Sourcefire VRT Update

Date: 2006-10-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
8461 <-> Disabled <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - send userinfo (spyware-put.rules)
8462 <-> Disabled <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace info downloaded (spyware-put.rules)
8463 <-> Disabled <-> SPYWARE-PUT Trackware duduaccelerator runtime detection - trace login info (spyware-put.rules)
8464 <-> Disabled <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules)
8465 <-> Disabled <-> SPYWARE-PUT Keylogger netobserve runtime detection - email notification (spyware-put.rules)
8466 <-> Disabled <-> SPYWARE-PUT Keylogger netobserve runtime detection - email notification (spyware-put.rules)
8467 <-> Disabled <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules)
8468 <-> Disabled <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules)
8469 <-> Disabled <-> SPYWARE-PUT Hijacker accoona runtime detection - open sidebar search url (spyware-put.rules)
8470 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules)
8471 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules)
8472 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules)
8473 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules)
8474 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules)
8475 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules)
8476 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules)
8477 <-> Disabled <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules)
8478 <-> Disabled <-> WEB-CLIENT Microsoft Publisher file download attempt (web-client.rules)
8479 <-> Enabled  <-> FTP HELP overflow attempt (ftp.rules)
8480 <-> Enabled  <-> FTP PORT overflow attempt (ftp.rules)
8481 <-> Enabled  <-> FTP Microsoft NLST * dos attempt (ftp.rules)
8482 <-> Disabled <-> POLICY Xfire session initiated (policy.rules)
8483 <-> Disabled <-> POLICY Xfire login attempted (policy.rules)
8484 <-> Disabled <-> POLICY Xfire login successful (policy.rules)
8485 <-> Enabled  <-> WEB-COLDFUSION CFNEWINTERNALADMINSECURITY access (web-coldfusion.rules)
8486 <-> Enabled  <-> WEB-COLDFUSION CFNEWINTERNALREGISTRY access (web-coldfusion.rules)
8487 <-> Enabled  <-> WEB-COLDFUSION CFADMIN_REGISTRY_SET access (web-coldfusion.rules)
8488 <-> Enabled  <-> WEB-COLDFUSION CFADMIN_REGISTRY_GET access (web-coldfusion.rules)
8489 <-> Enabled  <-> WEB-COLDFUSION CFADMIN_REGISTRY_DELETE access (web-coldfusion.rules)
8490 <-> Enabled  <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules)
8491 <-> Enabled  <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules)
8492 <-> Enabled  <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules)
8493 <-> Enabled  <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules)
8494 <-> Enabled  <-> MS-SQL/SMB formatmessage possible buffer overflow (sql.rules)
8495 <-> Enabled  <-> MS-SQL formatmessage possible buffer overflow (sql.rules)

Updated rules:
 221 <-> Enabled  <-> DDOS TFN Probe (ddos.rules)
 222 <-> Enabled  <-> DDOS tfn2k icmp possible communication (ddos.rules)
 223 <-> Enabled  <-> DDOS Trin00 Daemon to Master PONG message detected (ddos.rules)
 224 <-> Enabled  <-> DDOS Stacheldraht server spoof (ddos.rules)
 225 <-> Enabled  <-> DDOS Stacheldraht gag server response (ddos.rules)
 226 <-> Enabled  <-> DDOS Stacheldraht server response (ddos.rules)
 227 <-> Enabled  <-> DDOS Stacheldraht client spoofworks (ddos.rules)
 228 <-> Enabled  <-> DDOS TFN client command BE (ddos.rules)
 229 <-> Enabled  <-> DDOS Stacheldraht client check skillz (ddos.rules)
 231 <-> Enabled  <-> DDOS Trin00 Daemon to Master message detected (ddos.rules)
 232 <-> Enabled  <-> DDOS Trin00 Daemon to Master *HELLO* message detected (ddos.rules)
 233 <-> Enabled  <-> DDOS Trin00 Attacker to Master default startup password (ddos.rules)
 234 <-> Enabled  <-> DDOS Trin00 Attacker to Master default password (ddos.rules)
 235 <-> Enabled  <-> DDOS Trin00 Attacker to Master default mdie password (ddos.rules)
 236 <-> Enabled  <-> DDOS Stacheldraht client check gag (ddos.rules)
 237 <-> Enabled  <-> DDOS Trin00 Master to Daemon default password attempt (ddos.rules)
 238 <-> Enabled  <-> DDOS TFN server response (ddos.rules)
 239 <-> Enabled  <-> DDOS shaft handler to agent (ddos.rules)
 240 <-> Enabled  <-> DDOS shaft agent to handler (ddos.rules)
 243 <-> Enabled  <-> DDOS mstream agent to handler (ddos.rules)
 246 <-> Enabled  <-> DDOS mstream agent pong to handler (ddos.rules)
 250 <-> Disabled <-> DDOS mstream handler to client (ddos.rules)
 251 <-> Enabled  <-> DDOS - TFN client command LE (ddos.rules)
 255 <-> Disabled <-> DNS zone transfer TCP (dns.rules)
 277 <-> Disabled <-> DOS Real Server template.html (dos.rules)
 278 <-> Disabled <-> DOS Real Server template.html (dos.rules)
 333 <-> Disabled <-> FINGER . query (finger.rules)
 361 <-> Disabled <-> FTP SITE EXEC attempt (ftp.rules)
 489 <-> Disabled <-> INFO FTP no password (info.rules)
 492 <-> Disabled <-> INFO TELNET login failed (info.rules)
 508 <-> Disabled <-> MISC gopher proxy (misc.rules)
 514 <-> Disabled <-> MISC ramen worm (misc.rules)
 530 <-> Disabled <-> NETBIOS NT NULL session (netbios.rules)
 553 <-> Disabled <-> POLICY FTP anonymous login attempt (policy.rules)
1378 <-> Disabled <-> FTP wu-ftp bad file completion attempt { (ftp.rules)
1379 <-> Enabled  <-> FTP STAT overflow attempt (ftp.rules)
1382 <-> Disabled <-> EXPLOIT CHAT IRC Ettercap parse overflow attempt (exploit.rules)
1383 <-> Disabled <-> P2P Fastrack kazaa/morpheus GET request (p2p.rules)
1560 <-> Disabled <-> WEB-MISC /doc/ access (web-misc.rules)
1621 <-> Enabled  <-> FTP CMD overflow attempt (ftp.rules)
1624 <-> Enabled  <-> FTP PWD overflow attempt (ftp.rules)
1659 <-> Enabled  <-> WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules)
1699 <-> Disabled <-> P2P Fastrack kazaa/morpheus traffic (p2p.rules)
1748 <-> Disabled <-> DELETED FTP command overflow attempt (deleted.rules)
1854 <-> Enabled  <-> DDOS Stacheldraht handler->agent niggahbitch (ddos.rules)
1855 <-> Enabled  <-> DDOS Stacheldraht agent->handler skillz (ddos.rules)
1856 <-> Enabled  <-> DDOS Stacheldraht handler->agent ficken (ddos.rules)
1864 <-> Disabled <-> FTP SITE NEWER attempt (ftp.rules)
1867 <-> Disabled <-> MISC xdmcp info query (misc.rules)
1882 <-> Disabled <-> ATTACK-RESPONSES id check returned userid (attack-responses.rules)
1919 <-> Enabled  <-> FTP CWD overflow attempt (ftp.rules)
1948 <-> Disabled <-> DNS zone transfer UDP (dns.rules)
1973 <-> Enabled  <-> FTP MKD overflow attempt (ftp.rules)
1981 <-> Disabled <-> BACKDOOR DeepThroat 3.1 Connection attempt [3150] (backdoor.rules)
2012 <-> Disabled <-> MISC CVS missing cvsroot response (misc.rules)
2101 <-> Disabled <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
2180 <-> Disabled <-> P2P BitTorrent announce request (p2p.rules)
2338 <-> Enabled  <-> FTP LIST buffer overflow attempt (ftp.rules)
2340 <-> Enabled  <-> FTP SITE CHMOD overflow attempt (ftp.rules)
2343 <-> Enabled  <-> FTP STOR overflow attempt (ftp.rules)
2373 <-> Enabled  <-> FTP XMKD overflow attempt (ftp.rules)
2374 <-> Enabled  <-> FTP NLST overflow attempt (ftp.rules)
2389 <-> Enabled  <-> FTP RNTO overflow attempt (ftp.rules)
2390 <-> Enabled  <-> FTP STOU overflow attempt (ftp.rules)
2391 <-> Enabled  <-> FTP APPE overflow attempt (ftp.rules)
2392 <-> Enabled  <-> FTP RETR overflow attempt (ftp.rules)
2449 <-> Enabled  <-> FTP ALLO overflow attempt (ftp.rules)
2547 <-> Disabled <-> MISC HP Web JetAdmin remote file upload attempt (misc.rules)
2548 <-> Disabled <-> MISC HP Web JetAdmin setinfo access (misc.rules)
3077 <-> Enabled  <-> FTP RNFR overflow attempt (ftp.rules)
3080 <-> Disabled <-> MISC Unreal Tournament secure overflow attempt (misc.rules)
3195 <-> Disabled <-> NETBIOS name query overflow attempt TCP (netbios.rules)
3196 <-> Disabled <-> NETBIOS name query overflow attempt UDP (netbios.rules)
3234 <-> Disabled <-> NETBIOS Messenger message little endian overflow attempt (netbios.rules)
3235 <-> Disabled <-> NETBIOS Messenger message overflow attempt (netbios.rules)
4413 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4414 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4415 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4416 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4417 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4418 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4419 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4420 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4421 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4422 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4423 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4424 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4425 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4426 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4427 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4428 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4429 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4430 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4431 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4432 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4433 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4434 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx overflow attempt (netbios.rules)
4435 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4436 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4437 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4438 <-> Enabled  <-> NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4439 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx overflow attempt (netbios.rules)
4440 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4441 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4442 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4443 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4444 <-> Enabled  <-> NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4477 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4478 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4479 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4480 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4481 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4482 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4483 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4484 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4485 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4486 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4487 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4488 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4489 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4490 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4491 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4492 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4493 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4494 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4495 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4496 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4497 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4498 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx overflow attempt (netbios.rules)
4499 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4500 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4501 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4502 <-> Enabled  <-> NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4503 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx overflow attempt (netbios.rules)
4504 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4505 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4506 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4507 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4508 <-> Enabled  <-> NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4541 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX andx overflow attempt (netbios.rules)
4542 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX little endian andx overflow attempt (netbios.rules)
4543 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules)
4544 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX overflow attempt (netbios.rules)
4545 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX unicode andx overflow attempt (netbios.rules)
4546 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4547 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules)
4548 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 WriteAndX unicode overflow attempt (netbios.rules)
4549 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 andx overflow attempt (netbios.rules)
4550 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 little endian andx overflow attempt (netbios.rules)
4551 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 little endian overflow attempt (netbios.rules)
4552 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 overflow attempt (netbios.rules)
4553 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 unicode andx overflow attempt (netbios.rules)
4554 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 unicode little endian andx overflow attempt (netbios.rules)
4555 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 unicode little endian overflow attempt (netbios.rules)
4556 <-> Enabled  <-> NETBIOS SMB netware_cs function 43 unicode overflow attempt (netbios.rules)
4557 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX andx overflow attempt (netbios.rules)
4558 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX little endian andx overflow attempt (netbios.rules)
4559 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules)
4560 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX overflow attempt (netbios.rules)
4561 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode andx overflow attempt (netbios.rules)
4562 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4563 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules)
4564 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 WriteAndX unicode overflow attempt (netbios.rules)
4565 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 andx overflow attempt (netbios.rules)
4566 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 little endian andx overflow attempt (netbios.rules)
4567 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 little endian overflow attempt (netbios.rules)
4568 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 overflow attempt (netbios.rules)
4569 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 unicode andx overflow attempt (netbios.rules)
4570 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 unicode little endian andx overflow attempt (netbios.rules)
4571 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 unicode little endian overflow attempt (netbios.rules)
4572 <-> Enabled  <-> NETBIOS SMB v4 netware_cs function 43 unicode overflow attempt (netbios.rules)
4605 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX andx overflow attempt (netbios.rules)
4606 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX little endian andx overflow attempt (netbios.rules)
4607 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules)
4608 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX overflow attempt (netbios.rules)
4609 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX unicode andx overflow attempt (netbios.rules)
4610 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4611 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules)
4612 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 WriteAndX unicode overflow attempt (netbios.rules)
4613 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 andx overflow attempt (netbios.rules)
4614 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 little endian andx overflow attempt (netbios.rules)
4615 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 little endian overflow attempt (netbios.rules)
4616 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 overflow attempt (netbios.rules)
4617 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 unicode andx overflow attempt (netbios.rules)
4618 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 unicode little endian andx overflow attempt (netbios.rules)
4619 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 unicode little endian overflow attempt (netbios.rules)
4620 <-> Enabled  <-> NETBIOS SMB-DS netware_cs function 43 unicode overflow attempt (netbios.rules)
4621 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX andx overflow attempt (netbios.rules)
4622 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX little endian andx overflow attempt (netbios.rules)
4623 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX little endian overflow attempt (netbios.rules)
4624 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX overflow attempt (netbios.rules)
4625 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX unicode andx overflow attempt (netbios.rules)
4626 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4627 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX unicode little endian overflow attempt (netbios.rules)
4628 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 WriteAndX unicode overflow attempt (netbios.rules)
4629 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 andx overflow attempt (netbios.rules)
4630 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 little endian andx overflow attempt (netbios.rules)
4631 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 little endian overflow attempt (netbios.rules)
4632 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 overflow attempt (netbios.rules)
4633 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode andx overflow attempt (netbios.rules)
4634 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode little endian andx overflow attempt (netbios.rules)
4635 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode little endian overflow attempt (netbios.rules)
4636 <-> Enabled  <-> NETBIOS SMB-DS v4 netware_cs function 43 unicode overflow attempt (netbios.rules)
5716 <-> Disabled <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
5717 <-> Disabled <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
5718 <-> Disabled <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
5719 <-> Disabled <-> NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules)
5720 <-> Disabled <-> NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
5721 <-> Disabled <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5722 <-> Disabled <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5723 <-> Disabled <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
5724 <-> Disabled <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5725 <-> Disabled <-> NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5726 <-> Disabled <-> NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5727 <-> Disabled <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
5728 <-> Disabled <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
5729 <-> Disabled <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
5730 <-> Disabled <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
5731 <-> Disabled <-> NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules)
5732 <-> Disabled <-> NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules)
5733 <-> Disabled <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
5734 <-> Disabled <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)
5735 <-> Disabled <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
5736 <-> Disabled <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
5737 <-> Disabled <-> NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules)
5738 <-> Disabled <-> NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
7023 <-> Disabled <-> WEB-CLIENT xls file download (web-client.rules)
8447 <-> Disabled <-> DELETED WEB-CLIENT Open document file transfer attempt (deleted.rules)
8448 <-> Disabled <-> WEB-CLIENT Excel colinfo XF record overflow attempt (web-client.rules)