) 5298 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian andx overflow attempt (netbios.rules) 5299 - NETBIOS-DG SMB v4 lsass DsRolerUpgradeDownlevelServer WriteAndX little endian andx overflow attempt (netbios.rules) 5300 - NETBIOS DCERPC DIRECT v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5301 - NETBIOS DCERPC NCADG-IP-UDP v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5302 - NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5303 - NETBIOS DCERPC NCACN-IP-TCP v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5304 - NETBIOS DCERPC NCACN-IP-TCP v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5305 - NETBIOS DCERPC DIRECT v4 lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5306 - NETBIOS DCERPC NCADG-IP-UDP v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5307 - NETBIOS DCERPC NCACN-HTTP v4 lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5308 - NETBIOS DCERPC DIRECT lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5309 - NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5310 - NETBIOS DCERPC NCACN-HTTP lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5311 - NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5312 - NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5313 - NETBIOS DCERPC DIRECT lsass DsRolerUpgradeDownlevelServer little endian overflow attempt (netbios.rules) 5314 - NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5315 - NETBIOS DCERPC NCACN-HTTP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 5316 - EXPLOIT CA CAM log_security overflow attempt (exploit.rules) 5317 - EXPLOIT pcAnywhere buffer overflow attempt (exploit.rules) 5318 - WEB-CLIENT wmf file SetAbortProc arbitrary code execution attempt (web-client.rules) 5319 - WEB-CLIENT Metasploit Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules) 5320 - VIRUS Possible Sober virus call home attempt (virus.rules) 5321 - VIRUS Possible Sober virus NTP time check attempt (virus.rules) 5322 - VIRUS Possible Sober virus NTP time check attempt (virus.rules) 5323 - VIRUS Possible Sober virus NTP time check attempt (virus.rules) Updated rules: 1250 - WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules) 1536 - WEB-CGI calendar_admin.pl arbitrary command execution attempt (web-cgi.rules) 1537 - WEB-CGI calendar_admin.pl access (web-cgi.rules) 1701 - WEB-CGI calendar-admin.pl access (web-cgi.rules) 1734 - FTP USER overflow attempt (ftp.rules) 1792 - NNTP return code buffer overflow attempt (nntp.rules) 1972 - FTP PASS overflow attempt (ftp.rules) 2050 - MS-SQL version overflow attempt (sql.rules) 2507 - NETBIOS SMB lsass alter context attempt (netbios.rules) 2508 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules) 2509 - NETBIOS SMB-DS lsass WriteAndX alter context attempt (netbios.rules) 2510 - NETBIOS SMB-DS lsass unicode alter context attempt (netbios.rules) 2511 - NETBIOS SMB-DS lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 2512 - NETBIOS SMB lsass WriteAndX alter context attempt (netbios.rules) 2513 - NETBIOS SMB-DS lsass WriteAndX unicode alter context attempt (netbios.rules) 2514 - NETBIOS SMB lsass DsRolerUpgradeDownlevelServer WriteAndX unicode little endian overflow attempt (netbios.rules) 2524 - NETBIOS-DG SMB lsass alter context attempt (netbios.rules) 2525 - NETBIOS-DG SMB lsass WriteAndX alter context attempt (netbios.rules) 2526 - NETBIOS-DG SMB lsass unicode alter context attempt (netbios.rules) 2591 - DELETED SMTP From command overflow attempt (deleted.rules) 2592 - DELETED SMTP ReplyTo command overflow attempt (deleted.rules) 2593 - DELETED SMTP Sender command overflow attempt (deleted.rules) 2594 - DELETED SMTP To command overflow attempt (deleted.rules) 2595 - DELETED SMTP CC command overflow attempt (deleted.rules) 2596 - DELETED SMTP BCC command overflow attempt (deleted.rules) 3071 - IMAP status literal overflow attempt (imap.rules) 3072 - IMAP status overflow attempt (imap.rules) 3549 - WEB-CLIENT HTML DOM invalid element creation attempt (web-client.rules) 3550 - WEB-CLIENT HTML http scheme hostname overflow attempt (web-client.rules) 3679 - WEB-CLIENT Firefox IFRAME src javascript code execution (web-client.rules)
