Sourcefire VRT Update
Date: 2007-04-03
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 10396 <-> WEB-IIS Internet Data Query query.idq directory traversal attempt (web-iis.rules) 10397 <-> WEB-IIS Internet Data Query exair query.idq directory traversal attempt (web-iis.rules) 10398 <-> WEB-IIS Internet Data Query exair search.idq directory traversal attempt (web-iis.rules) 10399 <-> WEB-IIS Internet Data Query iissamples fastq.idq directory traversal attempt (web-iis.rules) 10400 <-> WEB-IIS Internet Data Query iissamples query.idq directory traversal attempt (web-iis.rules) 10401 <-> WEB-IIS Internet Data Query prxdocs prxrch.idq directory traversal attempt (web-iis.rules) 10402 <-> SPECIFIC-THREATS Trojan.Duntek Data Report POST (specific-threats.rules) 10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules) 10404 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid access (web-client.rules) 10405 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid unicode access (web-client.rules) 10406 <-> WEB-CLIENT SignKorea SKCommAX ActiveX function call access (web-client.rules) 10407 <-> EXPLOIT Helix Server LoadTestPassword buffer overflow attempt (exploit.rules) 10408 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules) 10409 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10410 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules) 10411 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules) 10412 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid access (web-client.rules) 10413 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid unicode access (web-client.rules) 10414 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access (web-client.rules) 10415 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid access (web-client.rules) 10416 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid unicode access (web-client.rules) 10417 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX function call access (web-client.rules) 10418 <-> EXPLOIT lpd Solaris unlink file attempt (exploit.rules) Updated rules: 2392 <-> FTP RETR overflow attempt (ftp.rules) 3074 <-> IMAP subscribe overflow attempt (imap.rules) 3079 <-> WEB-CLIENT Microsoft ANI file parsing overflow (web-client.rules) 4143 <-> EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules) 4144 <-> EXPLOIT lpd Solaris control file upload attempt (exploit.rules) 7978 <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID access (web-client.rules) 7979 <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID unicode access (web-client.rules) 9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules) 9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules) 9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules) 9801 <-> WEB-CLIENT Windows Media Player or Explorer Malformed RIFF File denial of service attempt (web-client.rules) 9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules) 9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules) 10217 <-> NETBIOS SMB svcctl alter context attempt (netbios.rules) 10218 <-> NETBIOS SMB svcctl unicode alter context attempt (netbios.rules) 10219 <-> NETBIOS SMB svcctl WriteAndX alter context attempt (netbios.rules) 10220 <-> NETBIOS SMB svcctl WriteAndX unicode alter context attempt (netbios.rules) 10221 <-> NETBIOS SMB-DS svcctl alter context attempt (netbios.rules) 10222 <-> NETBIOS SMB-DS svcctl WriteAndX alter context attempt (netbios.rules) 10223 <-> NETBIOS SMB-DS svcctl unicode alter context attempt (netbios.rules) 10224 <-> NETBIOS SMB-DS svcctl WriteAndX unicode alter context attempt (netbios.rules) 10225 <-> NETBIOS SMB svcctl little endian alter context attempt (netbios.rules) 10226 <-> NETBIOS SMB svcctl WriteAndX little endian alter context attempt (netbios.rules) 10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (netbios.rules) 10228 <-> NETBIOS SMB svcctl WriteAndX unicode little endian alter context attempt (netbios.rules) 10229 <-> NETBIOS SMB-DS svcctl little endian alter context attempt (netbios.rules) 10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (netbios.rules) 10231 <-> NETBIOS SMB-DS svcctl unicode little endian alter context attempt (netbios.rules) 10232 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian alter context attempt (netbios.rules) 10233 <-> NETBIOS SMB svcctl bind attempt (netbios.rules) 10234 <-> NETBIOS SMB svcctl unicode bind attempt (netbios.rules) 10235 <-> NETBIOS SMB svcctl WriteAndX bind attempt (netbios.rules) 10236 <-> NETBIOS SMB svcctl WriteAndX unicode bind attempt (netbios.rules) 10237 <-> NETBIOS SMB-DS svcctl bind attempt (netbios.rules) 10238 <-> NETBIOS SMB-DS svcctl WriteAndX bind attempt (netbios.rules) 10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (netbios.rules) 10240 <-> NETBIOS SMB-DS svcctl WriteAndX unicode bind attempt (netbios.rules) 10241 <-> NETBIOS SMB svcctl little endian bind attempt (netbios.rules) 10242 <-> NETBIOS SMB svcctl WriteAndX little endian bind attempt (netbios.rules) 10243 <-> NETBIOS SMB svcctl unicode little endian bind attempt (netbios.rules) 10244 <-> NETBIOS SMB svcctl WriteAndX unicode little endian bind attempt (netbios.rules) 10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (netbios.rules) 10246 <-> NETBIOS SMB-DS svcctl WriteAndX little endian bind attempt (netbios.rules) 10247 <-> NETBIOS SMB-DS svcctl unicode little endian bind attempt (netbios.rules) 10248 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian bind attempt (netbios.rules) 10249 <-> NETBIOS SMB svcctl andx alter context attempt (netbios.rules) 10250 <-> NETBIOS SMB svcctl unicode andx alter context attempt (netbios.rules) 10251 <-> NETBIOS SMB svcctl WriteAndX andx alter context attempt (netbios.rules) 10252 <-> NETBIOS SMB svcctl WriteAndX unicode andx alter context attempt (netbios.rules) 10253 <-> NETBIOS SMB-DS svcctl andx alter context attempt (netbios.rules) 10254 <-> NETBIOS SMB-DS svcctl WriteAndX andx alter context attempt (netbios.rules) 10255 <-> NETBIOS SMB-DS svcctl unicode andx alter context attempt (netbios.rules) 10256 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx alter context attempt (netbios.rules) 10257 <-> NETBIOS SMB svcctl little endian andx alter context attempt (netbios.rules) 10258 <-> NETBIOS SMB svcctl WriteAndX little endian andx alter context attempt (netbios.rules) 10259 <-> NETBIOS SMB svcctl unicode little endian andx alter context attempt (netbios.rules) 10260 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx alter context attempt (netbios.rules) 10261 <-> NETBIOS SMB-DS svcctl little endian andx alter context attempt (netbios.rules) 10262 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx alter context attempt (netbios.rules) 10263 <-> NETBIOS SMB-DS svcctl unicode little endian andx alter context attempt (netbios.rules) 10264 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx alter context attempt (netbios.rules) 10265 <-> NETBIOS SMB svcctl andx bind attempt (netbios.rules) 10266 <-> NETBIOS SMB svcctl unicode andx bind attempt (netbios.rules) 10267 <-> NETBIOS SMB svcctl WriteAndX andx bind attempt (netbios.rules) 10268 <-> NETBIOS SMB svcctl WriteAndX unicode andx bind attempt (netbios.rules) 10269 <-> NETBIOS SMB-DS svcctl andx bind attempt (netbios.rules) 10270 <-> NETBIOS SMB-DS svcctl WriteAndX andx bind attempt (netbios.rules) 10271 <-> NETBIOS SMB-DS svcctl unicode andx bind attempt (netbios.rules) 10272 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx bind attempt (netbios.rules) 10273 <-> NETBIOS SMB svcctl little endian andx bind attempt (netbios.rules) 10274 <-> NETBIOS SMB svcctl WriteAndX little endian andx bind attempt (netbios.rules) 10275 <-> NETBIOS SMB svcctl unicode little endian andx bind attempt (netbios.rules) 10276 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx bind attempt (netbios.rules) 10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (netbios.rules) 10278 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx bind attempt (netbios.rules) 10279 <-> NETBIOS SMB-DS svcctl unicode little endian andx bind attempt (netbios.rules) 10280 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx bind attempt (netbios.rules) 10281 <-> NETBIOS DCERPC DIRECT svcctl little endian alter context attempt (netbios.rules) 10282 <-> NETBIOS DCERPC DIRECT svcctl alter context attempt (netbios.rules) 10283 <-> NETBIOS DCERPC DIRECT svcctl little endian bind attempt (netbios.rules) 10284 <-> NETBIOS DCERPC DIRECT svcctl bind attempt (netbios.rules) 10285 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules) 10286 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules) 10287 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules) 10288 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10289 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (netbios.rules) 10290 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules) 10291 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules) 10292 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules) 10293 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules) 10294 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules) 10295 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules) 10296 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A attempt (netbios.rules) 10297 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules) 10298 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules) 10299 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules) 10300 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10301 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules) 10302 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules) 10303 <-> NETBIOS SMB svcctl ChangeServiceConfig2A attempt (netbios.rules) 10304 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules) 10305 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules) 10306 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10307 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode attempt (netbios.rules) 10308 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules) 10309 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode attempt (netbios.rules) 10310 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A attempt (netbios.rules) 10311 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules) 10312 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules) 10313 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10314 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules) 10315 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules) 10316 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules) 10317 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules) 10318 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX object call attempt (netbios.rules) 10319 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (netbios.rules) 10320 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (netbios.rules) 10321 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (netbios.rules) 10322 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules) 10323 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode object call attempt (netbios.rules) 10324 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (netbios.rules) 10325 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode object call attempt (netbios.rules) 10326 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A object call attempt (netbios.rules) 10327 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX object call attempt (netbios.rules) 10328 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (netbios.rules) 10329 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules) 10330 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (netbios.rules) 10331 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules) 10332 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (netbios.rules) 10333 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10334 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules) 10335 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules) 10336 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules) 10337 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A andx attempt (netbios.rules) 10338 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10339 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules) 10340 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules) 10341 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules) 10342 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules) 10343 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10344 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A andx attempt (netbios.rules) 10345 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules) 10346 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules) 10347 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules) 10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules) 10349 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules) 10350 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules) 10351 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx attempt (netbios.rules) 10352 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules) 10353 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules) 10354 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules) 10355 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules) 10356 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules) 10357 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules) 10358 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx attempt (netbios.rules) 10359 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules) 10360 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules) 10361 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules) 10362 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules) 10363 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules) 10364 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules) 10365 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (netbios.rules) 10366 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (netbios.rules) 10367 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (netbios.rules) 10368 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx object call attempt (netbios.rules) 10369 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (netbios.rules) 10370 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx object call attempt (netbios.rules) 10371 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx object call attempt (netbios.rules) 10372 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (netbios.rules) 10373 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx object call attempt (netbios.rules) 10374 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx object call attempt (netbios.rules) 10375 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (netbios.rules) 10376 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (netbios.rules) 10377 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx object call attempt (netbios.rules) 10378 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (netbios.rules) 10379 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (netbios.rules) 10380 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (netbios.rules) 10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (netbios.rules) 10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (netbios.rules) 10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (netbios.rules) 10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules)
