Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-other, file-executable, file-identify, file-image, file-office, file-other, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules)
* 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (snort3-file-other.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (snort3-server-webapp.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (snort3-file-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (snort3-file-office.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (snort3-file-office.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (snort3-policy-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (snort3-browser-other.rules)
* 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (snort3-protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (snort3-protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (snort3-protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (snort3-app-detect.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (snort3-protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (snort3-protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (snort3-protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (snort3-protocol-voip.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (snort3-protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (snort3-protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (snort3-protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (snort3-server-webapp.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (snort3-protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (snort3-protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (snort3-protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (snort3-protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (snort3-protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (snort3-protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (snort3-protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (snort3-protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (snort3-protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (snort3-protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (snort3-protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (snort3-protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (snort3-protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (snort3-protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (snort3-protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (snort3-protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (snort3-protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (snort3-protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (snort3-protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (snort3-protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (snort3-protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (snort3-protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (snort3-protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (snort3-protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (snort3-protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (snort3-protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (snort3-protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules)
* 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51757 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
