Sourcefire VRT Update
Date: 2007-05-24
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 11290 <-> WEB-CLIENT Excel malformed named graph information ascii overflow (web-client.rules) 11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules) 11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules) 11293 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid access (web-client.rules) 11294 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid unicode access (web-client.rules) 11295 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call access (web-client.rules) 11296 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call unicode access (web-client.rules) 11297 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid access (web-client.rules) 11298 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid unicode access (web-client.rules) 11299 <-> WEB-CLIENT Clever Database Comparer ActiveX function call access (web-client.rules) 11300 <-> WEB-CLIENT Clever Database Comparer ActiveX function call unicode access (web-client.rules) 11301 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid access (web-client.rules) 11302 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid unicode access (web-client.rules) 11303 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call access (web-client.rules) 11304 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call unicode access (web-client.rules) 11305 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - send log through smtp (spyware-put.rules) 11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules) 11307 <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules) 11308 <-> SPYWARE-PUT Other-Technologies spydawn runtime detection - update checking (spyware-put.rules) 11309 <-> SPYWARE-PUT Keylogger sskc v2.0 runtime detection (spyware-put.rules) 11310 <-> SPYWARE-PUT Trickler iowa webdownloader - icq notification (spyware-put.rules) 11311 <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules) 11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules) 11313 <-> SPYWARE-PUT Other-Technologies spywarelocker 3.3 runtime detection - update checking (spyware-put.rules) 11314 <-> BACKDOOR shadownet remote spy 2.0 runtime detection (backdoor.rules) 11315 <-> BACKDOOR ykw v375 runtime detection (backdoor.rules) 11316 <-> BACKDOOR lurker 1.1 runtime detection - init connection (backdoor.rules) 11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules) 11318 <-> BACKDOOR boer runtime detection - init connection (backdoor.rules) 11319 <-> BACKDOOR netwindow runtime detection - init connection request (backdoor.rules) 11320 <-> BACKDOOR netwindow runtime detection - reverse mode init connection request (backdoor.rules) 11321 <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules) 11322 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules) 11323 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules) 11324 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call access (web-client.rules) 11325 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call unicode access (web-client.rules) 11326 <-> NETBIOS SMB lsarpc alter context attempt (netbios.rules) 11327 <-> NETBIOS SMB-DS lsarpc WriteAndX alter context attempt (netbios.rules) 11328 <-> NETBIOS SMB-DS lsarpc unicode alter context attempt (netbios.rules) 11329 <-> NETBIOS SMB lsarpc WriteAndX alter context attempt (netbios.rules) 11330 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode alter context attempt (netbios.rules) 11331 <-> NETBIOS-DG SMB lsarpc alter context attempt (netbios.rules) 11332 <-> NETBIOS-DG SMB lsarpc WriteAndX alter context attempt (netbios.rules) 11333 <-> NETBIOS-DG SMB lsarpc unicode alter context attempt (netbios.rules) 11334 <-> NETBIOS SMB lsarpc unicode alter context attempt (netbios.rules) 11335 <-> NETBIOS SMB lsarpc WriteAndX unicode alter context attempt (netbios.rules) 11336 <-> NETBIOS SMB-DS lsarpc alter context attempt (netbios.rules) 11337 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode alter context attempt (netbios.rules) 11338 <-> NETBIOS SMB lsarpc little endian alter context attempt (netbios.rules) 11339 <-> NETBIOS SMB lsarpc WriteAndX little endian alter context attempt (netbios.rules) 11340 <-> NETBIOS SMB lsarpc unicode little endian alter context attempt (netbios.rules) 11341 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules) 11342 <-> NETBIOS SMB-DS lsarpc little endian alter context attempt (netbios.rules) 11343 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian alter context attempt (netbios.rules) 11344 <-> NETBIOS SMB-DS lsarpc unicode little endian alter context attempt (netbios.rules) 11345 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules) 11346 <-> NETBIOS-DG SMB lsarpc little endian alter context attempt (netbios.rules) 11347 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian alter context attempt (netbios.rules) 11348 <-> NETBIOS-DG SMB lsarpc unicode little endian alter context attempt (netbios.rules) 11349 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules) 11350 <-> NETBIOS SMB lsarpc bind attempt (netbios.rules) 11351 <-> NETBIOS SMB lsarpc WriteAndX bind attempt (netbios.rules) 11352 <-> NETBIOS SMB lsarpc unicode bind attempt (netbios.rules) 11353 <-> NETBIOS SMB lsarpc WriteAndX unicode bind attempt (netbios.rules) 11354 <-> NETBIOS SMB-DS lsarpc bind attempt (netbios.rules) 11355 <-> NETBIOS SMB-DS lsarpc WriteAndX bind attempt (netbios.rules) 11356 <-> NETBIOS SMB-DS lsarpc unicode bind attempt (netbios.rules) 11357 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode bind attempt (netbios.rules) 11358 <-> NETBIOS-DG SMB lsarpc bind attempt (netbios.rules) 11359 <-> NETBIOS-DG SMB lsarpc WriteAndX bind attempt (netbios.rules) 11360 <-> NETBIOS-DG SMB lsarpc unicode bind attempt (netbios.rules) 11361 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode bind attempt (netbios.rules) 11362 <-> NETBIOS SMB lsarpc little endian bind attempt (netbios.rules) 11363 <-> NETBIOS SMB lsarpc WriteAndX little endian bind attempt (netbios.rules) 11364 <-> NETBIOS SMB lsarpc unicode little endian bind attempt (netbios.rules) 11365 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian bind attempt (netbios.rules) 11366 <-> NETBIOS SMB-DS lsarpc little endian bind attempt (netbios.rules) 11367 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian bind attempt (netbios.rules) 11368 <-> NETBIOS SMB-DS lsarpc unicode little endian bind attempt (netbios.rules) 11369 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian bind attempt (netbios.rules) 11370 <-> NETBIOS-DG SMB lsarpc little endian bind attempt (netbios.rules) 11371 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian bind attempt (netbios.rules) 11372 <-> NETBIOS-DG SMB lsarpc unicode little endian bind attempt (netbios.rules) 11373 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian bind attempt (netbios.rules) 11374 <-> NETBIOS SMB lsarpc andx alter context attempt (netbios.rules) 11375 <-> NETBIOS SMB-DS lsarpc WriteAndX andx alter context attempt (netbios.rules) 11376 <-> NETBIOS SMB-DS lsarpc unicode andx alter context attempt (netbios.rules) 11377 <-> NETBIOS SMB lsarpc WriteAndX andx alter context attempt (netbios.rules) 11378 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode andx alter context attempt (netbios.rules) 11379 <-> NETBIOS-DG SMB lsarpc andx alter context attempt (netbios.rules) 11380 <-> NETBIOS-DG SMB lsarpc WriteAndX andx alter context attempt (netbios.rules) 11381 <-> NETBIOS-DG SMB lsarpc unicode andx alter context attempt (netbios.rules) 11382 <-> NETBIOS SMB lsarpc unicode andx alter context attempt (netbios.rules) 11383 <-> NETBIOS SMB lsarpc WriteAndX unicode andx alter context attempt (netbios.rules) 11384 <-> NETBIOS SMB-DS lsarpc andx alter context attempt (netbios.rules) 11385 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode andx alter context attempt (netbios.rules) 11386 <-> NETBIOS SMB lsarpc little endian andx alter context attempt (netbios.rules) 11387 <-> NETBIOS SMB lsarpc WriteAndX little endian andx alter context attempt (netbios.rules) 11388 <-> NETBIOS SMB lsarpc unicode little endian andx alter context attempt (netbios.rules) 11389 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules) 11390 <-> NETBIOS SMB-DS lsarpc little endian andx alter context attempt (netbios.rules) 11391 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian andx alter context attempt (netbios.rules) 11392 <-> NETBIOS SMB-DS lsarpc unicode little endian andx alter context attempt (netbios.rules) 11393 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules) 11394 <-> NETBIOS-DG SMB lsarpc little endian andx alter context attempt (netbios.rules) 11395 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian andx alter context attempt (netbios.rules) 11396 <-> NETBIOS-DG SMB lsarpc unicode little endian andx alter context attempt (netbios.rules) 11397 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules) 11398 <-> NETBIOS SMB lsarpc andx bind attempt (netbios.rules) 11399 <-> NETBIOS SMB lsarpc WriteAndX andx bind attempt (netbios.rules) 11400 <-> NETBIOS SMB lsarpc unicode andx bind attempt (netbios.rules) 11401 <-> NETBIOS SMB lsarpc WriteAndX unicode andx bind attempt (netbios.rules) 11402 <-> NETBIOS SMB-DS lsarpc andx bind attempt (netbios.rules) 11403 <-> NETBIOS SMB-DS lsarpc WriteAndX andx bind attempt (netbios.rules) 11404 <-> NETBIOS SMB-DS lsarpc unicode andx bind attempt (netbios.rules) 11405 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode andx bind attempt (netbios.rules) 11406 <-> NETBIOS-DG SMB lsarpc andx bind attempt (netbios.rules) 11407 <-> NETBIOS-DG SMB lsarpc WriteAndX andx bind attempt (netbios.rules) 11408 <-> NETBIOS-DG SMB lsarpc unicode andx bind attempt (netbios.rules) 11409 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode andx bind attempt (netbios.rules) 11410 <-> NETBIOS SMB lsarpc little endian andx bind attempt (netbios.rules) 11411 <-> NETBIOS SMB lsarpc WriteAndX little endian andx bind attempt (netbios.rules) 11412 <-> NETBIOS SMB lsarpc unicode little endian andx bind attempt (netbios.rules) 11413 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules) 11414 <-> NETBIOS SMB-DS lsarpc little endian andx bind attempt (netbios.rules) 11415 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian andx bind attempt (netbios.rules) 11416 <-> NETBIOS SMB-DS lsarpc unicode little endian andx bind attempt (netbios.rules) 11417 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules) 11418 <-> NETBIOS-DG SMB lsarpc little endian andx bind attempt (netbios.rules) 11419 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian andx bind attempt (netbios.rules) 11420 <-> NETBIOS-DG SMB lsarpc unicode little endian andx bind attempt (netbios.rules) 11421 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules) 11422 <-> NETBIOS DCERPC DIRECT lsarpc little endian alter context attempt (netbios.rules) 11423 <-> NETBIOS DCERPC DIRECT-UDP lsarpc little endian alter context attempt (netbios.rules) 11424 <-> NETBIOS DCERPC DIRECT-UDP lsarpc alter context attempt (netbios.rules) 11425 <-> NETBIOS DCERPC NCACN-HTTP lsarpc alter context attempt (netbios.rules) 11426 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc alter context attempt (netbios.rules) 11427 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc alter context attempt (netbios.rules) 11428 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian alter context attempt (netbios.rules) 11429 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc little endian alter context attempt (netbios.rules) 11430 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc little endian alter context attempt (netbios.rules) 11431 <-> NETBIOS DCERPC DIRECT lsarpc alter context attempt (netbios.rules) 11432 <-> NETBIOS DCERPC DIRECT lsarpc little endian bind attempt (netbios.rules) 11433 <-> NETBIOS DCERPC DIRECT-UDP lsarpc little endian bind attempt (netbios.rules) 11434 <-> NETBIOS DCERPC DIRECT-UDP lsarpc bind attempt (netbios.rules) 11435 <-> NETBIOS DCERPC NCACN-HTTP lsarpc bind attempt (netbios.rules) 11436 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc bind attempt (netbios.rules) 11437 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc bind attempt (netbios.rules) 11438 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian bind attempt (netbios.rules) 11439 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc little endian bind attempt (netbios.rules) 11440 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc little endian bind attempt (netbios.rules) 11441 <-> NETBIOS DCERPC DIRECT lsarpc bind attempt (netbios.rules) 11442 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11443 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11444 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11445 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11446 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11447 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11448 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11449 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11450 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11451 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11452 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11453 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11454 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11455 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11456 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11457 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11458 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11459 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11460 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11461 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11462 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11463 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11464 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11465 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11466 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11467 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11468 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11469 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11470 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11471 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11472 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11473 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11474 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11475 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules) 11476 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules) 11477 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules) 11478 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11479 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11480 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11481 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11482 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11483 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11484 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11485 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11486 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules) 11487 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules) 11488 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules) 11489 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules) 11490 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11491 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules) 11492 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules) 11493 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules) 11494 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules) 11495 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11496 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11497 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules) 11498 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules) 11499 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules) 11500 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules) 11501 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11502 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules) 11503 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules) 11504 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11505 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11506 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules) 11507 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11508 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules) 11509 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11510 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules) 11511 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules) 11512 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11513 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11514 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11515 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11516 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11517 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11518 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11519 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11520 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11521 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11522 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11523 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11524 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11525 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11526 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11527 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11528 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11529 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11530 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11531 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11532 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11533 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11534 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11535 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11536 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11537 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11538 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11539 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11540 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11541 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11542 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11543 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11544 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11545 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11546 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11547 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules) 11548 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules) 11549 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules) 11550 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules) 11551 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11552 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11553 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11554 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11555 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11556 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11557 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11558 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11559 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules) 11560 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules) 11561 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules) 11562 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules) 11563 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules) 11564 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules) 11565 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules) 11566 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules) 11567 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules) 11568 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules) 11569 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules) 11570 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules) 11571 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules) 11572 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules) 11573 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules) 11574 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules) 11575 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules) 11576 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 11577 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 11578 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules) 11579 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules) 11580 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules) 11581 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 11582 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules) 11583 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules) 11584 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules) 11585 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules) 11586 <-> NETBIOS DCERPC DIRECT-UDP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11587 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11588 <-> NETBIOS DCERPC NCADG-IP-UDP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11589 <-> NETBIOS DCERPC NCADG-IP-UDP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11590 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11591 <-> NETBIOS DCERPC DIRECT v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11592 <-> NETBIOS DCERPC NCACN-HTTP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11593 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11594 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11595 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11596 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11597 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11598 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11599 <-> NETBIOS DCERPC DIRECT-UDP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11600 <-> NETBIOS DCERPC NCACN-HTTP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11601 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11602 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules) 11603 <-> NETBIOS DCERPC DIRECT v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11604 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11605 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) 11606 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11607 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11608 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11609 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11610 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11611 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11612 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11613 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11614 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules) 11615 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules) 11616 <-> WEB-ATTACKS Symantec Sygate Policy Manager SQL injection (web-misc.rules) 11617 <-> EXPLOIT Zenworks password authentication buffer overflow (exploit.rules) 11618 <-> EXPLOIT Trend Micro ServerProtect EarthAgent DCE-RPC Stack Overflow (exploit.rules) Updated rules: 1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules) 1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules) 1388 <-> MISC UPnP Location overflow attempt (misc.rules) 4990 <-> MS-SQL Heap-Based Overflow Attempt (sql.rules) 11228 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid access (web-client.rules) 11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules)
