Sourcefire VRT Update
Date: 2006-02-15
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 5692 - P2P Skype client successful install (p2p.rules) 5693 - P2P Skype client start up get latest version attempt (p2p.rules) 5694 - P2P Skype client setup get newest version attempt (p2p.rules) 5695 - WEB-IIS web agent redirect overflow attempt (web-iis.rules) 5696 - IMAP delete directory traversal attempt (imap.rules) 5697 - IMAP examine directory traversal attempt (imap.rules) 5698 - IMAP list directory traversal attempt (imap.rules) 5699 - IMAP lsub directory traversal attempt (imap.rules) 5700 - IMAP rename directory traversal attempt (imap.rules) 5701 - IMAP status directory traversal attempt (imap.rules) 5702 - IMAP subscribe directory traversal attempt (imap.rules) 5703 - IMAP unsubscribe directory traversal attempt (imap.rules) 5704 - IMAP SELECT overflow attempt (imap.rules) 5705 - IMAP CAPABILITY overflow attempt (imap.rules) 5706 - POLICY Namazu incoming namazu.cgi access (policy.rules) 5707 - POLICY Namazu outbound namazu.cgi access (policy.rules) 5709 - WEB-PHP file upload directory traversal (web-php.rules) 5710 - WEB-CLIENT Windows Media Player Plugin For Non-IE Browsers Buffer Overflow (web-client.rules) 5711 - WEB-CLIENT Windows Media Player zero length bitmap heap overflow attempt (web-client.rules) Updated rules: 1021 - WEB-IIS ism.dll attempt (web-iis.rules) 1079 - WEB-MISC WebDAV propfind access (web-misc.rules) 1425 - WEB-PHP content-disposition file upload attempt (web-php.rules) 1861 - WEB-MISC Linksys router default username and password login attempt (web-misc.rules) 2259 - SMTP EXPN overflow attempt (smtp.rules) 2260 - SMTP VRFY overflow attempt (smtp.rules) 2486 - DOS ISAKMP invalid identification payload attempt (dos.rules) 2522 - WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules) 3549 - WEB-CLIENT HTML DOM invalid element creation attempt (web-client.rules) 3653 - SMTP SAML overflow attempt (smtp.rules) 3654 - SMTP SOML overflow attempt (smtp.rules) 3655 - SMTP SEND overflow attempt (smtp.rules) 3656 - SMTP MAIL overflow attempt (smtp.rules) 3824 - SMTP AUTH user overflow attempt (smtp.rules) 4060 - POLICY RDP attempted Administrator connection request (policy.rules)
