Sourcefire VRT Update
Date: 2006-04-12
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 5997 - WEB-MISC WinProxy overly long host header buffer overflow attempt (web-misc.rules) 5998 - P2P Skype client login startup (p2p.rules) 5999 - P2P Skype client login (p2p.rules) 6000 - P2P Skype client login startup (p2p.rules) 6001 - P2P Skype client login (p2p.rules) 6002 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Layout ActiveX Object Access (web-client.rules) 6003 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Route ActiveX Object Access (web-client.rules) 6004 - WEB-CLIENT Microsoft DT DDS Circular Auto Layout Logic 2 ActiveX Object Access (web-client.rules) 6005 - WEB-CLIENT Microsoft DT DDS Straight Line Routing Logic 2 ActiveX Object Access (web-client.rules) 6006 - WEB-CLIENT Microsoft DT Icon Control ActiveX Object Access (web-client.rules) 6007 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Layout ActiveX Object Access (web-client.rules) 6008 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Route ActiveX Object Access (web-client.rules) 6009 - WEB-CLIENT RDS.Dataspace ActiveX Object Access (web-client.rules) 6010 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt (exploit.rules) 6011 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt (exploit.rules) Updated rules: 159 - DELETED BACKDOOR NetMetro File List (deleted.rules) 2527 - SMTP STARTTLS attempt (smtp.rules) 3668 - MYSQL client authentication bypass attempt (mysql.rules) 5692 - P2P Skype client successful install (p2p.rules) 5693 - P2P Skype client start up get latest version attempt (p2p.rules) 5694 - P2P Skype client setup get newest version attempt (p2p.rules)
