Sourcefire VRT Update
Date: 2006-03-08
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 5714 - SMTP x-unix-mode executable mail attachment (smtp.rules) 5715 - WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules) 5716 - NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules) 5717 - NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules) 5718 - NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules) 5719 - NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules) 5720 - NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules) 5721 - NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5722 - NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules) 5723 - NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5724 - NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules) 5725 - NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules) 5726 - NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules) 5727 - NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules) 5728 - NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules) 5729 - NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules) 5730 - NETBIOS SMB Trans Max Param DOS attempt (netbios.rules) 5731 - NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules) 5732 - NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules) 5733 - NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules) 5734 - NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules) 5735 - NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules) 5736 - NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules) 5737 - NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules) 5738 - NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules) Updated rules: 337 - FTP CEL overflow attempt (ftp.rules) 1379 - FTP STAT overflow attempt (ftp.rules) 1529 - FTP SITE overflow attempt (ftp.rules) 1621 - FTP CMD overflow attempt (ftp.rules) 1624 - FTP PWD overflow attempt (ftp.rules) 1625 - FTP SYST overflow attempt (ftp.rules) 1734 - FTP USER overflow attempt (ftp.rules) 1792 - NNTP return code buffer overflow attempt (nntp.rules) 1919 - FTP CWD overflow attempt (ftp.rules) 1942 - FTP RMDIR overflow attempt (ftp.rules) 1972 - FTP PASS overflow attempt (ftp.rules) 1973 - FTP MKD overflow attempt (ftp.rules) 1974 - FTP REST overflow attempt (ftp.rules) 1975 - FTP DELE overflow attempt (ftp.rules) 1976 - FTP RMD overflow attempt (ftp.rules) 2101 - NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules) 2338 - FTP LIST buffer overflow attempt (ftp.rules) 2343 - FTP STOR overflow attempt (ftp.rules) 2344 - FTP XCWD overflow attempt (ftp.rules) 2373 - FTP XMKD overflow attempt (ftp.rules) 2374 - FTP NLST overflow attempt (ftp.rules) 2389 - FTP RNTO overflow attempt (ftp.rules) 2391 - FTP APPE overflow attempt (ftp.rules) 2392 - FTP RETR overflow attempt (ftp.rules) 2449 - FTP ALLO overflow attempt (ftp.rules) 2546 - FTP MDTM overflow attempt (ftp.rules) 3680 - P2P AOL Instant Messenger file send attempt (p2p.rules) 3681 - P2P AOL Instant Messenger file receive attempt (p2p.rules) 4990 - MS-SQL Heap-Based Overflow Attempt (sql.rules) 5316 - EXPLOIT CA CAM log_security overflow attempt (exploit.rules)
