Talos has added and modified multiple rules in the browser-ie, file-flash, file-image, file-multimedia, file-pdf, indicator-compromise, malware-other, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules)
* 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules)
* 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules)
* 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules)
* 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules)
* 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (snort3-indicator-compromise.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (snort3-protocol-voip.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (snort3-server-webapp.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (snort3-server-webapp.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (snort3-server-other.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (snort3-protocol-voip.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (snort3-server-other.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (snort3-protocol-voip.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (snort3-server-webapp.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (snort3-server-webapp.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (snort3-protocol-voip.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (snort3-browser-ie.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (snort3-server-other.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (snort3-protocol-voip.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (snort3-browser-ie.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (snort3-protocol-voip.rules)
* 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (snort3-protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (snort3-protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules)
* 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules)
* 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
