Sourcefire VRT Update
Date: 2006-06-15
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 6513 - EXPLOIT Asterisk IAX2 truncated video mini-frame packet overflow attempt (exploit.rules) 6514 - EXPLOIT Asterisk IAX2 truncated full-frame packet overflow attempt (exploit.rules) 6515 - EXPLOIT Asterisk IAX2 truncated mini-frame packet overflow attempt (exploit.rules) 6516 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (web-client.rules) 6517 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID access (web-client.rules) 6518 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID unicode access (web-client.rules) 6519 - DELETED WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (deleted.rules) 6520 - NETBIOS SMB rras alter context attempt (netbios.rules) 6521 - NETBIOS SMB rras unicode alter context attempt (netbios.rules) 6522 - NETBIOS SMB rras WriteAndX alter context attempt (netbios.rules) 6523 - NETBIOS SMB rras WriteAndX unicode alter context attempt (netbios.rules) 6524 - NETBIOS SMB-DS rras alter context attempt (netbios.rules) 6525 - NETBIOS SMB-DS rras WriteAndX alter context attempt (netbios.rules) 6526 - NETBIOS SMB-DS rras unicode alter context attempt (netbios.rules) 6527 - NETBIOS SMB-DS rras WriteAndX unicode alter context attempt (netbios.rules) 6528 - NETBIOS SMB rras little endian alter context attempt (netbios.rules) 6529 - NETBIOS SMB rras WriteAndX little endian alter context attempt (netbios.rules) 6530 - NETBIOS SMB rras unicode little endian alter context attempt (netbios.rules) 6531 - NETBIOS SMB rras WriteAndX unicode little endian alter context attempt (netbios.rules) 6532 - NETBIOS SMB-DS rras little endian alter context attempt (netbios.rules) 6533 - NETBIOS SMB-DS rras WriteAndX little endian alter context attempt (netbios.rules) 6534 - NETBIOS SMB-DS rras unicode little endian alter context attempt (netbios.rules) 6535 - NETBIOS SMB-DS rras WriteAndX unicode little endian alter context attempt (netbios.rules) 6536 - NETBIOS SMB rras bind attempt (netbios.rules) 6537 - NETBIOS SMB rras unicode bind attempt (netbios.rules) 6538 - NETBIOS SMB rras WriteAndX bind attempt (netbios.rules) 6539 - NETBIOS SMB rras WriteAndX unicode bind attempt (netbios.rules) 6540 - NETBIOS SMB-DS rras bind attempt (netbios.rules) 6541 - NETBIOS SMB-DS rras WriteAndX bind attempt (netbios.rules) 6542 - NETBIOS SMB-DS rras unicode bind attempt (netbios.rules) 6543 - NETBIOS SMB-DS rras WriteAndX unicode bind attempt (netbios.rules) 6544 - NETBIOS SMB rras little endian bind attempt (netbios.rules) 6545 - NETBIOS SMB rras WriteAndX little endian bind attempt (netbios.rules) 6546 - NETBIOS SMB rras unicode little endian bind attempt (netbios.rules) 6547 - NETBIOS SMB rras WriteAndX unicode little endian bind attempt (netbios.rules) 6548 - NETBIOS SMB-DS rras little endian bind attempt (netbios.rules) 6549 - NETBIOS SMB-DS rras WriteAndX little endian bind attempt (netbios.rules) 6550 - NETBIOS SMB-DS rras unicode little endian bind attempt (netbios.rules) 6551 - NETBIOS SMB-DS rras WriteAndX unicode little endian bind attempt (netbios.rules) 6552 - NETBIOS SMB rras andx alter context attempt (netbios.rules) 6553 - NETBIOS SMB rras unicode andx alter context attempt (netbios.rules) 6554 - NETBIOS SMB rras WriteAndX andx alter context attempt (netbios.rules) 6555 - NETBIOS SMB rras WriteAndX unicode andx alter context attempt (netbios.rules) 6556 - NETBIOS SMB-DS rras andx alter context attempt (netbios.rules) 6557 - NETBIOS SMB-DS rras WriteAndX andx alter context attempt (netbios.rules) 6558 - NETBIOS SMB-DS rras unicode andx alter context attempt (netbios.rules) 6559 - NETBIOS SMB-DS rras WriteAndX unicode andx alter context attempt (netbios.rules) 6560 - NETBIOS SMB rras little endian andx alter context attempt (netbios.rules) 6561 - NETBIOS SMB rras WriteAndX little endian andx alter context attempt (netbios.rules) 6562 - NETBIOS SMB rras unicode little endian andx alter context attempt (netbios.rules) 6563 - NETBIOS SMB rras WriteAndX unicode little endian andx alter context attempt (netbios.rules) 6564 - NETBIOS SMB-DS rras little endian andx alter context attempt (netbios.rules) 6565 - NETBIOS SMB-DS rras WriteAndX little endian andx alter context attempt (netbios.rules) 6566 - NETBIOS SMB-DS rras unicode little endian andx alter context attempt (netbios.rules) 6567 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx alter context attempt (netbios.rules) 6568 - NETBIOS SMB rras andx bind attempt (netbios.rules) 6569 - NETBIOS SMB rras unicode andx bind attempt (netbios.rules) 6570 - NETBIOS SMB rras WriteAndX andx bind attempt (netbios.rules) 6571 - NETBIOS SMB rras WriteAndX unicode andx bind attempt (netbios.rules) 6572 - NETBIOS SMB-DS rras andx bind attempt (netbios.rules) 6573 - NETBIOS SMB-DS rras WriteAndX andx bind attempt (netbios.rules) 6574 - NETBIOS SMB-DS rras unicode andx bind attempt (netbios.rules) 6575 - NETBIOS SMB-DS rras WriteAndX unicode andx bind attempt (netbios.rules) 6576 - NETBIOS SMB rras little endian andx bind attempt (netbios.rules) 6577 - NETBIOS SMB rras WriteAndX little endian andx bind attempt (netbios.rules) 6578 - NETBIOS SMB rras unicode little endian andx bind attempt (netbios.rules) 6579 - NETBIOS SMB rras WriteAndX unicode little endian andx bind attempt (netbios.rules) 6580 - NETBIOS SMB-DS rras little endian andx bind attempt (netbios.rules) 6581 - NETBIOS SMB-DS rras WriteAndX little endian andx bind attempt (netbios.rules) 6582 - NETBIOS SMB-DS rras unicode little endian andx bind attempt (netbios.rules) 6583 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx bind attempt (netbios.rules) 6584 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules) 6585 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules) 6586 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6587 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules) 6588 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules) 6589 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules) 6590 - NETBIOS SMB rras RasRpcSubmitRequest overflow attempt (netbios.rules) 6591 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules) 6592 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6593 - NETBIOS SMB rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules) 6594 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules) 6595 - NETBIOS SMB v4 rras RasRpcSubmitRequest overflow attempt (netbios.rules) 6596 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules) 6597 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules) 6598 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6599 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules) 6600 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode overflow attempt (netbios.rules) 6601 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest overflow attempt (netbios.rules) 6602 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules) 6603 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules) 6604 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules) 6605 - NETBIOS SMB rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules) 6606 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian overflow attempt (netbios.rules) 6607 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules) 6608 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian object call overflow attempt (netbios.rules) 6609 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian object call overflow attempt (netbios.rules) 6610 - NETBIOS SMB rras RasRpcSubmitRequest little endian object call overflow attempt (netbios.rules) 6611 - NETBIOS SMB-DS rras RasRpcSubmitRequest overflow attempt (netbios.rules) 6612 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX overflow attempt (netbios.rules) 6613 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode overflow attempt (netbios.rules) 6614 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules) 6615 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules) 6616 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian overflow attempt (netbios.rules) 6617 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian overflow attempt (netbios.rules) 6618 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode little endian overflow attempt (netbios.rules) 6619 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian object call overflow attempt (netbios.rules) 6620 - NETBIOS SMB rras RasRpcSubmitRequest object call overflow attempt (netbios.rules) 6621 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules) 6622 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode object call overflow attempt (netbios.rules) 6623 - NETBIOS SMB rras RasRpcSubmitRequest unicode object call overflow attempt (netbios.rules) 6624 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode object call overflow attempt (netbios.rules) 6625 - NETBIOS SMB-DS rras RasRpcSubmitRequest object call overflow attempt (netbios.rules) 6626 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX object call overflow attempt (netbios.rules) 6627 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode object call overflow attempt (netbios.rules) 6628 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian object call overflow attempt (netbios.rules) 6629 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian object call overflow attempt (netbios.rules) 6630 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian object call overflow attempt (netbios.rules) 6631 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian object call overflow attempt (netbios.rules) 6632 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules) 6633 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules) 6634 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules) 6635 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6636 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules) 6637 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules) 6638 - NETBIOS SMB rras RasRpcSubmitRequest andx overflow attempt (netbios.rules) 6639 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules) 6640 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules) 6641 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules) 6642 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules) 6643 - NETBIOS SMB v4 rras RasRpcSubmitRequest andx overflow attempt (netbios.rules) 6644 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules) 6645 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6646 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules) 6647 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules) 6648 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode andx overflow attempt (netbios.rules) 6649 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest andx overflow attempt (netbios.rules) 6650 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules) 6651 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules) 6652 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules) 6653 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules) 6654 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian andx overflow attempt (netbios.rules) 6655 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules) 6656 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx object call overflow attempt (netbios.rules) 6657 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 6658 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx object call overflow attempt (netbios.rules) 6659 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx overflow attempt (netbios.rules) 6660 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx overflow attempt (netbios.rules) 6661 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx overflow attempt (netbios.rules) 6662 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules) 6663 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6664 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx overflow attempt (netbios.rules) 6665 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian andx overflow attempt (netbios.rules) 6666 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode little endian andx overflow attempt (netbios.rules) 6667 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 6668 - NETBIOS SMB rras RasRpcSubmitRequest andx object call overflow attempt (netbios.rules) 6669 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx object call overflow attempt (netbios.rules) 6670 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx object call overflow attempt (netbios.rules) 6671 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules) 6672 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx object call overflow attempt (netbios.rules) 6673 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx object call overflow attempt (netbios.rules) 6674 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx object call overflow attempt (netbios.rules) 6675 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx object call overflow attempt (netbios.rules) 6676 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian andx object call overflow attempt (netbios.rules) 6677 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx object call overflow attempt (netbios.rules) 6678 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian andx object call overflow attempt (netbios.rules) 6679 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian andx object call overflow attempt (netbios.rules) 6680 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID unicode access (web-client.rules) 6681 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID access (web-client.rules) 6682 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX function call access (web-client.rules) 6683 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX CLSID unicode access (web-client.rules) 6684 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX CLSID access (web-client.rules) 6685 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX CLSID unicode access (web-client.rules) 6686 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX CLSID access (web-client.rules) 6687 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX function call access (web-client.rules) 6688 - WEB-CLIENT PNG file transfer (web-client.rules) 6689 - WEB-CLIENT Malformed PNG detected cHRM overflow attempt (web-client.rules) 6690 - WEB-CLIENT Malformed PNG detected iCCP overflow attempt (web-client.rules) 6691 - WEB-CLIENT Malformed PNG detected sBIT overflow attempt (web-client.rules) 6692 - WEB-CLIENT Malformed PNG detected sRGB overflow attempt (web-client.rules) 6693 - WEB-CLIENT Malformed PNG detected bKGD overflow attempt (web-client.rules) 6694 - WEB-CLIENT Malformed PNG detected hIST overflow attempt (web-client.rules) 6695 - WEB-CLIENT Malformed PNG detected tRNS overflow attempt (web-client.rules) 6696 - WEB-CLIENT Malformed PNG detected pHYs overflow attempt (web-client.rules) 6697 - WEB-CLIENT Malformed PNG detected sPLT overflow attempt (web-client.rules) 6698 - WEB-CLIENT Malformed PNG detected tIME overflow attempt (web-client.rules) 6699 - WEB-CLIENT Malformed PNG detected iTXt overflow attempt (web-client.rules) 6700 - WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules) 6701 - WEB-CLIENT Malformed PNG detected zTXt overflow attempt (web-client.rules) Updated rules: 3628 - POLICY Data Rescue IDA Pro startup license check attempt (policy.rules) 5913 - SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules)
