Sourcefire VRT Update
Date: 2007-03-22
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 10217 <-> NETBIOS SMB svcctl alter context attempt (rpc.rules) 10218 <-> NETBIOS SMB svcctl unicode alter context attempt (rpc.rules) 10219 <-> NETBIOS SMB svcctl WriteAndX alter context attempt (rpc.rules) 10220 <-> NETBIOS SMB svcctl WriteAndX unicode alter context attempt (rpc.rules) 10221 <-> NETBIOS SMB-DS svcctl alter context attempt (rpc.rules) 10222 <-> NETBIOS SMB-DS svcctl WriteAndX alter context attempt (rpc.rules) 10223 <-> NETBIOS SMB-DS svcctl unicode alter context attempt (rpc.rules) 10224 <-> NETBIOS SMB-DS svcctl WriteAndX unicode alter context attempt (rpc.rules) 10225 <-> NETBIOS SMB svcctl little endian alter context attempt (rpc.rules) 10226 <-> NETBIOS SMB svcctl WriteAndX little endian alter context attempt (rpc.rules) 10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (rpc.rules) 10228 <-> NETBIOS SMB svcctl WriteAndX unicode little endian alter context attempt (rpc.rules) 10229 <-> NETBIOS SMB-DS svcctl little endian alter context attempt (rpc.rules) 10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (rpc.rules) 10231 <-> NETBIOS SMB-DS svcctl unicode little endian alter context attempt (rpc.rules) 10232 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian alter context attempt (rpc.rules) 10233 <-> NETBIOS SMB svcctl bind attempt (rpc.rules) 10234 <-> NETBIOS SMB svcctl unicode bind attempt (rpc.rules) 10235 <-> NETBIOS SMB svcctl WriteAndX bind attempt (rpc.rules) 10236 <-> NETBIOS SMB svcctl WriteAndX unicode bind attempt (rpc.rules) 10237 <-> NETBIOS SMB-DS svcctl bind attempt (rpc.rules) 10238 <-> NETBIOS SMB-DS svcctl WriteAndX bind attempt (rpc.rules) 10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (rpc.rules) 10240 <-> NETBIOS SMB-DS svcctl WriteAndX unicode bind attempt (rpc.rules) 10241 <-> NETBIOS SMB svcctl little endian bind attempt (rpc.rules) 10242 <-> NETBIOS SMB svcctl WriteAndX little endian bind attempt (rpc.rules) 10243 <-> NETBIOS SMB svcctl unicode little endian bind attempt (rpc.rules) 10244 <-> NETBIOS SMB svcctl WriteAndX unicode little endian bind attempt (rpc.rules) 10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (rpc.rules) 10246 <-> NETBIOS SMB-DS svcctl WriteAndX little endian bind attempt (rpc.rules) 10247 <-> NETBIOS SMB-DS svcctl unicode little endian bind attempt (rpc.rules) 10248 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian bind attempt (rpc.rules) 10249 <-> NETBIOS SMB svcctl andx alter context attempt (rpc.rules) 10250 <-> NETBIOS SMB svcctl unicode andx alter context attempt (rpc.rules) 10251 <-> NETBIOS SMB svcctl WriteAndX andx alter context attempt (rpc.rules) 10252 <-> NETBIOS SMB svcctl WriteAndX unicode andx alter context attempt (rpc.rules) 10253 <-> NETBIOS SMB-DS svcctl andx alter context attempt (rpc.rules) 10254 <-> NETBIOS SMB-DS svcctl WriteAndX andx alter context attempt (rpc.rules) 10255 <-> NETBIOS SMB-DS svcctl unicode andx alter context attempt (rpc.rules) 10256 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx alter context attempt (rpc.rules) 10257 <-> NETBIOS SMB svcctl little endian andx alter context attempt (rpc.rules) 10258 <-> NETBIOS SMB svcctl WriteAndX little endian andx alter context attempt (rpc.rules) 10259 <-> NETBIOS SMB svcctl unicode little endian andx alter context attempt (rpc.rules) 10260 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx alter context attempt (rpc.rules) 10261 <-> NETBIOS SMB-DS svcctl little endian andx alter context attempt (rpc.rules) 10262 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx alter context attempt (rpc.rules) 10263 <-> NETBIOS SMB-DS svcctl unicode little endian andx alter context attempt (rpc.rules) 10264 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx alter context attempt (rpc.rules) 10265 <-> NETBIOS SMB svcctl andx bind attempt (rpc.rules) 10266 <-> NETBIOS SMB svcctl unicode andx bind attempt (rpc.rules) 10267 <-> NETBIOS SMB svcctl WriteAndX andx bind attempt (rpc.rules) 10268 <-> NETBIOS SMB svcctl WriteAndX unicode andx bind attempt (rpc.rules) 10269 <-> NETBIOS SMB-DS svcctl andx bind attempt (rpc.rules) 10270 <-> NETBIOS SMB-DS svcctl WriteAndX andx bind attempt (rpc.rules) 10271 <-> NETBIOS SMB-DS svcctl unicode andx bind attempt (rpc.rules) 10272 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx bind attempt (rpc.rules) 10273 <-> NETBIOS SMB svcctl little endian andx bind attempt (rpc.rules) 10274 <-> NETBIOS SMB svcctl WriteAndX little endian andx bind attempt (rpc.rules) 10275 <-> NETBIOS SMB svcctl unicode little endian andx bind attempt (rpc.rules) 10276 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx bind attempt (rpc.rules) 10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (rpc.rules) 10278 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx bind attempt (rpc.rules) 10279 <-> NETBIOS SMB-DS svcctl unicode little endian andx bind attempt (rpc.rules) 10280 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx bind attempt (rpc.rules) 10281 <-> NETBIOS DCERPC DIRECT svcctl little endian alter context attempt (rpc.rules) 10282 <-> NETBIOS DCERPC DIRECT svcctl alter context attempt (rpc.rules) 10283 <-> NETBIOS DCERPC DIRECT svcctl little endian bind attempt (rpc.rules) 10284 <-> NETBIOS DCERPC DIRECT svcctl bind attempt (rpc.rules) 10285 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode attempt (rpc.rules) 10286 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules) 10287 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules) 10288 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10289 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules) 10290 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules) 10291 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10292 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules) 10293 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules) 10294 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A attempt (rpc.rules) 10295 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules) 10296 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10297 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10298 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules) 10299 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules) 10300 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules) 10301 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules) 10302 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules) 10303 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules) 10304 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (rpc.rules) 10305 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules) 10306 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (rpc.rules) 10307 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules) 10308 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules) 10309 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A attempt (rpc.rules) 10310 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode attempt (rpc.rules) 10311 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules) 10312 <-> NETBIOS SMB svcctl ChangeServiceConfig2A attempt (rpc.rules) 10313 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules) 10314 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (rpc.rules) 10315 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX object call attempt (rpc.rules) 10316 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules) 10317 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules) 10318 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (rpc.rules) 10319 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian object call attempt (rpc.rules) 10320 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (rpc.rules) 10321 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (rpc.rules) 10322 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A object call attempt (rpc.rules) 10323 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode object call attempt (rpc.rules) 10324 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (rpc.rules) 10325 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (rpc.rules) 10326 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX object call attempt (rpc.rules) 10327 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode object call attempt (rpc.rules) 10328 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (rpc.rules) 10329 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (rpc.rules) 10330 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode attempt (rpc.rules) 10331 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules) 10332 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules) 10333 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules) 10334 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules) 10335 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules) 10336 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules) 10337 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules) 10338 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules) 10339 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules) 10340 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules) 10341 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules) 10342 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A andx attempt (rpc.rules) 10343 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules) 10344 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules) 10345 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules) 10346 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules) 10347 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules) 10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules) 10349 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules) 10350 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules) 10351 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules) 10352 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A andx attempt (rpc.rules) 10353 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules) 10354 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules) 10355 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules) 10356 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules) 10357 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx attempt (rpc.rules) 10358 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules) 10359 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules) 10360 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx attempt (rpc.rules) 10361 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules) 10362 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (rpc.rules) 10363 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (rpc.rules) 10364 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx object call attempt (rpc.rules) 10365 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx object call attempt (rpc.rules) 10366 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (rpc.rules) 10367 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (rpc.rules) 10368 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (rpc.rules) 10369 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (rpc.rules) 10370 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx object call attempt (rpc.rules) 10371 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx object call attempt (rpc.rules) 10372 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (rpc.rules) 10373 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx object call attempt (rpc.rules) 10374 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (rpc.rules) 10375 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx object call attempt (rpc.rules) 10376 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (rpc.rules) 10377 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (rpc.rules) 10378 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules) 10379 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules) 10380 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules) 10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (rpc.rules) 10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (rpc.rules) 10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (rpc.rules) 10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (rpc.rules) 10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules) 10387 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid access (web-client.rules) 10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules) 10389 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX function call access (web-client.rules) 10390 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid access (web-client.rules) 10391 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid unicode access (web-client.rules) 10392 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX function call access (web-client.rules) 10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules) 10394 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid unicode access (web-client.rules) 10395 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX function call access (web-client.rules) Updated rules: 1941 <-> TFTP GET filename overflow attempt (tftp.rules) 2337 <-> TFTP PUT filename overflow attempt (tftp.rules) 10173 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid access (web-client.rules) 10174 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid unicode access (web-client.rules) 10175 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX function call access (web-client.rules) 10195 <-> WEB-MISC Possible Content-Length buffer overflow attempt (web-misc.rules) 10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules) 10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules) 10208 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) 10209 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) 10210 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection little endian attempt (netbios.rules) 10211 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect COMN_NetTestConnection little endian attempt (netbios.rules) 10212 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection object call attempt (netbios.rules) 10213 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection little endian object call attempt (netbios.rules)
