Talos has added and modified multiple rules in the browser-other, malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:15421 <-> DISABLED <-> DELETED CONTENT-REPLACE AIM or ICQ deny login for unencrypted connection (deleted.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules) * 3:26972 <-> ENABLED <-> SERVER-OTHER CUPS IPP multi-valued attribute memory corruption attempt (server-other.rules) * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules) * 3:28487 <-> ENABLED <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (os-windows.rules) * 3:28488 <-> ENABLED <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (os-windows.rules) * 3:29441 <-> ENABLED <-> PROTOCOL-VOIP CISCO Telepresence VCS SIP denial of service attempt (protocol-voip.rules) * 3:29944 <-> ENABLED <-> FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (file-image.rules) * 3:29945 <-> ENABLED <-> FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (file-image.rules) * 3:30282 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt (protocol-voip.rules) * 3:30283 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt (protocol-voip.rules) * 3:30881 <-> ENABLED <-> MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt (malware-other.rules) * 3:30884 <-> ENABLED <-> PROTOCOL-VOIP Cisco MXP Telepresence gssapi-data unauthenticated denial of service attempt (protocol-voip.rules) * 3:30885 <-> ENABLED <-> PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt (protocol-voip.rules) * 3:30886 <-> ENABLED <-> PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt (protocol-voip.rules) * 3:30887 <-> ENABLED <-> SERVER-OTHER Cisco Tshell command injection attempt (server-other.rules) * 3:30888 <-> ENABLED <-> SERVER-OTHER Cisco Tshell command injection attempt (server-other.rules) * 3:30889 <-> ENABLED <-> PROTOCOL-VOIP Content-Type media type overflow denial of service attempt (protocol-voip.rules) * 3:30890 <-> ENABLED <-> PROTOCOL-VOIP Content-Type media type overflow denial of service attempt (protocol-voip.rules) * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30912 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30913 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30921 <-> ENABLED <-> FILE-OTHER Cisco WebEx Player atas32.dll memory overread attempt (file-other.rules) * 3:30922 <-> ENABLED <-> FILE-OTHER Cisco WebEx Player atas32.dll memory overread attempt (file-other.rules) * 3:30929 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN CSRF attempt (server-other.rules) * 3:30931 <-> ENABLED <-> SERVER-OTHER Cisco RV180W remote file inclusion attempt (server-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:30942 <-> ENABLED <-> FILE-OTHER Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (file-other.rules) * 3:30943 <-> ENABLED <-> FILE-OTHER Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (file-other.rules) * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules) * 3:31398 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified IP phone BVSMWeb portal attack attempt (protocol-voip.rules) * 3:31451 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified IP phone BVSMWeb portal attack attempt (protocol-voip.rules) * 3:31615 <-> ENABLED <-> OS-OTHER Cisco IOS EnergyWise malformed packet denial of service attempt (os-other.rules) * 3:31616 <-> ENABLED <-> OS-OTHER Cisco IOS EnergyWise malformed packet denial of service attempt (os-other.rules) * 3:31664 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31665 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31666 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31667 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31668 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Web and E-Mail Interaction Manager cross site scripting attempt (server-webapp.rules) * 3:31738 <-> ENABLED <-> PROTOCOL-DNS domain not found containing random-looking hostname - possible DGA detected (protocol-dns.rules) * 3:31891 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules) * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules) * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules) * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules) * 3:32101 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN login.html memory corruption attempt (server-webapp.rules) * 3:32106 <-> ENABLED <-> SERVER-OTHER Cisco ASA SCPS command injection attempt (server-other.rules) * 3:32107 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN directory traversal attempt (server-webapp.rules) * 3:32108 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN directory traversal attempt (server-webapp.rules) * 3:32110 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32111 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32112 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32113 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:32115 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:32116 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:32207 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32208 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32209 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32210 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32211 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32217 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules) * 3:32398 <-> ENABLED <-> SERVER-OTHER Cisco RV180W Router cross-site request forgery attempt (server-other.rules) * 3:33053 <-> ENABLED <-> OS-WINDOWS Microsoft RADIUS Server invalid access-request username denial of service attempt (os-windows.rules) * 3:33229 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Services Catalog XML external entity injection attempt (server-webapp.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules) * 3:33927 <-> ENABLED <-> SERVER-OTHER Cisco IOS virtual routing and forwarding ICMP redirect denial of service attempt (server-other.rules) * 3:33928 <-> ENABLED <-> SERVER-OTHER Cisco IOS mDNS denial of service attempt (server-other.rules) * 3:33929 <-> ENABLED <-> SERVER-OTHER Cisco IOS mDNS denial of service attempt (server-other.rules) * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules) * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules) * 3:34051 <-> ENABLED <-> PROTOCOL-DNS Cisco ASA memory exhaustion denial of service attempt (protocol-dns.rules) * 3:34180 <-> ENABLED <-> OS-OTHER Cisco Secure Desktop Applet command execution attempt (os-other.rules) * 3:34369 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central command injection attempt (server-webapp.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:34968 <-> ENABLED <-> SERVER-WEBAPP Cisco Sourcefire 3D System integrated BMC arbitrary file upload attempt (server-webapp.rules) * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules) * 3:35721 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules) * 3:35722 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules) * 3:35727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules) * 3:35728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules) * 3:35729 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules) * 3:35730 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules) * 3:35834 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules) * 3:35835 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules) * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules) * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules) * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules) * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules) * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules) * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules) * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules) * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules) * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules) * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules) * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules) * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules) * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules) * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules) * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules) * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:36153 <-> ENABLED <-> SERVER-OTHER IBM Domino LDAP server ModifyRequest stack buffer overflow attempt (server-other.rules) * 3:36208 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules) * 3:36209 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules) * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules) * 3:36218 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36219 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36220 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36221 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36246 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt (protocol-voip.rules) * 3:36557 <-> ENABLED <-> SERVER-OTHER Cisco ASA DHCPv6 relay denial of service attempt (server-other.rules) * 3:36558 <-> ENABLED <-> SERVER-OTHER Cisco ASA DHCPv6 relay solicit denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:36913 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meetings Server command injection attempt (server-webapp.rules) * 3:37358 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine default password authentication attempt (server-webapp.rules) * 3:37414 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS zero length DHCP VPN suboption denial of service attempt (server-other.rules) * 3:37426 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS DHCP option parsing denial of service attempt (server-other.rules) * 3:37439 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Manager getkvmurl.cgi command injection attempt (server-webapp.rules) * 3:37440 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Manager getkvmurl.cgi command injection attempt (server-webapp.rules) * 3:37492 <-> ENABLED <-> SERVER-WEBAPP Cisco RV220 platform.cgi SQL injection attempt (server-webapp.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules) * 3:37853 <-> ENABLED <-> SERVER-WEBAPP Cisco ACE A5 trace.vm command injection attempt (server-webapp.rules) * 3:38087 <-> ENABLED <-> SERVER-WEBAPP Cisco WLAN Controller insecure configuration wizard access attempt (server-webapp.rules) * 3:38137 <-> ENABLED <-> SERVER-OTHER Cisco DPC2203 arbitrary code execution attempt (server-other.rules) * 3:38138 <-> ENABLED <-> SERVER-OTHER Cisco DPQ3925 denial of service attempt (server-other.rules) * 3:38139 <-> ENABLED <-> SERVER-OTHER Cisco DPQ3939 denial of service attempt (server-other.rules) * 3:38244 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download (exploit-kit.rules) * 3:38245 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download (exploit-kit.rules) * 3:38285 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download attempt (exploit-kit.rules) * 3:38302 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCPv6 relay denial of service attempt (server-other.rules) * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules) * 3:38347 <-> ENABLED <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt (file-executable.rules) * 3:38397 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API authentication bypass attempt (server-webapp.rules) * 3:38399 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Server denial of service attempt (server-webapp.rules) * 3:38400 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API credentials enumeration attempt (server-webapp.rules) * 3:38543 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central Web Framework remote file include attempt (server-webapp.rules) * 3:38544 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0121 attack attempt (server-other.rules) * 3:38590 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller mDNS denial of service attempt (server-other.rules) * 3:38591 <-> ENABLED <-> SERVER-WEBAPP Cisco WLAN Controller management interface denial of service attempt (server-webapp.rules) * 3:38671 <-> ENABLED <-> BROWSER-IE SFVRT-1021 attack attempt (browser-ie.rules) * 3:38672 <-> ENABLED <-> BROWSER-IE SFVRT-1021 attack attempt (browser-ie.rules) * 3:38735 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38736 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38737 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38738 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38739 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38740 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38741 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50038 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0819 attack attempt (file-pdf.rules) * 3:50039 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0819 attack attempt (file-pdf.rules) * 3:50040 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0831 attack attempt (server-webapp.rules) * 3:50110 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0836 attack attempt (server-webapp.rules) * 3:50111 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0839 attack attempt (server-webapp.rules) * 3:50114 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0833 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50118 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50131 <-> ENABLED <-> PROTOCOL-SNMP Cisco Small Business Series Switches SNMP denial of service attempt (protocol-snmp.rules) * 3:50132 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50133 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50134 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50135 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50136 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50265 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0842 attack attempt (file-image.rules) * 3:50266 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0842 attack attempt (file-image.rules) * 3:50269 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0843 attack attempt (file-image.rules) * 3:50270 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0843 attack attempt (file-image.rules) * 3:50273 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0841 attack attempt (file-image.rules) * 3:50274 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0841 attack attempt (file-image.rules) * 3:50295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0845 attack attempt (file-other.rules) * 3:50296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0845 attack attempt (file-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules) * 3:50427 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI cross site request forgery attempt (server-webapp.rules) * 3:50469 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50470 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50471 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50472 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50485 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50486 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50487 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50488 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50489 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site request forgery attempt (server-webapp.rules) * 3:50492 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN Solution command injection attempt (server-webapp.rules) * 3:50502 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0848 attack attempt (file-other.rules) * 3:50503 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0848 attack attempt (file-other.rules) * 3:50512 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager authentication bypass attempt (server-webapp.rules) * 3:50513 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary WAR file upload attempt (server-webapp.rules) * 3:50514 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary file download attempt (server-webapp.rules) * 3:50515 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager information disclosure attempt (server-webapp.rules) * 3:50516 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0849 attack attempt (protocol-other.rules) * 3:50622 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance denial of service attempt (server-webapp.rules) * 3:50623 <-> ENABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 3:50624 <-> ENABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 3:50637 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50730 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0856 attack attempt (file-pdf.rules) * 3:50731 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0856 attack attempt (file-pdf.rules) * 3:50738 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0855 attack attempt (file-pdf.rules) * 3:50739 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0855 attack attempt (file-pdf.rules) * 3:50745 <-> ENABLED <-> SERVER-WEBAPP Cisco Vision Dynamic Signage Director authentication bypass attempt (server-webapp.rules) * 3:50746 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0859 attack attempt (server-webapp.rules) * 3:50747 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2019-0851 attack attempt (protocol-tftp.rules) * 3:50755 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50756 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50757 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50758 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50759 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50760 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50770 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0854 attack attempt (protocol-other.rules) * 3:50774 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0852 attack attempt (file-other.rules) * 3:50775 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0852 attack attempt (file-other.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50803 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0866 attack attempt (protocol-scada.rules) * 3:50804 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0866 attack attempt (policy-other.rules) * 3:50805 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0868 attack attempt (policy-other.rules) * 3:50806 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0875 attack attempt (file-image.rules) * 3:50807 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0875 attack attempt (file-image.rules) * 3:50824 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50825 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50826 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50827 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50897 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0884 attack attempt (file-image.rules) * 3:50898 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0884 attack attempt (file-image.rules) * 3:50899 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0882 attack attempt (server-other.rules) * 3:50902 <-> ENABLED <-> POLICY-OTHER Cisco ASA running configuration download request detected (policy-other.rules) * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules) * 3:50904 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50905 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50906 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50907 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules) * 3:50909 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0883 attack attempt (server-other.rules) * 3:51111 <-> ENABLED <-> OS-OTHER VxWorks TCP URG memory corruption attempt (os-other.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules) * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules) * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules) * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules) * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules) * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules) * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules) * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51355 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE REST API information disclosure attempt (server-webapp.rules) * 3:51365 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51366 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51367 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51369 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP DecompressUnchopper integer overflow attempt (os-windows.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules) * 3:51447 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0891 attack attempt (file-image.rules) * 3:51448 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0891 attack attempt (file-image.rules) * 3:51461 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0890 attack attempt (file-other.rules) * 3:51462 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0890 attack attempt (file-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51622 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51623 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51624 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51625 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51626 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP denial of service attempt (protocol-voip.rules) * 3:51627 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP denial of service attempt (protocol-voip.rules) * 3:51628 <-> ENABLED <-> POLICY-OTHER Cisco IOS Layer 2 Traceroute vlan enumeration detected (policy-other.rules) * 3:51645 <-> ENABLED <-> SERVER-OTHER Cisco IOx invalid TLS handshake type denial of service attempt (server-other.rules) * 3:51646 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE FTP Application Layer Gateway denial of service attempt (server-other.rules) * 3:51650 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0898 attack attempt (policy-other.rules) * 3:51651 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0896 attack attempt (policy-other.rules) * 3:51652 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0894 attack attempt (server-webapp.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51948 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0918 attack attempt (policy-other.rules) * 3:51949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0935 attack attempt (file-pdf.rules) * 3:51950 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0935 attack attempt (file-pdf.rules) * 3:51951 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0920 attack attempt (file-pdf.rules) * 3:51952 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0920 attack attempt (file-pdf.rules) * 3:52008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0936 attack attempt (file-other.rules) * 3:52009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0936 attack attempt (file-other.rules) * 3:52010 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0930 attack attempt (server-webapp.rules) * 3:52011 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0930 attack attempt (server-webapp.rules) * 3:52012 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0927 attack attempt (policy-other.rules) * 3:52013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0929 attack attempt (server-webapp.rules) * 3:52014 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0929 attack attempt (server-webapp.rules) * 3:52015 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52016 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52017 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52018 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0933 attack attempt (file-image.rules) * 3:52021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0933 attack attempt (file-image.rules) * 3:52023 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0923 attack attempt (server-webapp.rules) * 3:52024 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0932 attack attempt (server-other.rules) * 3:52025 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0932 attack attempt (server-other.rules) * 3:52046 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0934 attack attempt (file-pdf.rules) * 3:52047 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0934 attack attempt (file-pdf.rules) * 3:52048 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0943 attack attempt (browser-webkit.rules) * 3:52049 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0943 attack attempt (browser-webkit.rules) * 3:52050 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0937 attack attempt (file-other.rules) * 3:52051 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0937 attack attempt (file-other.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:13511 <-> ENABLED <-> SERVER-OTHER Novell eDirectory EventsRequest invalid event count exploit attempt (server-other.rules) * 3:13582 <-> ENABLED <-> FILE-OFFICE Microsoft Excel sst record arbitrary code execution attempt (file-office.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules) * 3:13667 <-> ENABLED <-> PROTOCOL-DNS dns cache poisoning attempt (protocol-dns.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules) * 3:13773 <-> ENABLED <-> OS-LINUX linux kernel snmp nat netfilter memory corruption attempt (os-linux.rules) * 3:13790 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules) * 3:13825 <-> ENABLED <-> OS-WINDOWS Microsoft PGM fragment denial of service attempt (os-windows.rules) * 3:13826 <-> ENABLED <-> OS-WINDOWS Microsoft WINS arbitrary memory modification attempt (os-windows.rules) * 3:13835 <-> ENABLED <-> OS-WINDOWS Microsoft Active Directory LDAP cookie denial of service attempt (os-windows.rules) * 3:13879 <-> ENABLED <-> OS-WINDOWS Windows BMP image conversion arbitrary code execution attempt (os-windows.rules) * 3:13887 <-> ENABLED <-> PROTOCOL-DNS dns root nameserver poisoning attempt (protocol-dns.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13921 <-> ENABLED <-> SERVER-MAIL Altrium Software MERCUR IMAPD NTLMSSP command handling memory corruption attempt (server-mail.rules) * 3:13946 <-> ENABLED <-> FILE-IMAGE Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt (file-image.rules) * 3:13947 <-> ENABLED <-> FILE-IMAGE Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt (file-image.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules) * 3:13969 <-> ENABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 3:14251 <-> ENABLED <-> OS-WINDOWS Microsoft GDI malformed metarecord buffer overflow attempt (os-windows.rules) * 3:14252 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14260 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ GIF image invalid number of extension blocks buffer overflow attempt (os-windows.rules) * 3:14263 <-> ENABLED <-> POLICY-SOCIAL Pidgin MSN MSNP2P message integer overflow attempt (policy-social.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:14772 <-> ENABLED <-> FILE-IMAGE libpng malformed chunk denial of service attempt (file-image.rules) * 3:15009 <-> ENABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 3:15117 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed OBJ record arbitrary code execution attempt (file-office.rules) * 3:15124 <-> ENABLED <-> OS-WINDOWS Web-based NTLM replay attack attempt (os-windows.rules) * 3:15125 <-> ENABLED <-> FILE-OFFICE Microsoft Word rich text file unpaired dpendgroup exploit attempt (file-office.rules) * 3:15148 <-> ENABLED <-> SERVER-OTHER Microsoft SMS remote control client message length denial of service attempt (server-other.rules) * 3:15149 <-> ENABLED <-> SERVER-ORACLE Oracle Internet Directory pre-auth ldap denial of service attempt (server-oracle.rules) * 3:15298 <-> ENABLED <-> FILE-OFFICE Microsoft Visio could allow remote code execution (file-office.rules) * 3:15300 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EMF polyline overflow attempt (browser-ie.rules) * 3:15301 <-> ENABLED <-> SERVER-MAIL Exchange compressed RTF remote code execution attempt (server-mail.rules) * 3:15327 <-> ENABLED <-> PROTOCOL-DNS libspf2 DNS TXT record parsing buffer overflow attempt (protocol-dns.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:15329 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange MODPROPS memory corruption attempt (server-mail.rules) * 3:15365 <-> ENABLED <-> FILE-OFFICE Microsoft Excel extrst record arbitrary code excecution attempt (file-office.rules) * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules) * 3:15449 <-> ENABLED <-> MALWARE-OTHER Conficker A/B DNS traffic detected (malware-other.rules) * 3:15450 <-> ENABLED <-> MALWARE-OTHER Conficker C/D DNS traffic detected (malware-other.rules) * 3:15453 <-> ENABLED <-> OS-WINDOWS SMB replay attempt via NTLMSSP - overlapping encryption keys detected (os-windows.rules) * 3:15454 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules) * 3:15465 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed object record remote code execution attempt (file-office.rules) * 3:15474 <-> ENABLED <-> SERVER-OTHER Microsoft ISA Server and Forefront Threat Management Gateway invalid RST denial of service attempt (server-other.rules) * 3:15519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 3:15521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ExternSheet record remote code execution attempt (file-office.rules) * 3:15734 <-> ENABLED <-> PROTOCOL-DNS BIND named 9 dynamic update message remote dos attempt (protocol-dns.rules) * 3:15847 <-> ENABLED <-> OS-WINDOWS Telnet-based NTLM replay attack attempt (os-windows.rules) * 3:15848 <-> ENABLED <-> OS-WINDOWS WINS replication request memory corruption attempt (os-windows.rules) * 3:15857 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file invalid header length (file-multimedia.rules) * 3:15912 <-> ENABLED <-> OS-WINDOWS TCP window closed before receiving data (os-windows.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules) * 3:15959 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET viewstate DoS attempt (server-iis.rules) * 3:15968 <-> ENABLED <-> SERVER-OTHER LANDesk Management Suite QIP service heal packet buffer overflow attempt (server-other.rules) * 3:15973 <-> ENABLED <-> SERVER-OTHER Novell eDirectory LDAP null search parameter buffer overflow attempt (server-other.rules) * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules) * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules) * 3:16222 <-> ENABLED <-> FILE-IMAGE Malformed BMP dimensions arbitrary code execution attempt (file-image.rules) * 3:16230 <-> ENABLED <-> FILE-OFFICE Microsoft Excel oversized ib memory corruption attempt (file-office.rules) * 3:16232 <-> ENABLED <-> OS-WINDOWS Windows TrueType font file parsing integer overflow attempt (os-windows.rules) * 3:16343 <-> ENABLED <-> FILE-PDF obfuscated header in PDF (file-pdf.rules) * 3:16370 <-> ENABLED <-> FILE-PDF Adobe Reader JP2C Region Atom CompNum memory corruption attempt (file-pdf.rules) * 3:16375 <-> ENABLED <-> SERVER-OTHER LDAP object parameter name buffer overflow attempt (server-other.rules) * 3:16394 <-> ENABLED <-> OS-WINDOWS Active Directory Kerberos referral TGT renewal DoS attempt (os-windows.rules) * 3:16396 <-> ENABLED <-> NETBIOS SMB server srvnet.sys driver race condition attempt (netbios.rules) * 3:16408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCP SACK invalid range denial of service attempt (os-windows.rules) * 3:16530 <-> ENABLED <-> OS-WINDOWS CAB SIP authenticode alteration attempt (os-windows.rules) * 3:16531 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules) * 3:16532 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules) * 3:16533 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ISATAP-addressed IPv6 traffic spoofing attempt (os-windows.rules) * 3:16649 <-> ENABLED <-> FILE-OFFICE Microsoft Excel HFPicture record stack buffer overflow attempt (file-office.rules) * 3:16662 <-> ENABLED <-> FILE-OFFICE Microsoft Excel SxView heap overflow attempt (file-office.rules) * 3:16728 <-> ENABLED <-> NETBIOS Samba SMB1 chain_reply function memory corruption attempt (netbios.rules) * 3:17242 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player ASF file arbitrary code execution attempt (file-multimedia.rules) * 3:17251 <-> ENABLED <-> FILE-OFFICE Outlook RTF remote code execution attempt (file-office.rules) * 3:17300 <-> ENABLED <-> FILE-MULTIMEDIA MPlayer demux_open_vqf TwinVQ file handling buffer overflow attempt (file-multimedia.rules) * 3:17608 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime color table atom movie file handling heap corruption attempt (file-multimedia.rules) * 3:17632 <-> ENABLED <-> PROTOCOL-SNMP Castle Rock Computing SNMPc Network Manager community string attempted stack overflow (protocol-snmp.rules) * 3:17647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 3:17665 <-> ENABLED <-> FILE-OFFICE OpenOffice Word document table parsing multiple heap based buffer overflow attempt (file-office.rules) * 3:17693 <-> ENABLED <-> SERVER-MAIL MailEnable NTLM Authentication buffer overflow attempt (server-mail.rules) * 3:17697 <-> ENABLED <-> POLICY-SOCIAL GnuPG Message Packet Length overflow attempt (policy-social.rules) * 3:17699 <-> ENABLED <-> PROTOCOL-SNMP Multiple vendor SNMPv3 HMAC handling authentication bypass attempt (protocol-snmp.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules) * 3:17741 <-> ENABLED <-> SERVER-OTHER MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference attempt (server-other.rules) * 3:17762 <-> ENABLED <-> FILE-OFFICE Microsoft Excel corrupted TABLE record clean up exploit attempt (file-office.rules) * 3:17765 <-> ENABLED <-> OS-WINDOWS OpenType Font file parsing buffer overflow attempt (os-windows.rules) * 3:17775 <-> ENABLED <-> INDICATOR-SHELLCODE Shikata Ga Nai x86 polymorphic shellcode decoder detected (indicator-shellcode.rules) * 3:18063 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 3:18101 <-> ENABLED <-> SERVER-OTHER Sun Directory Server LDAP denial of service attempt (server-other.rules) * 3:18673 <-> ENABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 3:18676 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 3:18949 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules) * 3:19187 <-> ENABLED <-> PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt (protocol-dns.rules) * 3:19350 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Shockwave Player Director file FFFFFF88 record integer overflow attempt (file-multimedia.rules) * 3:20135 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:20825 <-> ENABLED <-> SERVER-WEBAPP generic web server hashing collision attack (server-webapp.rules) * 3:21352 <-> ENABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 3:21354 <-> ENABLED <-> PROTOCOL-DNS dns query - storing query and txid (protocol-dns.rules) * 3:21355 <-> ENABLED <-> PROTOCOL-DNS potential dns cache poisoning attempt - mismatched txid (protocol-dns.rules) * 3:21619 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (os-windows.rules) * 3:22089 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:23039 <-> ENABLED <-> PROTOCOL-DNS Multiple vendor DNS message decompression denial of service attempt (protocol-dns.rules) * 3:23040 <-> ENABLED <-> PROTOCOL-DNS Multiple vendor DNS message decompression denial of service attempt (protocol-dns.rules) * 3:23180 <-> ENABLED <-> FILE-PDF obfuscated header in PDF attachment (file-pdf.rules) * 3:23608 <-> ENABLED <-> PROTOCOL-DNS dns zone transfer with zero-length rdata attempt (protocol-dns.rules) * 3:23847 <-> ENABLED <-> NETBIOS MS-RAP NetServerEnum2 read access violation attempt (netbios.rules) * 3:24595 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 3:24596 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 3:24597 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:24671 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Explorer briefcase database memory corruption attempt (os-windows.rules) * 3:24971 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 3:24973 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 response file name length overflow attempt (netbios.rules) * 3:26213 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - doesntexist.com (exploit-kit.rules) * 3:26214 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - dnsalias.com (exploit-kit.rules) * 3:26215 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - dynalias.com (exploit-kit.rules) * 3:10127 <-> ENABLED <-> OS-WINDOWS Microsoft IP Options denial of service (os-windows.rules) * 3:10161 <-> ENABLED <-> NETBIOS SMB write_andx overflow attempt (netbios.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:11619 <-> ENABLED <-> SERVER-MYSQL MySQL COM_TABLE_DUMP Function Stack Overflow attempt (server-mysql.rules) * 3:11672 <-> ENABLED <-> BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt (browser-other.rules) * 3:12028 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange Server MIME base64 decoding code execution attempt (server-mail.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules) * 3:13308 <-> ENABLED <-> SERVER-APACHE Apache HTTP server auth_ldap logging function format string vulnerability (server-apache.rules) * 3:13417 <-> ENABLED <-> SERVER-OTHER Citrix MetaFrame IMA authentication processing buffer overflow attempt (server-other.rules) * 3:13418 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Director LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 3:13425 <-> ENABLED <-> SERVER-OTHER openldap server bind request denial of service attempt (server-other.rules) * 3:13469 <-> ENABLED <-> FILE-OFFICE Microsoft Word ole stream memory corruption attempt (file-office.rules) * 3:13475 <-> ENABLED <-> OS-WINDOWS Microsoft Active Directory LDAP denial of service attempt (os-windows.rules) * 3:13510 <-> ENABLED <-> SERVER-OTHER Novell eDirectory EventsRequest heap overflow attempt (server-other.rules) * 3:38745 <-> ENABLED <-> MALWARE-OTHER known phishing x-mailer attempt (malware-other.rules) * 3:38746 <-> ENABLED <-> MALWARE-CNC CTFMONv4 beacon attempt (malware-cnc.rules) * 3:38747 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38748 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38749 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38750 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38751 <-> ENABLED <-> MALWARE-CNC Jimini outbound connection attempt (malware-cnc.rules) * 3:38752 <-> ENABLED <-> MALWARE-CNC HILIGHT outbound connection attempt (malware-cnc.rules) * 3:38753 <-> ENABLED <-> MALWARE-CNC 1.php outbound connection attempt (malware-cnc.rules) * 3:38754 <-> ENABLED <-> MALWARE-CNC XDOT outbound connection attempt (malware-cnc.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:38757 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:38758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 3:38834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 3:38958 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance socket exhaustion denial of service attempt (server-other.rules) * 3:39065 <-> ENABLED <-> SERVER-OTHER Cisco IOS NX invalid ICMPv6 neighbor discovery hop limit denial of service attempt (server-other.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39303 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:39370 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API authentication bypass attempt (server-webapp.rules) * 3:39371 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API default credentials authentication attempt (server-webapp.rules) * 3:39379 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:39678 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Performance Manager command injection attempt (server-webapp.rules) * 3:39679 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Performance Manager command injection attempt (server-webapp.rules) * 3:39775 <-> ENABLED <-> EXPLOIT-KIT malicious script detected via RBF classifier (exploit-kit.rules) * 3:39790 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39791 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39792 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39793 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi directory traversal attempt (server-webapp.rules) * 3:39794 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi directory traversal attempt (server-webapp.rules) * 3:39795 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers insecure guest account login attempt (server-webapp.rules) * 3:39796 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt (protocol-voip.rules) * 3:39797 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt (protocol-voip.rules) * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules) * 3:39885 <-> ENABLED <-> PROTOCOL-SNMP Cisco ASA SNMP OID parsing stack buffer overflow attempt (protocol-snmp.rules) * 3:39897 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePOWER Management Center sajaxintf.cgi command injection attempt (server-webapp.rules) * 3:39898 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePOWER Management Center pjb.cgi privilege escalation attempt (server-webapp.rules) * 3:39937 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules) * 3:39938 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules) * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules) * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules) * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40049 <-> ENABLED <-> SERVER-OTHER Cisco IOS PPTP control message response information disclosure detected (server-other.rules) * 3:40072 <-> ENABLED <-> MALWARE-CNC Cisco ASA backdoor installer inbound connection attempt (malware-cnc.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:40131 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Assurance session ID privilege escalation attempt (policy-other.rules) * 3:40239 <-> ENABLED <-> SERVER-OTHER Cisco WebEx meetings server denial of service attempt (server-other.rules) * 3:40240 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meetings Server config_dmz remote code execution attempt (server-webapp.rules) * 3:40257 <-> ENABLED <-> SERVER-WEBAPP Cisco Cloud Services Platform dnslookup command injection attempt (server-webapp.rules) * 3:40275 <-> ENABLED <-> SERVER-WEBAPP Cisco ESA internal testing interface access attempt (server-webapp.rules) * 3:40287 <-> ENABLED <-> SERVER-OTHER Cisco prime collaboration provisioning web framework access control bypass attempt (server-other.rules) * 3:40298 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed H.450 PER data out of bounds read attempt (protocol-voip.rules) * 3:40299 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0195 attack attempt (file-other.rules) * 3:40300 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0195 attack attempt (file-other.rules) * 3:40303 <-> ENABLED <-> PROTOCOL-SCADA Cisco IOS CIP request parser out of bounds array access attempt (protocol-scada.rules) * 3:40304 <-> ENABLED <-> PROTOCOL-SCADA Cisco IOS CIP request parser out of bounds array access attempt (protocol-scada.rules) * 3:40343 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS malformed BGP UPDATE denial of service attempt (server-other.rules) * 3:40498 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA Crypto CA Server out of bounds read attempt (server-webapp.rules) * 3:40499 <-> ENABLED <-> SERVER-OTHER Cisco ASA NBSTAT response stack buffer overflow attempt (server-other.rules) * 3:40504 <-> ENABLED <-> SERVER-OTHER Cisco Snort HTTP chunked transfer encoding processing denial of service attempt (server-other.rules) * 3:40552 <-> ENABLED <-> SERVER-OTHER Cisco ESA lzw attachment parsing denial of service attempt (server-other.rules) * 3:40553 <-> ENABLED <-> SERVER-OTHER Cisco ESA uuencode attachment processing exception denial of service attempt (server-other.rules) * 3:40554 <-> ENABLED <-> SERVER-OTHER Cisco ESA uuencode attachment processing exception denial of service attempt (server-other.rules) * 3:40580 <-> ENABLED <-> POLICY-OTHER Cisco Universal Media Services potentially unauthorized API access detected (policy-other.rules) * 3:40636 <-> ENABLED <-> POLICY-OTHER Cisco Prime Home API insecure SSO authentication detected (policy-other.rules) * 3:40637 <-> ENABLED <-> POLICY-OTHER TL1 ACT-USER login detected (policy-other.rules) * 3:40638 <-> ENABLED <-> PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt (protocol-voip.rules) * 3:40767 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40768 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40769 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40770 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40877 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine SSL handshake parsing denial of service attempt (server-other.rules) * 3:40878 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40879 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:41093 <-> ENABLED <-> POLICY-OTHER Docker management traffic detected (policy-other.rules) * 3:41137 <-> ENABLED <-> SERVER-OTHER Cisco IOS XR command line interface privilege escalation attempt (server-other.rules) * 3:41195 <-> ENABLED <-> PROTOCOL-SNMP Cisco IP routing configuration manipulation via SNMP attempt (protocol-snmp.rules) * 3:41360 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41361 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41362 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41363 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41372 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41373 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41415 <-> ENABLED <-> PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt (protocol-voip.rules) * 3:41466 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0278 attack attempt (server-other.rules) * 3:41468 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules) * 3:41469 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules) * 3:41487 <-> ENABLED <-> POLICY-OTHER Cisco Prime Home portlet API access detected (policy-other.rules) * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules) * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules) * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules) * 3:41786 <-> ENABLED <-> SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt (server-other.rules) * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:42001 <-> ENABLED <-> SERVER-WEBAPP Cisco CWA and TES Client Manager Server directory traversal attempt (server-webapp.rules) * 3:42002 <-> ENABLED <-> SERVER-WEBAPP Cisco CWA and TES Client Manager Server directory traversal attempt (server-webapp.rules) * 3:42003 <-> ENABLED <-> POLICY-OTHER Cisco Mobility Express Access Point radio.cgi access detected (policy-other.rules) * 3:42004 <-> ENABLED <-> POLICY-OTHER Cisco Mobility Express Access Point radio.html access detected (policy-other.rules) * 3:42008 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules) * 3:42009 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules) * 3:42051 <-> ENABLED <-> SERVER-OTHER Cisco IOS autonomic networking discovery denial of service attempt (server-other.rules) * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules) * 3:42061 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui software upgrade command injection attempt (server-webapp.rules) * 3:42069 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE DHCP vendor class identifier format string exploit attempt (server-other.rules) * 3:42070 <-> ENABLED <-> SERVER-OTHER Cisco IOS L2TP invalid message digest AVP denial of service attempt (server-other.rules) * 3:42071 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui denial of service attempt (server-webapp.rules) * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42112 <-> ENABLED <-> BROWSER-OTHER multiple browsers content security policy bypass attempt (browser-other.rules) * 3:42139 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:42142 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules) * 3:42143 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules) * 3:42144 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules) * 3:42145 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules) * 3:42146 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules) * 3:42147 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules) * 3:42179 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-2811 attack attempt (file-image.rules) * 3:42180 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-2811 attack attempt (file-image.rules) * 3:42191 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42192 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42193 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42194 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42277 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0317 attack attempt (file-other.rules) * 3:42278 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0317 attack attempt (file-other.rules) * 3:42293 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager SIP NOTIFY denial of service attempt (protocol-voip.rules) * 3:42313 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0322 attack attempt (file-pdf.rules) * 3:42314 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0322 attack attempt (file-pdf.rules) * 3:42399 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0323 attack attempt (file-pdf.rules) * 3:42400 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0323 attack attempt (file-pdf.rules) * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules) * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules) * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco RV Series Routers SSDP uuid stack buffer overflow attempt (server-other.rules) * 3:42923 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration ScriptMgr authentication bypass attempt (server-webapp.rules) * 3:42924 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration potentially unauthorized log file access detected (policy-other.rules) * 3:43000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43060 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0355 attack attempt (server-other.rules) * 3:43076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0354 attack attempt (server-other.rules) * 3:43081 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2017-0357 attack attempt (browser-other.rules) * 3:43082 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2017-0360 attack attempt (browser-other.rules) * 3:43120 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0356 attack attempt (file-pdf.rules) * 3:43121 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0356 attack attempt (file-pdf.rules) * 3:43135 <-> ENABLED <-> POLICY-OTHER JBoss Management console access detected (policy-other.rules) * 3:43148 <-> ENABLED <-> PROTOCOL-SCADA Rockwell Automation CIP challenge-response buffer overflow attempt (protocol-scada.rules) * 3:43149 <-> ENABLED <-> PROTOCOL-SCADA Rockwell Automation CIP certificate request unknown certificate detected (protocol-scada.rules) * 3:43150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0362 attack attempt (server-other.rules) * 3:43167 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0361 attack attempt (file-pdf.rules) * 3:43168 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0361 attack attempt (file-pdf.rules) * 3:43192 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0364 attack attempt (server-other.rules) * 3:43211 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0365 attack attempt (server-other.rules) * 3:43214 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0366 attack attempt (file-image.rules) * 3:43215 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0366 attack attempt (file-image.rules) * 3:43271 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure XML external entity injection attempt (server-webapp.rules) * 3:43449 <-> ENABLED <-> POLICY-OTHER log file access detected (policy-other.rules) * 3:43452 <-> ENABLED <-> POLICY-OTHER Cisco Ultra Services Framework unauthenticated ZAB connect request detected (policy-other.rules) * 3:43456 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt (server-webapp.rules) * 3:43483 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43484 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43485 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43486 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0368 attack attempt (server-other.rules) * 3:43487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0370 attack attempt (server-webapp.rules) * 3:43488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0372 attack attempt (server-webapp.rules) * 3:43489 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0374 attack attempt (server-other.rules) * 3:43518 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0373 attack attempt (server-other.rules) * 3:43555 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0381 attack attempt (policy-other.rules) * 3:43556 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0382 attack attempt (server-other.rules) * 3:43557 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0384 attack attempt (server-other.rules) * 3:43558 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0379 attack attempt (server-other.rules) * 3:43559 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0378 attack attempt (server-other.rules) * 3:43628 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43629 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43630 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43631 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43712 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0389 attack attempt (policy-other.rules) * 3:43713 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0385 attack attempt (server-webapp.rules) * 3:43714 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0389 attack attempt (policy-other.rules) * 3:43715 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0390 attack attempt (policy-other.rules) * 3:43716 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0391 attack attempt (policy-other.rules) * 3:43717 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0386 attack attempt (server-other.rules) * 3:43725 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0387 attack attempt (file-image.rules) * 3:43726 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0387 attack attempt (file-image.rules) * 3:43855 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0394 attack attempt (file-image.rules) * 3:43856 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0394 attack attempt (file-image.rules) * 3:43857 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43858 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43859 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43860 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43861 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0397 attack attempt (server-webapp.rules) * 3:43862 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0393 attack attempt (file-image.rules) * 3:43863 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0393 attack attempt (file-image.rules) * 3:43864 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0371 attack attempt (policy-other.rules) * 3:44012 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0411 attack attempt (policy-other.rules) * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules) * 3:44070 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0418 attack attempt (server-other.rules) * 3:44071 <-> ENABLED <-> SERVER-OTHER Objectivity DB lock server buffer overflow attempt (server-other.rules) * 3:44082 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0420 attack attempt (server-other.rules) * 3:44092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0404 attack attempt (file-office.rules) * 3:44093 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0404 attack attempt (file-office.rules) * 3:44101 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0403 attack attempt (file-office.rules) * 3:44102 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0403 attack attempt (file-office.rules) * 3:44106 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0417 attack attempt (file-office.rules) * 3:44107 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0417 attack attempt (file-office.rules) * 3:44125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44142 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0424 attack attempt (policy-other.rules) * 3:44162 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0422 attack attempt (policy-other.rules) * 3:44163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0426 attack attempt (file-office.rules) * 3:44164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0426 attack attempt (file-office.rules) * 3:44166 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0428 attack attempt (server-webapp.rules) * 3:44167 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0412 attack attempt (file-image.rules) * 3:44168 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0412 attack attempt (file-image.rules) * 3:44178 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0427 attack attempt (file-image.rules) * 3:44179 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0427 attack attempt (file-image.rules) * 3:44186 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0425 attack attempt (file-other.rules) * 3:44187 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0425 attack attempt (file-other.rules) * 3:44189 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0421 attack attempt (server-other.rules) * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44237 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44238 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44239 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44240 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44241 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44242 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44243 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44244 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44245 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44246 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44247 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44248 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44249 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0411 attack attempt (file-image.rules) * 3:44250 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0411 attack attempt (file-image.rules) * 3:44251 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0408 attack attempt (file-image.rules) * 3:44252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0408 attack attempt (file-image.rules) * 3:44253 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44254 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44255 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44256 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44257 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44258 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44259 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44260 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44261 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44262 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44263 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44264 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44265 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0413 attack attempt (file-multimedia.rules) * 3:44266 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0413 attack attempt (file-multimedia.rules) * 3:44267 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0436 attack attempt (policy-other.rules) * 3:44268 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0437 attack attempt (policy-other.rules) * 3:44269 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0434 attack attempt (file-other.rules) * 3:44270 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0434 attack attempt (file-other.rules) * 3:44271 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0430 attack attempt (file-office.rules) * 3:44272 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0430 attack attempt (file-office.rules) * 3:44273 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0431 attack attempt (file-office.rules) * 3:44274 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0431 attack attempt (file-office.rules) * 3:44287 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0433 attack attempt (file-other.rules) * 3:44288 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0433 attack attempt (file-other.rules) * 3:44294 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0432 attack attempt (file-pdf.rules) * 3:44295 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0432 attack attempt (file-pdf.rules) * 3:44297 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0435 attack attempt (server-webapp.rules) * 3:44318 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0438 attack attempt (file-other.rules) * 3:44319 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0438 attack attempt (file-other.rules) * 3:44344 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0439 attack attempt (server-other.rules) * 3:44376 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0452 attack attempt (file-other.rules) * 3:44377 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0452 attack attempt (file-other.rules) * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules) * 3:44380 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0450 attack attempt (server-webapp.rules) * 3:44381 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0449 attack attempt (server-webapp.rules) * 3:44397 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0453 attack attempt (file-other.rules) * 3:44398 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0453 attack attempt (file-other.rules) * 3:44417 <-> ENABLED <-> SERVER-WEBAPP Cisco Customer Voice Portal MyAccountEditAction.do privilege escalation attempt (server-webapp.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:44420 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0440 attack attempt (protocol-scada.rules) * 3:44421 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0441 attack attempt (policy-other.rules) * 3:44422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0441 attack attempt (policy-other.rules) * 3:44423 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0444 attack attempt (policy-other.rules) * 3:44424 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44425 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44426 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44427 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44428 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44429 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44444 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0455 attack attempt (file-other.rules) * 3:44445 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0455 attack attempt (file-other.rules) * 3:44446 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0454 attack attempt (file-other.rules) * 3:44447 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0454 attack attempt (file-other.rules) * 3:44448 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0456 attack attempt (file-other.rules) * 3:44449 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0456 attack attempt (file-other.rules) * 3:44451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt (file-image.rules) * 3:44452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt (file-image.rules) * 3:44457 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE Web UI user administration page access detected (policy-other.rules) * 3:44458 <-> ENABLED <-> PROTOCOL-SCADA Cisco IE2000 CIP get attributes all packet processing memory leak attempt (protocol-scada.rules) * 3:44459 <-> ENABLED <-> PROTOCOL-SCADA Cisco IE2000 CIP forward open packet processing null pointer dereference attempt (protocol-scada.rules) * 3:44460 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI resource path authentication bypass attempt (server-webapp.rules) * 3:44461 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI resource path authentication bypass attempt (server-webapp.rules) * 3:44462 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI rest path authentication bypass attempt (server-webapp.rules) * 3:44463 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI rest path authentication bypass attempt (server-webapp.rules) * 3:44464 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKEv2 session initialization denial of service attempt (server-other.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44503 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance direct authentication denial of service attempt (server-webapp.rules) * 3:44520 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0461 attack attempt (file-office.rules) * 3:44521 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0461 attack attempt (file-office.rules) * 3:44522 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0460 attack attempt (file-office.rules) * 3:44523 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0460 attack attempt (file-office.rules) * 3:44524 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0459 attack attempt (file-image.rules) * 3:44525 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0459 attack attempt (file-image.rules) * 3:44537 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster UploadFile.js arbitrary file upload attempt (server-webapp.rules) * 3:44538 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster LogCollect.js command injection attempt (server-webapp.rules) * 3:44539 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster LogCollect.js command injection attempt (server-webapp.rules) * 3:44540 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition information disclosure attempt (server-other.rules) * 3:44541 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition configuration change attempt (server-other.rules) * 3:44542 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition remote code execution attempt (server-other.rules) * 3:44543 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition information disclosure attempt (server-other.rules) * 3:44544 <-> ENABLED <-> FILE-PDF Nitro Pro PDF document field dereference use after free attempt (file-pdf.rules) * 3:44545 <-> ENABLED <-> FILE-PDF Nitro Pro PDF document field dereference use after free attempt (file-pdf.rules) * 3:44546 <-> ENABLED <-> FILE-PDF Nitro Pro use after free remote code execution attempt (file-pdf.rules) * 3:44547 <-> ENABLED <-> FILE-PDF Nitro Pro use after free remote code execution attempt (file-pdf.rules) * 3:44555 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePower Management Center cross site scripting attempt (server-webapp.rules) * 3:44556 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection edit-nuance.do cross site scripting attempt (server-webapp.rules) * 3:44557 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection nick-name.do cross site scripting attempt (server-webapp.rules) * 3:44558 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection serviceParamEdit.do cross site scripting attempt (server-webapp.rules) * 3:44589 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0463 attack attempt (file-office.rules) * 3:44590 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0463 attack attempt (file-office.rules) * 3:44593 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0462 attack attempt (file-office.rules) * 3:44594 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0462 attack attempt (file-office.rules) * 3:44605 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:44606 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:44614 <-> ENABLED <-> SERVER-WEBAPP D-Link soap.cgi service command injection attempt (server-webapp.rules) * 3:44624 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44625 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44626 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44627 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44707 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44708 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44709 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44710 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44711 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44712 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44713 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0464 attack attempt (policy-other.rules) * 3:44714 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0464 attack attempt (policy-other.rules) * 3:44722 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt (server-webapp.rules) * 3:44723 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt (server-webapp.rules) * 3:44724 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Smart Licensing command injection attempt (server-webapp.rules) * 3:44725 <-> ENABLED <-> PROTOCOL-SNMP Cisco Wireless LAN Controller clExtApDot11IfTable OID memory leak attempt (protocol-snmp.rules) * 3:44750 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 login.cgi stack buffer overflow attempt (server-webapp.rules) * 3:44835 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44836 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44837 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44840 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44841 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44842 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44847 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44848 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44849 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44850 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44851 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44852 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44855 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0480 attack attempt (policy-other.rules) * 3:44858 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0474 attack attempt (server-webapp.rules) * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules) * 3:44908 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44909 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44910 <-> ENABLED <-> SERVER-OTHER Altiris Express Server Engine stack buffer overflow attempt (server-other.rules) * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules) * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules) * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules) * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules) * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules) * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules) * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules) * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules) * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules) * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules) * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules) * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules) * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules) * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0493 attack attempt (server-webapp.rules) * 3:45086 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0494 attack attempt (server-webapp.rules) * 3:45087 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0495 attack attempt (server-webapp.rules) * 3:45088 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0502 attack attempt (server-webapp.rules) * 3:45089 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0501 attack attempt (server-other.rules) * 3:45102 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0505 attack attempt (file-pdf.rules) * 3:45103 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0505 attack attempt (file-pdf.rules) * 3:45105 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0504 attack attempt (file-pdf.rules) * 3:45106 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0504 attack attempt (file-pdf.rules) * 3:45120 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine padding oracle attack attempt (server-other.rules) * 3:45158 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0506 attack attempt (file-pdf.rules) * 3:45159 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0506 attack attempt (file-pdf.rules) * 3:45216 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2017-0509 attack attempt (file-executable.rules) * 3:45217 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2017-0509 attack attempt (file-executable.rules) * 3:45220 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0507 attack attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules) * 3:45502 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0515 attack attempt (file-other.rules) * 3:45503 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0515 attack attempt (file-other.rules) * 3:45504 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0514 attack attempt (file-other.rules) * 3:45505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0514 attack attempt (file-other.rules) * 3:45506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0517 attack attempt (file-pdf.rules) * 3:45507 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0517 attack attempt (file-pdf.rules) * 3:45521 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0518 attack attempt (file-pdf.rules) * 3:45522 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0518 attack attempt (file-pdf.rules) * 3:45524 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player for ARF files dll-load exploit attempt (file-other.rules) * 3:45525 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player for ARF files dll-load exploit attempt (file-other.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules) * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules) * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules) * 3:45599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0520 attack attempt (file-image.rules) * 3:45600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0520 attack attempt (file-image.rules) * 3:45602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0522 attack attempt (file-other.rules) * 3:45603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0522 attack attempt (file-other.rules) * 3:45604 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0524 attack attempt (server-other.rules) * 3:45605 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0519 attack attempt (file-other.rules) * 3:45606 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0519 attack attempt (file-other.rules) * 3:45608 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0525 attack attempt (file-pdf.rules) * 3:45609 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0525 attack attempt (file-pdf.rules) * 3:45610 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0523 attack attempt (server-other.rules) * 3:45621 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central recvbackup.cgi command injection attempt (server-webapp.rules) * 3:45622 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central recvbackup.cgi command injection attempt (server-webapp.rules) * 3:45623 <-> ENABLED <-> SERVER-WEBAPP Cisco RV132W and RV134W routers command injection attempt (server-webapp.rules) * 3:45652 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0526 attack attempt (file-pdf.rules) * 3:45653 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0526 attack attempt (file-pdf.rules) * 3:45689 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0527 attack attempt (file-office.rules) * 3:45690 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0527 attack attempt (file-office.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45750 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0534 attack attempt (file-office.rules) * 3:45751 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0534 attack attempt (file-office.rules) * 3:45752 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0533 attack attempt (file-other.rules) * 3:45753 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0533 attack attempt (file-other.rules) * 3:45813 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager information disclosure attempt (server-webapp.rules) * 3:45823 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0536 attack attempt (file-pdf.rules) * 3:45824 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0536 attack attempt (file-pdf.rules) * 3:45829 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0535 attack attempt (server-other.rules) * 3:45832 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager appuserFindList.do SQL injection attempt (server-webapp.rules) * 3:45833 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager appuserFindList.do SQL injection attempt (server-webapp.rules) * 3:45870 <-> ENABLED <-> SERVER-WEBAPP Cisco ACS unsafe Java object deserialization attempt (server-webapp.rules) * 3:45891 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0539 attack attempt (server-webapp.rules) * 3:45896 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0538 attack attempt (file-office.rules) * 3:45897 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0538 attack attempt (file-office.rules) * 3:45981 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0540 attack attempt (file-other.rules) * 3:45982 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0540 attack attempt (file-other.rules) * 3:45985 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45986 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45987 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45988 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45991 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45992 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45993 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45994 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45997 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:45998 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:45999 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:46000 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:46001 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0541 attack attempt (file-image.rules) * 3:46002 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0541 attack attempt (file-image.rules) * 3:46079 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0548 attack attempt (server-webapp.rules) * 3:46090 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0549 attack attempt (server-webapp.rules) * 3:46093 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0550 attack attempt (file-image.rules) * 3:46094 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0550 attack attempt (file-image.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0551 attack attempt (server-webapp.rules) * 3:46143 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46144 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46145 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46146 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46147 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0552 attack attempt (file-image.rules) * 3:46148 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0552 attack attempt (file-image.rules) * 3:46149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0554 attack attempt (server-webapp.rules) * 3:46150 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46154 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46155 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46165 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46166 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46167 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46168 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46169 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46170 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46171 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46172 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0568 attack attempt (file-other.rules) * 3:46174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0568 attack attempt (file-other.rules) * 3:46175 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0559 attack attempt (server-webapp.rules) * 3:46190 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0567 attack attempt (server-webapp.rules) * 3:46191 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0567 attack attempt (server-webapp.rules) * 3:46211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0556 attack attempt (server-webapp.rules) * 3:46217 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0557 attack attempt (policy-other.rules) * 3:46222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0561 attack attempt (file-image.rules) * 3:46223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0561 attack attempt (file-image.rules) * 3:46224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0562 attack attempt (file-image.rules) * 3:46225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0562 attack attempt (file-image.rules) * 3:46241 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0564 attack attempt (file-image.rules) * 3:46242 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0564 attack attempt (file-image.rules) * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules) * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules) * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules) * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules) * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules) * 3:46386 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI arbitrary file write attempt (server-webapp.rules) * 3:46388 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0579 attack attempt (file-other.rules) * 3:46389 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0579 attack attempt (file-other.rules) * 3:46390 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46391 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46392 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46395 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0578 attack attempt (server-webapp.rules) * 3:46452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0586 attack attempt (file-image.rules) * 3:46453 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0586 attack attempt (file-image.rules) * 3:46455 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0587 attack attempt (file-image.rules) * 3:46456 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0587 attack attempt (file-image.rules) * 3:46457 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0588 attack attempt (file-pdf.rules) * 3:46458 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0588 attack attempt (file-pdf.rules) * 3:46459 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0585 attack attempt (file-image.rules) * 3:46460 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0585 attack attempt (file-image.rules) * 3:46492 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46493 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46494 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46496 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46497 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46498 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46499 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46500 <-> ENABLED <-> POLICY-OTHER Docker API ContainerCreate request detected (policy-other.rules) * 3:46523 <-> ENABLED <-> SERVER-OTHER malicious HTML file transfer attempt (server-other.rules) * 3:46541 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0589 attack attempt (file-other.rules) * 3:46542 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0589 attack attempt (file-other.rules) * 3:46543 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0591 attack attempt (server-webapp.rules) * 3:46550 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0590 attack attempt (file-pdf.rules) * 3:46551 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0590 attack attempt (file-pdf.rules) * 3:46634 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0592 attack attempt (file-pdf.rules) * 3:46635 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0592 attack attempt (file-pdf.rules) * 3:46661 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0594 attack attempt (policy-other.rules) * 3:46738 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center API directory traversal attempt (server-webapp.rules) * 3:46739 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center API default login attempt (server-webapp.rules) * 3:46740 <-> ENABLED <-> SERVER-WEBAPP Kubernetes Kubelet arbitrary command execution attempt (server-webapp.rules) * 3:46741 <-> ENABLED <-> SERVER-WEBAPP Kubernetes Kubelet arbitrary command execution attempt (server-webapp.rules) * 3:46749 <-> ENABLED <-> SERVER-OTHER Cisco Meeting Server configuration download attempt (server-other.rules) * 3:46750 <-> ENABLED <-> SERVER-OTHER Cisco Meeting Server user configuration download attempt (server-other.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46845 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0600 attack attempt (file-office.rules) * 3:46846 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0600 attack attempt (file-office.rules) * 3:46858 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2018-0614 attack attempt (os-other.rules) * 3:46859 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2018-0614 attack attempt (os-other.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46867 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46868 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46869 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46870 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0602 attack attempt (server-other.rules) * 3:46877 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0605 attack attempt (server-webapp.rules) * 3:46882 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0603 attack attempt (file-office.rules) * 3:46883 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0603 attack attempt (file-office.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules) * 3:46992 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API privilege escalation attempt (server-webapp.rules) * 3:46993 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol denial of service attempt (server-other.rules) * 3:46994 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol denial of service attempt (server-other.rules) * 3:46995 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt (server-other.rules) * 3:46996 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt (server-other.rules) * 3:47003 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:47004 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:47008 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API ins_api command injection attempt (server-webapp.rules) * 3:47009 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API cli_ascii command injection attempt (server-webapp.rules) * 3:47010 <-> ENABLED <-> SERVER-WEBAPP Cisco FX-OS mod_nuova stack buffer overflow attempt (server-webapp.rules) * 3:47011 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt (server-other.rules) * 3:47012 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt (server-other.rules) * 3:47013 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt (server-other.rules) * 3:47014 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt (server-other.rules) * 3:47028 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0621 attack attempt (browser-other.rules) * 3:47029 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0621 attack attempt (browser-other.rules) * 3:47035 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0622 attack attempt (policy-other.rules) * 3:47036 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0622 attack attempt (policy-other.rules) * 3:47037 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0619 attack attempt (server-webapp.rules) * 3:47039 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0618 attack attempt (server-webapp.rules) * 3:47040 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0618 attack attempt (server-webapp.rules) * 3:47062 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0620 attack attempt (server-webapp.rules) * 3:47074 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0623 attack attempt (file-pdf.rules) * 3:47075 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0623 attack attempt (file-pdf.rules) * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules) * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers ozkerz command injection attempt (server-webapp.rules) * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers ozkerz command injection attempt (server-webapp.rules) * 3:47166 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director launcher.jsp cross site scripting attempt (server-webapp.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47295 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0635 attack attempt (file-executable.rules) * 3:47296 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0635 attack attempt (file-executable.rules) * 3:47336 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0638 attack attempt (file-image.rules) * 3:47337 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0638 attack attempt (file-image.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47394 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47395 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47403 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47404 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47405 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47406 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47407 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47408 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47409 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47410 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47411 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47412 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules) * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules) * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules) * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules) * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules) * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules) * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules) * 3:47521 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0652 attack attempt (file-office.rules) * 3:47522 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0652 attack attempt (file-office.rules) * 3:47523 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0651 attack attempt (file-office.rules) * 3:47524 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0651 attack attempt (file-office.rules) * 3:47527 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0650 attack attempt (file-office.rules) * 3:47528 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0650 attack attempt (file-office.rules) * 3:47571 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47572 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47573 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47595 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47596 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47597 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47598 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47632 <-> ENABLED <-> SERVER-WEBAPP Cogent DataHub arbitrary command execution attempt (server-webapp.rules) * 3:47633 <-> ENABLED <-> POLICY-OTHER Accelerite Endpoint Management default credentials login attempt (policy-other.rules) * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules) * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules) * 3:47677 <-> ENABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer hidden webmin credentials login attempt (server-webapp.rules) * 3:47679 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47680 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47681 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47684 <-> ENABLED <-> SERVER-OTHER Mikrotik RouterOS directory traversal attempt (server-other.rules) * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:47704 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47705 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47706 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47707 <-> ENABLED <-> SERVER-OTHER Cisco RV Series Router information disclosure attempt (server-other.rules) * 3:47709 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers arbitrary file read attempt (server-webapp.rules) * 3:47710 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Router buffer overflow attempt (server-webapp.rules) * 3:47711 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Router buffer overflow attempt (server-webapp.rules) * 3:47713 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47714 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47715 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47716 <-> ENABLED <-> SERVER-WEBAPP HP Client Automation Server directory traversal attempt (server-webapp.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47727 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0662 attack attempt (file-pdf.rules) * 3:47728 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0662 attack attempt (file-pdf.rules) * 3:47729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0659 attack attempt (server-other.rules) * 3:47750 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0657 attack attempt (file-other.rules) * 3:47751 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0657 attack attempt (file-other.rules) * 3:47753 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0669 attack attempt (file-office.rules) * 3:47754 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0669 attack attempt (file-office.rules) * 3:47755 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0667 attack attempt (file-office.rules) * 3:47756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0667 attack attempt (file-office.rules) * 3:47757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0668 attack attempt (file-office.rules) * 3:47763 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0668 attack attempt (file-office.rules) * 3:47801 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0673 attack attempt (file-other.rules) * 3:47802 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0673 attack attempt (file-other.rules) * 3:47803 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0675 attack attempt (file-other.rules) * 3:47804 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0675 attack attempt (file-other.rules) * 3:47809 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0672 attack attempt (protocol-dns.rules) * 3:47811 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0671 attack attempt (protocol-dns.rules) * 3:47840 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47841 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47842 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0681 attack attempt (protocol-dns.rules) * 3:47878 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player stack buffer overflow attempt (file-other.rules) * 3:47879 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player stack buffer overflow attempt (file-other.rules) * 3:47880 <-> ENABLED <-> POLICY-OTHER Cisco Video Surveillance Operations Manager default password use attempt (policy-other.rules) * 3:47893 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI denial of service attempt (server-webapp.rules) * 3:47894 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI denial of service attempt (server-webapp.rules) * 3:47916 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE denial of service attempt (server-webapp.rules) * 3:47917 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0682 attack attempt (file-other.rules) * 3:47918 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0682 attack attempt (file-other.rules) * 3:47919 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS XE NAT SIP application layer gateway denial of service attempt (protocol-voip.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48066 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0685 attack attempt (server-webapp.rules) * 3:48067 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0684 attack attempt (server-webapp.rules) * 3:48068 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0684 attack attempt (server-webapp.rules) * 3:48069 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0689 attack attempt (server-webapp.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules) * 3:48201 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules) * 3:48209 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0693 attack attempt (file-other.rules) * 3:48210 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0693 attack attempt (file-other.rules) * 3:48213 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2018-0694 attack attempt (file-multimedia.rules) * 3:48214 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2018-0694 attack attempt (file-multimedia.rules) * 3:48239 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS precision time protocol denial of service attempt (server-other.rules) * 3:48240 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS precision time protocol denial of service attempt (server-other.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt (server-webapp.rules) * 3:48262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt (server-webapp.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules) * 3:48385 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0713 attack attempt (file-office.rules) * 3:48386 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0713 attack attempt (file-office.rules) * 3:48389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0711 attack attempt (file-office.rules) * 3:48390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0711 attack attempt (file-office.rules) * 3:48391 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0712 attack attempt (file-office.rules) * 3:48392 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0712 attack attempt (file-office.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48433 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0724 attack attempt (file-other.rules) * 3:48434 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0724 attack attempt (file-other.rules) * 3:48450 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0729 attack attempt (file-executable.rules) * 3:48451 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0729 attack attempt (file-executable.rules) * 3:48452 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0728 attack attempt (file-executable.rules) * 3:48453 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0728 attack attempt (file-executable.rules) * 3:48454 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime License Manager SQL injection attempt (server-webapp.rules) * 3:48455 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime License Manager SQL injection attempt (server-webapp.rules) * 3:48456 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0730 attack attempt (server-webapp.rules) * 3:48457 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0730 attack attempt (server-webapp.rules) * 3:48458 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0733 attack attempt (server-other.rules) * 3:48459 <-> ENABLED <-> BROWSER-IE TRUFFLEHUNTER TALOS-2018-0734 attack attempt (browser-ie.rules) * 3:48460 <-> ENABLED <-> BROWSER-IE TRUFFLEHUNTER TALOS-2018-0734 attack attempt (browser-ie.rules) * 3:48521 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0739 attack attempt (protocol-scada.rules) * 3:48522 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0738 attack attempt (protocol-scada.rules) * 3:48523 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0738 attack attempt (protocol-scada.rules) * 3:48524 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0735 attack attempt (protocol-scada.rules) * 3:48525 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0741 attack attempt (protocol-scada.rules) * 3:48526 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0740 attack attempt (protocol-scada.rules) * 3:48527 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0737 attack attempt (protocol-scada.rules) * 3:48528 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0736 attack attempt (protocol-scada.rules) * 3:48529 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0744 attack attempt (browser-other.rules) * 3:48530 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0744 attack attempt (browser-other.rules) * 3:48600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0755 attack attempt (server-webapp.rules) * 3:48603 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0756 attack attempt (server-webapp.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules) * 3:48638 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers photobak command injection attempt (server-webapp.rules) * 3:48639 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers photobak command injection attempt (server-webapp.rules) * 3:48644 <-> ENABLED <-> POLICY-OTHER Cisco Adaptive Security Appliance admin REST API access attempt (policy-other.rules) * 3:48747 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0751 attack attempt (server-webapp.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules) * 3:48975 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0767 attack attempt (protocol-scada.rules) * 3:48976 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0769 attack attempt (protocol-scada.rules) * 3:48977 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0770 attack attempt (protocol-scada.rules) * 3:48978 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0768 attack attempt (protocol-scada.rules) * 3:48979 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0764 attack attempt (protocol-scada.rules) * 3:48980 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0766 attack attempt (protocol-scada.rules) * 3:48981 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0765 attack attempt (protocol-scada.rules) * 3:49045 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0762 attack attempt (file-other.rules) * 3:49046 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0762 attack attempt (file-other.rules) * 3:49047 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0763 attack attempt (protocol-scada.rules) * 3:49087 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0775 attack attempt (policy-other.rules) * 3:49088 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0773 attack attempt (file-other.rules) * 3:49089 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0773 attack attempt (file-other.rules) * 3:49189 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0778 attack attempt (file-pdf.rules) * 3:49190 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0778 attack attempt (file-pdf.rules) * 3:49198 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0783 attack attempt (server-webapp.rules) * 3:49205 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0779 attack attempt (file-other.rules) * 3:49206 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0779 attack attempt (file-other.rules) * 3:49209 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0780 attack attempt (file-office.rules) * 3:49210 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0780 attack attempt (file-office.rules) * 3:49237 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0781 attack attempt (file-other.rules) * 3:49238 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0781 attack attempt (file-other.rules) * 3:49239 <-> ENABLED <-> SERVER-WEBAPP Exhibitor for ZooKeeper javaEnvironment command injection attempt (server-webapp.rules) * 3:49240 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Assurance unauthorized access attempt (server-webapp.rules) * 3:49241 <-> ENABLED <-> PROTOCOL-TFTP Read Request directory traversal attempt (protocol-tftp.rules) * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules) * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:49334 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:49335 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:49336 <-> ENABLED <-> SERVER-OTHER Cisco FXOS and NX-OS LDAP denial of service attempt (server-other.rules) * 3:49339 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49340 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49341 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49342 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49343 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49344 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49345 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49346 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49347 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49348 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49349 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meeting Server cross site scripting attempt (server-webapp.rules) * 3:49350 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS System Software NX-API command injection attempt (server-webapp.rules) * 3:49362 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0787 attack attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:49370 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0788 attack attempt (policy-other.rules) * 3:49373 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0789 attack attempt (policy-other.rules) * 3:49442 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2019-0791 attack attempt (browser-chrome.rules) * 3:49443 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2019-0791 attack attempt (browser-chrome.rules) * 3:49509 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authorization bypass attempt (server-webapp.rules) * 3:49510 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface directory traversal attempt (server-webapp.rules) * 3:49511 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface stack buffer overflow attempt (server-webapp.rules) * 3:49588 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49589 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49590 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49591 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui directory traversal attempt (server-webapp.rules) * 3:49606 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP calling display name denial of service attempt (protocol-voip.rules) * 3:49607 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP calling display name denial of service attempt (protocol-voip.rules) * 3:49608 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui execPython access attempt (server-webapp.rules) * 3:49609 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui cdp resource command injection attempt (server-webapp.rules) * 3:49610 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui dhcp resource command injection attempt (server-webapp.rules) * 3:49611 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui information disclosure attempt (server-webapp.rules) * 3:49612 <-> ENABLED <-> POLICY-OTHER Cisco Virtual Switching System standby interested message detected (policy-other.rules) * 3:49613 <-> ENABLED <-> POLICY-OTHER Cisco Virtual Switching System master request message detected (policy-other.rules) * 3:49614 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49615 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49616 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49684 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0796 attack attempt (file-pdf.rules) * 3:49685 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0796 attack attempt (file-pdf.rules) * 3:49756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0794 attack attempt (file-office.rules) * 3:49757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0794 attack attempt (file-office.rules) * 3:49760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0795 attack attempt (file-office.rules) * 3:49761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0795 attack attempt (file-office.rules) * 3:49780 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0806 attack attempt (protocol-scada.rules) * 3:49787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0807 attack attempt (protocol-scada.rules) * 3:49797 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0798 attack attempt (protocol-other.rules) * 3:49798 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0798 attack attempt (protocol-other.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49852 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0805 attack attempt (file-office.rules) * 3:49853 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0805 attack attempt (file-office.rules) * 3:49854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0803 attack attempt (protocol-other.rules) * 3:49855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0803 attack attempt (protocol-other.rules) * 3:49856 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0801 attack attempt (file-other.rules) * 3:49857 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0801 attack attempt (file-other.rules) * 3:49858 <-> ENABLED <-> PROTOCOL-VOIP Cisco VCS exponential XML entity expansion attack attempt (protocol-voip.rules) * 3:49859 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller cross site request forgery attempt (server-webapp.rules) * 3:49866 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:49867 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:49879 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller IAPP message denial of service attempt (server-other.rules) * 3:49894 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0812 attack attempt (file-other.rules) * 3:49895 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0812 attack attempt (file-other.rules) * 3:49896 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0813 attack attempt (file-other.rules) * 3:49897 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0813 attack attempt (file-other.rules) * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules) * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules) * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules) * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules) * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules) * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules) * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules) * 3:49948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0817 attack attempt (file-pdf.rules) * 3:49949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0817 attack attempt (file-pdf.rules) * 3:49978 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0818 attack attempt (file-other.rules) * 3:49979 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0818 attack attempt (file-other.rules) * 3:49982 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0822 attack attempt (policy-other.rules) * 3:49983 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0827 attack attempt (policy-other.rules) * 3:49984 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 3:49985 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 3:49986 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:49987 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (server-webapp.rules) * 3:49990 <-> ENABLED <-> PROTOCOL-VOIP Cisco IP Phone malformed SIP presence information data denial of service attempt (protocol-voip.rules) * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49996 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA secure desktop login denial of service attempt (server-webapp.rules) * 3:49997 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers session hijack attempt (server-webapp.rules) * 3:49998 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance admin command interface access attempt (server-webapp.rules) * 3:49999 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance admin command interface access attempt (server-webapp.rules) * 3:50006 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy service buffer overflow attempt (server-webapp.rules) * 3:50007 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN expired session page direct access denial of service attempt (server-webapp.rules) * 3:50035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0821 attack attempt (file-image.rules) * 3:50036 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0821 attack attempt (file-image.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52102 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52103 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52104 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52105 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52106 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52107 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52108 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52109 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52110 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52111 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52119 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52120 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52121 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52122 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52126 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:52127 <-> ENABLED <-> POLICY-OTHER Cisco Web Security Appliance system setup wizard access detected (policy-other.rules) * 3:52128 <-> ENABLED <-> POLICY-OTHER Cisco Web Security Appliance system setup wizard access detected (policy-other.rules) * 3:52129 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:52131 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0948 attack attempt (server-other.rules) * 3:52237 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0953 attack attempt (server-webapp.rules) * 3:52238 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0954 attack attempt (policy-other.rules) * 3:52241 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0955 attack attempt (server-webapp.rules) * 3:52247 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules) * 3:52269 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0957 attack attempt (file-other.rules) * 3:52270 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0957 attack attempt (file-other.rules) * 3:52274 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0951 attack attempt (policy-other.rules) * 3:52275 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0951 attack attempt (policy-other.rules) * 3:52331 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0959 attack attempt (file-pdf.rules) * 3:52332 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0959 attack attempt (file-pdf.rules) * 3:52345 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0960 attack attempt (server-webapp.rules) * 3:52346 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2019-0960 attack attempt (protocol-snmp.rules) * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules) * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules) * 3:52407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0961 attack attempt (policy-other.rules) * 3:52408 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0962 attack attempt (file-other.rules) * 3:52409 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0962 attack attempt (file-other.rules) * 3:52412 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0963 attack attempt (file-other.rules) * 3:52413 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0966 attack attempt (file-other.rules) * 3:52414 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0965 attack attempt (file-other.rules) * 3:52415 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0967 attack attempt (browser-webkit.rules) * 3:52416 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0967 attack attempt (browser-webkit.rules) * 3:52417 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0968 attack attempt (file-office.rules) * 3:52418 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0968 attack attempt (file-office.rules) * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules) * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules) * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules) * 3:52490 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52491 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52492 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52493 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52495 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0971 attack attempt (file-other.rules) * 3:52496 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0971 attack attempt (file-other.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52555 <-> ENABLED <-> SERVER-WEBAPP Cisco Webex Video Mesh Node command injection attempt (server-webapp.rules) * 3:52559 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS Web UI cross site request forgery attempt (server-webapp.rules) * 3:52560 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS Web UI cross site request forgery attempt (server-webapp.rules) * 3:52570 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0973 attack attempt (file-other.rules) * 3:52571 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0973 attack attempt (file-other.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0981 attack attempt (file-other.rules) * 3:52667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0981 attack attempt (file-other.rules) * 3:52668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0982 attack attempt (file-other.rules) * 3:52669 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0982 attack attempt (file-other.rules) * 3:52818 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0979 attack attempt (file-other.rules) * 3:52819 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0979 attack attempt (file-other.rules) * 3:52836 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0976 attack attempt (protocol-snmp.rules) * 3:52837 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0976 attack attempt (protocol-snmp.rules) * 3:52838 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52839 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52840 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52841 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52842 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0978 attack attempt (file-other.rules) * 3:52843 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0978 attack attempt (file-other.rules) * 3:52850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0980 attack attempt (file-other.rules) * 3:52851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0980 attack attempt (file-other.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53002 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0993 attack attempt (file-image.rules) * 3:53003 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0993 attack attempt (file-image.rules) * 3:53004 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0988 attack attempt (file-other.rules) * 3:53005 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0988 attack attempt (file-other.rules) * 3:53006 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0998 attack attempt (file-image.rules) * 3:53007 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0998 attack attempt (file-image.rules) * 3:53008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0989 attack attempt (file-other.rules) * 3:53009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0989 attack attempt (file-other.rules) * 3:53010 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1003 attack attempt (policy-other.rules) * 3:53011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0987 attack attempt (file-image.rules) * 3:53016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0987 attack attempt (file-image.rules) * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules) * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules) * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules) * 3:53045 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0985 attack attempt (server-webapp.rules) * 3:53046 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2020-1001 attack attempt (protocol-dns.rules) * 3:53049 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1006 attack attempt (protocol-scada.rules) * 3:53065 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1004 attack attempt (file-image.rules) * 3:53066 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1004 attack attempt (file-image.rules) * 3:53067 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0999 attack attempt (file-image.rules) * 3:53068 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0999 attack attempt (file-image.rules) * 3:53069 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1011 attack attempt (policy-other.rules) * 3:53070 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1011 attack attempt (policy-other.rules) * 3:53071 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-0996 attack attempt (server-other.rules) * 3:53081 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1010 attack attempt (policy-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules) * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules) * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules) * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules) * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules) * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules) * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules) * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules) * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules) * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules) * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules) * 3:53384 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53385 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53386 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53387 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53388 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53389 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53390 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53391 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53392 <-> ENABLED <-> POLICY-OTHER Cisco Prime Network Registrar AddObject request detected (policy-other.rules) * 3:53393 <-> ENABLED <-> POLICY-OTHER Cisco Prime Network Registrar EditAdmin request detected (policy-other.rules) * 3:53418 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1018 attack attempt (server-other.rules) * 3:53441 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1020 attack attempt (protocol-scada.rules) * 3:53442 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1021 attack attempt (protocol-scada.rules) * 3:53443 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1022 attack attempt (protocol-scada.rules) * 3:53444 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1023 attack attempt (protocol-scada.rules) * 3:53445 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1024 attack attempt (protocol-scada.rules) * 3:53470 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise heap buffer overflow attempt (server-other.rules) * 3:53471 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise integer underflow attempt (server-other.rules) * 3:53472 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise out of bounds read attempt (server-other.rules) * 3:53480 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage SQL injection attempt (server-webapp.rules) * 3:53481 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage SQL injection attempt (server-webapp.rules) * 3:53482 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cross site scripting attempt (server-webapp.rules) * 3:53483 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cross site scripting attempt (server-webapp.rules) * 3:53484 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1025 attack attempt (protocol-scada.rules) * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules) * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules) * 3:53487 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1027 attack attempt (file-office.rules) * 3:53488 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1027 attack attempt (file-office.rules) * 3:53497 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53498 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload directory traversal attempt (server-webapp.rules) * 3:53499 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload remote code execution attempt (server-webapp.rules) * 3:53500 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload remote code execution attempt (server-webapp.rules) * 3:53501 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53502 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53503 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53504 <-> ENABLED <-> FILE-OTHER TAR file directory traversal attempt (file-other.rules) * 3:53517 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1037 attack attempt (file-other.rules) * 3:53518 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1037 attack attempt (file-other.rules) * 3:53519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1038 attack attempt (file-other.rules) * 3:53520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1038 attack attempt (file-other.rules) * 3:53521 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1039 attack attempt (file-other.rules) * 3:53522 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1039 attack attempt (file-other.rules) * 3:53523 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1034 attack attempt (file-other.rules) * 3:53524 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1034 attack attempt (file-other.rules) * 3:53531 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (os-windows.rules) * 3:53532 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (os-windows.rules) * 3:53535 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1035 attack attempt (file-other.rules) * 3:53536 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1035 attack attempt (file-other.rules) * 3:53537 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1036 attack attempt (file-other.rules) * 3:53538 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1036 attack attempt (file-other.rules) * 3:53545 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1040 attack attempt (file-other.rules) * 3:53546 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1040 attack attempt (file-other.rules) * 3:53549 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1043 attack attempt (file-other.rules) * 3:53550 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1043 attack attempt (file-other.rules) * 3:53553 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1042 attack attempt (file-other.rules) * 3:53554 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1042 attack attempt (file-other.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53599 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1044 attack attempt (file-pdf.rules) * 3:53600 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1044 attack attempt (file-pdf.rules) * 3:53650 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1045 attack attempt (file-office.rules) * 3:53651 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1045 attack attempt (file-office.rules) * 3:53660 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53661 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53666 <-> ENABLED <-> SERVER-OTHER Cisco Wireless Lan Controller CAPWAP out of bounds access attempt (server-other.rules) * 3:53667 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager TAPS RMI method lookup detected (policy-other.rules) * 3:53668 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager TAPS RMI directory traversal attempt (server-other.rules) * 3:53669 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone libHTTPService.so stack buffer overflow attempt (server-webapp.rules) * 3:53670 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone libHTTPService.so stack buffer overflow attempt (server-webapp.rules) * 3:53671 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules) * 3:53672 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53673 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53674 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53675 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director LargeFileUploadServlet directory traversal attempt (server-webapp.rules) * 3:53676 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director LargeFileUploadServlet directory traversal attempt (server-webapp.rules) * 3:53677 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53678 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53679 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53680 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director filename directory traversal attempt (server-webapp.rules) * 3:53681 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director arbitrary JSP file upload attempt (server-webapp.rules) * 3:53682 <-> ENABLED <-> SERVER-WEBAPP Cisco Mobility Express cross site request forgery attempt (server-webapp.rules) * 3:53683 <-> ENABLED <-> SERVER-WEBAPP Cisco Mobility Express cross site request forgery attempt (server-webapp.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53686 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1055 attack attempt (browser-other.rules) * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules) * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules) * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules) * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53839 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1059 attack attempt (policy-other.rules) * 3:53840 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1060 attack attempt (policy-other.rules) * 3:53847 <-> ENABLED <-> PROTOCOL-OTHER Cisco ASA and FTD malformed OSPF denial of service attempt (protocol-other.rules) * 3:53850 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD memory disclosure attempt (server-webapp.rules) * 3:53851 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD directory traversal attempt (server-webapp.rules) * 3:53864 <-> ENABLED <-> POLICY-OTHER Cisco Firepower User Agent Service default MySQL credentials detected (policy-other.rules) * 3:53867 <-> ENABLED <-> PROTOCOL-DNS Cisco ASA and FTD IPv6 DNS request stack buffer overflow attempt (protocol-dns.rules) * 3:53868 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53869 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53870 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53871 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules) * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules) * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules) * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules) * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules) * 3:53990 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1062 attack attempt (file-pdf.rules) * 3:53991 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1062 attack attempt (file-pdf.rules) * 3:53992 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1068 attack attempt (file-pdf.rules) * 3:53993 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1068 attack attempt (file-pdf.rules) * 3:54009 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1071 attack attempt (policy-other.rules) * 3:54010 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1070 attack attempt (file-pdf.rules) * 3:54011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1070 attack attempt (file-pdf.rules) * 3:54024 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54025 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54026 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54027 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules) * 3:54034 <-> ENABLED <-> SERVER-OTHER Cisco Prime Network Registrar denial of service attempt (server-other.rules) * 3:54047 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1084 attack attempt (file-pdf.rules) * 3:54048 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1084 attack attempt (file-pdf.rules) * 3:54049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1087 attack attempt (server-webapp.rules) * 3:54050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1087 attack attempt (server-webapp.rules) * 3:54051 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1085 attack attempt (browser-chrome.rules) * 3:54052 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1085 attack attempt (browser-chrome.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54155 <-> ENABLED <-> SERVER-OTHER Cisco IOx Application Environment external VDS control message attempt (server-other.rules) * 3:54158 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE NetFlow packet parsing denial of service attempt (protocol-other.rules) * 3:54159 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKE2 invalid port denial of service attempt (server-other.rules) * 3:54160 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKE2 invalid port denial of service attempt (server-other.rules) * 3:54161 <-> ENABLED <-> POLICY-OTHER Cisco IOx token service access detected (policy-other.rules) * 3:54163 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed SIP Via header denial of service attempt (protocol-voip.rules) * 3:54164 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed SIP Via header denial of service attempt (protocol-voip.rules) * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules) * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules) * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules) * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules) * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules) * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules) * 3:51737 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0915 attack attempt (file-pdf.rules) * 3:51738 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0915 attack attempt (file-pdf.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules) * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules) * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules) * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules) * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54390 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1096 attack attempt (file-image.rules) * 3:54391 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1096 attack attempt (file-image.rules) * 3:54392 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (os-windows.rules) * 3:54393 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (os-windows.rules) * 3:54411 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54412 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54413 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54414 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54415 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1101 attack attempt (file-other.rules) * 3:54416 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1101 attack attempt (file-other.rules) * 3:54430 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54431 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54432 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54433 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54440 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54441 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54442 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54443 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54444 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54445 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54446 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54447 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54448 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54449 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54450 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54451 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54452 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1112 attack attempt (file-other.rules) * 3:54453 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1112 attack attempt (file-other.rules) * 3:54454 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1113 attack attempt (file-other.rules) * 3:54455 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1113 attack attempt (file-other.rules) * 3:54456 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1114 attack attempt (file-other.rules) * 3:54457 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1114 attack attempt (file-other.rules) * 3:54458 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1115 attack attempt (file-other.rules) * 3:54459 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1115 attack attempt (file-other.rules) * 3:54460 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1116 attack attempt (file-other.rules) * 3:54461 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1116 attack attempt (file-other.rules) * 3:54465 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1102 attack attempt (file-other.rules) * 3:54466 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1102 attack attempt (file-other.rules) * 3:54467 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54468 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54469 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54470 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54471 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54472 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1097 attack attempt (server-webapp.rules) * 3:54478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1106 attack attempt (server-webapp.rules) * 3:54479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1107 attack attempt (server-webapp.rules) * 3:54480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1108 attack attempt (server-webapp.rules) * 3:54481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1109 attack attempt (server-webapp.rules) * 3:54488 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54489 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54490 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54491 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54492 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1103 attack attempt (file-other.rules) * 3:54493 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1103 attack attempt (file-other.rules) * 3:54494 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1100 attack attempt (server-other.rules) * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules) * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules) * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules) * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules) * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules) * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules) * 3:54538 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54539 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54540 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54541 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54542 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers heap buffer overflow attempt (server-webapp.rules) * 3:54543 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers heap buffer overflow attempt (server-webapp.rules) * 3:54544 <-> ENABLED <-> POLICY-OTHER Cisco RV110W Router default credential login detected (policy-other.rules) * 3:54545 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage arbitrary Java object deserialization attempt (server-webapp.rules) * 3:54546 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cypher query language injection attempt (server-webapp.rules) * 3:54547 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cypher query language injection attempt (server-webapp.rules) * 3:54548 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54549 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54550 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54551 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54552 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers null pointer dereference attempt (server-webapp.rules) * 3:54553 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage file upload detected (policy-other.rules) * 3:54557 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:54560 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54561 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54562 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54563 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54564 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers configuration download detected (policy-other.rules) * 3:54568 <-> ENABLED <-> POLICY-OTHER Cisco Prime License Manager password reset detected (policy-other.rules) * 3:54579 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1122 attack attempt (file-other.rules) * 3:54580 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1122 attack attempt (file-other.rules) * 3:54581 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1121 attack attempt (file-other.rules) * 3:54582 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1121 attack attempt (file-other.rules) * 3:54584 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1123 attack attempt (browser-chrome.rules) * 3:54585 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1123 attack attempt (browser-chrome.rules) * 3:54586 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1124 attack attempt (browser-webkit.rules) * 3:54587 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1124 attack attempt (browser-webkit.rules) * 3:54588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1125 attack attempt (file-other.rules) * 3:54589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1125 attack attempt (file-other.rules) * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54638 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1127 attack attempt (browser-chrome.rules) * 3:54639 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1127 attack attempt (browser-chrome.rules) * 3:54645 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1128 attack attempt (os-other.rules) * 3:54646 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1128 attack attempt (os-other.rules) * 3:54647 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1129 attack attempt (os-other.rules) * 3:54648 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1129 attack attempt (os-other.rules) * 3:54655 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:54656 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager device manager access detected (policy-other.rules) * 3:54667 <-> ENABLED <-> FILE-OTHER TAR file directory traversal attempt (file-other.rules) * 3:54668 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:54680 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1131 attack attempt (os-other.rules) * 3:54681 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1131 attack attempt (os-other.rules) * 3:54682 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1130 attack attempt (os-other.rules) * 3:54683 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1130 attack attempt (os-other.rules) * 3:54694 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client dll-load exploit attempt (file-other.rules) * 3:54695 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client dll-load exploit attempt (file-other.rules) * 3:54696 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54697 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54698 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54699 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54700 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54701 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1133 attack attempt (os-other.rules) * 3:54702 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1133 attack attempt (os-other.rules) * 3:54729 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1138 attack attempt (os-other.rules) * 3:54730 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1138 attack attempt (os-other.rules) * 3:54731 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1134 attack attempt (os-other.rules) * 3:54732 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1134 attack attempt (os-other.rules) * 3:54762 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54763 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54764 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54798 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54799 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54829 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1139 attack attempt (os-other.rules) * 3:54830 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1139 attack attempt (os-other.rules) * 3:54831 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1142 attack attempt (policy-other.rules) * 3:54832 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1143 attack attempt (server-other.rules) * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules) * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules) * 3:54894 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:54895 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:54896 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS malformed BGP UPDATE denial of service attempt (server-other.rules) * 3:54899 <-> ENABLED <-> PROTOCOL-OTHER Cisco NX-OS protocol independent multicast denial of service attempt (protocol-other.rules) * 3:54902 <-> ENABLED <-> PROTOCOL-OTHER IGMP DVMRP scan attempt (protocol-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:55016 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55017 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55018 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55035 <-> ENABLED <-> SERVER-OTHER Cisco Jabber client remote code execution attempt (server-other.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55641 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55642 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55643 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55644 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55645 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55646 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55748 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1153 attack attempt (file-office.rules) * 3:55749 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1153 attack attempt (file-office.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55842 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1156 attack attempt (file-pdf.rules) * 3:55843 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1156 attack attempt (file-pdf.rules) * 3:55844 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1155 attack attempt (file-other.rules) * 3:55845 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1155 attack attempt (file-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules) * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules) * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules) * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules) * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules) * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules) * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules) * 3:56126 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1172 attack attempt (browser-webkit.rules) * 3:56127 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1172 attack attempt (browser-webkit.rules) * 3:56128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1174 attack attempt (protocol-scada.rules) * 3:56129 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1174 attack attempt (protocol-scada.rules) * 3:56137 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1173 attack attempt (policy-other.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules) * 3:56208 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1184 attack attempt (protocol-scada.rules) * 3:56209 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1192 attack attempt (file-office.rules) * 3:56210 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1192 attack attempt (file-office.rules) * 3:56211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1185 attack attempt (server-webapp.rules) * 3:56212 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1191 attack attempt (file-office.rules) * 3:56213 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1191 attack attempt (file-office.rules) * 3:56216 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player out of bounds write attempt (file-other.rules) * 3:56217 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player out of bounds write attempt (file-other.rules) * 3:56218 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player buffer overflow attempt (file-other.rules) * 3:56219 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player buffer overflow attempt (file-other.rules) * 3:56220 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56221 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client arbitrary code execution attempt (file-other.rules) * 3:56222 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client arbitrary code execution attempt (file-other.rules) * 3:56225 <-> ENABLED <-> SERVER-OTHER Cisco Webex Meetings virtual channel remote code execution attempt (server-other.rules) * 3:56226 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56227 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56228 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56229 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56275 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1185 attack attempt (server-other.rules) * 3:56297 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1189 attack attempt (server-webapp.rules) * 3:56298 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1189 attack attempt (server-other.rules) * 3:56306 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary file download attempt (server-webapp.rules) * 3:56307 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1188 attack attempt (server-webapp.rules) * 3:56308 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1188 attack attempt (server-other.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules) * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules) * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules) * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules) * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules) * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules) * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules) * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules) * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules) * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules) * 3:56526 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1210 attack attempt (file-office.rules) * 3:56527 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1210 attack attempt (file-office.rules) * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules) * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules) * 3:56548 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1209 attack attempt (os-other.rules) * 3:56549 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1209 attack attempt (os-other.rules) * 3:56572 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56573 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56575 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56576 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56588 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56589 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56590 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56591 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules) * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules) * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules) * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules) * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules) * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules) * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules) * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules) * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules) * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules) * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules) * 3:56832 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1221 attack attempt (server-webapp.rules) * 3:56838 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:56839 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56840 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56841 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56842 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56843 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56844 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56847 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1222 attack attempt (file-other.rules) * 3:56848 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1222 attack attempt (file-other.rules) * 3:56861 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56866 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56867 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56868 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56869 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56870 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56871 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56872 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56873 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56874 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56875 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56876 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56881 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56882 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56883 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56884 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56885 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56893 <-> ENABLED <-> FILE-OTHER OpenSSL configuration arbitrary DLL load attempt (file-other.rules) * 3:56894 <-> ENABLED <-> FILE-OTHER OpenSSL configuration arbitrary DLL load attempt (file-other.rules) * 3:56938 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56939 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56940 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56941 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56942 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56943 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56944 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56945 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56946 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN WebUI command injection attempt (server-webapp.rules) * 3:56947 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:56950 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center command injection attempt (server-webapp.rules) * 3:56953 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56954 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:56955 <-> ENABLED <-> POLICY-OTHER Cisco Smart Software Manager Satellite Web UI user creation detected (policy-other.rules) * 3:56956 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager session validation request detected (policy-other.rules) * 3:56957 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage terminal request detected (policy-other.rules) * 3:56958 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage terminal request detected (policy-other.rules) * 3:56959 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56960 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56961 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56962 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage configuration request detected (policy-other.rules) * 3:56963 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage request detected (policy-other.rules) * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules) * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules) * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules) * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules) * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules) * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules) * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules) * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules) * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules) * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules) * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules) * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules) * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules) * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules) * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules) * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules) * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57162 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57163 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57164 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57165 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57166 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1249 attack attempt (os-other.rules) * 3:57167 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1249 attack attempt (os-other.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57222 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS arbitrary file write attempt (server-other.rules) * 3:57223 <-> ENABLED <-> POLICY-OTHER Cisco Application Services Engine API access detected (policy-other.rules) * 3:57227 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1225 attack attempt (file-other.rules) * 3:57228 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1225 attack attempt (file-other.rules) * 3:57230 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1223 attack attempt (file-other.rules) * 3:57231 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1223 attack attempt (file-other.rules) * 3:57232 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1258 attack attempt (netbios.rules) * 3:57249 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1257 attack attempt (file-image.rules) * 3:57250 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1257 attack attempt (file-image.rules) * 3:57265 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1263 attack attempt (netbios.rules) * 3:57266 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt (os-other.rules) * 3:57267 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt (os-other.rules) * 3:57270 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57271 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57272 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57273 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57282 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1260 attack attempt (netbios.rules) * 3:57290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1270 attack attempt (server-webapp.rules) * 3:57291 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1270 attack attempt (server-webapp.rules) * 3:57292 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1271 attack attempt (server-webapp.rules) * 3:57293 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1271 attack attempt (server-webapp.rules) * 3:57294 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1265 attack attempt (file-pdf.rules) * 3:57295 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1265 attack attempt (file-pdf.rules) * 3:57296 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1267 attack attempt (file-pdf.rules) * 3:57297 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1267 attack attempt (file-pdf.rules) * 3:57300 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:57301 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1264 attack attempt (file-image.rules) * 3:57302 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1264 attack attempt (file-image.rules) * 3:57303 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1266 attack attempt (file-pdf.rules) * 3:57304 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1266 attack attempt (file-pdf.rules) * 3:57305 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (server-webapp.rules) * 3:57306 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (server-webapp.rules) * 3:57307 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57308 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57309 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57310 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1268 attack attempt (netbios.rules) * 3:57338 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1273 attack attempt (server-webapp.rules) * 3:57339 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1273 attack attempt (server-webapp.rules) * 3:57340 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1269 attack attempt (netbios.rules) * 3:57343 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS and IOS-XE Application Environment directory traversal attempt (server-webapp.rules) * 3:57344 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS-XE Software Plug-and-Play command execution attempt (server-webapp.rules) * 3:57345 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Software cross site request forgery attempt (server-webapp.rules) * 3:57346 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Software cross site request forgery attempt (server-webapp.rules) * 3:57349 <-> ENABLED <-> SERVER-OTHER Cisco Virtual Switching System stack buffer overflow attempt (server-other.rules) * 3:57350 <-> ENABLED <-> SERVER-OTHER invalid multicast DNS name length response attempt (server-other.rules) * 3:57351 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP mention message denial of service attempt (browser-other.rules) * 3:57352 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57353 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57354 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57355 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57356 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57357 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57358 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57359 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP information disclosure attempt (browser-other.rules) * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:7019 <-> ENABLED <-> PUA-P2P WinNY connection attempt (pua-p2p.rules) * 3:7196 <-> ENABLED <-> OS-OTHER Multiple Operating Systems invalid DHCP option attempt (os-other.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:8351 <-> ENABLED <-> OS-WINDOWS PGM nak list overflow attempt (os-windows.rules)
* 1:1191 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:1192 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan access (server-webapp.rules) * 1:1193 <-> DISABLED <-> SERVER-WEBAPP oracle web arbitrary command execution attempt (server-webapp.rules) * 1:1194 <-> DISABLED <-> SERVER-WEBAPP sojourn.cgi File attempt (server-webapp.rules) * 1:11940 <-> DISABLED <-> BROWSER-PLUGINS Westbyte Internet Download Accelerator ActiveX function call access (browser-plugins.rules) * 1:11942 <-> DISABLED <-> BROWSER-PLUGINS Westbyte internet download accelerator ActiveX clsid access (browser-plugins.rules) * 1:11943 <-> DISABLED <-> BROWSER-PLUGINS HP ModemUtil ActiveX clsid access (browser-plugins.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:1195 <-> DISABLED <-> SERVER-WEBAPP sojourn.cgi access (server-webapp.rules) * 1:11950 <-> DISABLED <-> MALWARE-CNC killav_gj (malware-cnc.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:1196 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname attempt (server-webapp.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HeartbeatCtl ActiveX clsid access (browser-plugins.rules) * 1:1376 <-> DISABLED <-> SERVER-WEBAPP jrun directory browse attempt (server-webapp.rules) * 1:13760 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HeartbeatCtl ActiveX function call access (browser-plugins.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:1377 <-> DISABLED <-> PROTOCOL-FTP wu-ftp bad file completion attempt (protocol-ftp.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:1378 <-> DISABLED <-> PROTOCOL-FTP wu-ftp bad file completion attempt (protocol-ftp.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules) * 1:13783 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Assistant ActiveX clsid access (browser-plugins.rules) * 1:13785 <-> DISABLED <-> BROWSER-PLUGINS Ourgame GLWorld ActiveX clsid access (browser-plugins.rules) * 1:13787 <-> DISABLED <-> BROWSER-PLUGINS Ourgame GLWorld ActiveX function call access (browser-plugins.rules) * 1:1379 <-> DISABLED <-> PROTOCOL-FTP STAT overflow attempt (protocol-ftp.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:1380 <-> DISABLED <-> SERVER-IIS Form_VBScript.asp access (server-iis.rules) * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:1381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan attempt (server-webapp.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13814 <-> DISABLED <-> MALWARE-CNC passhax variant outbound connection (malware-cnc.rules) * 1:13815 <-> DISABLED <-> MALWARE-CNC zombget.03 variant outbound connection (malware-cnc.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:1382 <-> DISABLED <-> SERVER-OTHER CHAT IRC Ettercap parse overflow attempt (server-other.rules) * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules) * 1:13828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:13830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:13832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer backweb ActiveX clsid access (browser-plugins.rules) * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules) * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:1385 <-> DISABLED <-> SERVER-WEBAPP mod-plsql administration access (server-webapp.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules) * 1:13856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.wintrim.z variant outbound connection (malware-cnc.rules) * 1:13857 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support DataManager ActiveX clsid access (browser-plugins.rules) * 1:13859 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support DataManager ActiveX function call access (browser-plugins.rules) * 1:1386 <-> DISABLED <-> SERVER-MSSQL raiserror possible buffer overflow (server-mssql.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:1387 <-> DISABLED <-> SQL raiserror possible buffer overflow (sql.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13876 <-> DISABLED <-> MALWARE-CNC zlob.acc variant outbound connection (malware-cnc.rules) * 1:13877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.uv variant outbound connection (malware-cnc.rules) * 1:13878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.uv inbound connection (malware-cnc.rules) * 1:1388 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP Location overflow attempt (os-windows.rules) * 1:13883 <-> DISABLED <-> BROWSER-PLUGINS UUSee UUUpgrade ActiveX clsid access (browser-plugins.rules) * 1:13885 <-> DISABLED <-> BROWSER-PLUGINS UUSee UUUpgrade ActiveX function call access (browser-plugins.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules) * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt (server-mail.rules) * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt (server-mail.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:152 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Connection (malware-backdoor.rules) * 1:1520 <-> DISABLED <-> SERVER-WEBAPP server-info access (server-webapp.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:1521 <-> DISABLED <-> SERVER-WEBAPP server-status access (server-webapp.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:1522 <-> DISABLED <-> SERVER-WEBAPP ans.pl attempt (server-webapp.rules) * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15228 <-> DISABLED <-> BROWSER-PLUGINS Ciansoft PDFBuilderX ActiveX clsid access (browser-plugins.rules) * 1:1523 <-> DISABLED <-> SERVER-WEBAPP ans.pl access (server-webapp.rules) * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules) * 1:15232 <-> DISABLED <-> BROWSER-PLUGINS Easy Grid ActiveX clsid access (browser-plugins.rules) * 1:15234 <-> DISABLED <-> BROWSER-PLUGINS Easy Grid ActiveX function call access (browser-plugins.rules) * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:1524 <-> DISABLED <-> SERVER-WEBAPP Axis Storpoint CD attempt (server-webapp.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules) * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15247 <-> DISABLED <-> BROWSER-PLUGINS JamDTA ActiveX clsid access (browser-plugins.rules) * 1:15249 <-> DISABLED <-> BROWSER-PLUGINS SmartVMD ActiveX clsid access (browser-plugins.rules) * 1:1525 <-> DISABLED <-> SERVER-WEBAPP Axis Storpoint CD access (server-webapp.rules) * 1:15251 <-> DISABLED <-> BROWSER-PLUGINS MetaProducts MetaTreeX ActiveX clsid access (browser-plugins.rules) * 1:15253 <-> DISABLED <-> BROWSER-PLUGINS MetaProducts MetaTreeX ActiveX function call access (browser-plugins.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:1526 <-> DISABLED <-> SERVER-WEBAPP basilix sendmail.inc access (server-webapp.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules) * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules) * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:1527 <-> DISABLED <-> SERVER-WEBAPP basilix mysql.class access (server-webapp.rules) * 1:15270 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies PDF417 ActiveX clsid access (browser-plugins.rules) * 1:15272 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies PDF417 ActiveX function call access (browser-plugins.rules) * 1:15274 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies DataMatrix ActiveX clsid access (browser-plugins.rules) * 1:15276 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies DataMatrix ActiveX function call access (browser-plugins.rules) * 1:15278 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:1528 <-> DISABLED <-> SERVER-WEBAPP BBoard access (server-webapp.rules) * 1:15280 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX function call access (browser-plugins.rules) * 1:15282 <-> DISABLED <-> BROWSER-PLUGINS FlexCell Grid ActiveX clsid access (browser-plugins.rules) * 1:15284 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioGrabber2 ActiveX clsid access (browser-plugins.rules) * 1:15286 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioGrabber2 ActiveX function call access (browser-plugins.rules) * 1:15288 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioInformation2 ActiveX clsid access (browser-plugins.rules) * 1:1529 <-> DISABLED <-> PROTOCOL-FTP SITE overflow attempt (protocol-ftp.rules) * 1:15290 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioInformation2 ActiveX function call access (browser-plugins.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules) * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules) * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules) * 1:15307 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Animation Control ActiveX clsid access (browser-plugins.rules) * 1:15309 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Animation Control ActiveX function call access (browser-plugins.rules) * 1:1531 <-> DISABLED <-> SERVER-WEBAPP bb-hist.sh attempt (server-webapp.rules) * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15315 <-> DISABLED <-> BROWSER-PLUGINS Akamai DownloadManager ActiveX clsid access (browser-plugins.rules) * 1:15317 <-> DISABLED <-> BROWSER-PLUGINS Akamai DownloadManager ActiveX function call access (browser-plugins.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:1532 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh attempt (server-webapp.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:1533 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh access (server-webapp.rules) * 1:15330 <-> DISABLED <-> BROWSER-PLUGINS Nokia Phoenix Service 1 ActiveX clsid access (browser-plugins.rules) * 1:15332 <-> DISABLED <-> BROWSER-PLUGINS Nokia Phoenix Service 2 ActiveX clsid access (browser-plugins.rules) * 1:15334 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 7000 ActiveX clsid access (browser-plugins.rules) * 1:15336 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 7000 ActiveX function call access (browser-plugins.rules) * 1:15338 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8120 ActiveX clsid access (browser-plugins.rules) * 1:1534 <-> DISABLED <-> SERVER-WEBAPP agora.cgi attempt (server-webapp.rules) * 1:15340 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8120 ActiveX function call access (browser-plugins.rules) * 1:15342 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8200 ActiveX clsid access (browser-plugins.rules) * 1:15344 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8200 ActiveX function call access (browser-plugins.rules) * 1:15346 <-> DISABLED <-> BROWSER-PLUGINS Synactis ALL In-The-Box ActiveX clsid access (browser-plugins.rules) * 1:15348 <-> DISABLED <-> BROWSER-PLUGINS Synactis ALL In-The-Box ActiveX function call access (browser-plugins.rules) * 1:1535 <-> DISABLED <-> SERVER-WEBAPP bizdbsearch access (server-webapp.rules) * 1:15350 <-> DISABLED <-> BROWSER-PLUGINS Web on Windows ActiveX clsid access (browser-plugins.rules) * 1:15352 <-> DISABLED <-> BROWSER-PLUGINS Web on Windows ActiveX function call access (browser-plugins.rules) * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:1536 <-> DISABLED <-> SERVER-WEBAPP calendar_admin.pl arbitrary command execution attempt (server-webapp.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15362 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack (indicator-obfuscation.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules) * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules) * 1:15368 <-> DISABLED <-> BROWSER-PLUGINS FathFTP ActiveX clsid access (browser-plugins.rules) * 1:1537 <-> DISABLED <-> SERVER-WEBAPP calendar_admin.pl access (server-webapp.rules) * 1:15370 <-> DISABLED <-> BROWSER-PLUGINS FathFTP ActiveX function call access (browser-plugins.rules) * 1:15372 <-> DISABLED <-> BROWSER-PLUGINS iDefense COMRaider ActiveX clsid access (browser-plugins.rules) * 1:15374 <-> DISABLED <-> BROWSER-PLUGINS iDefense COMRaider ActiveX function call access (browser-plugins.rules) * 1:15376 <-> DISABLED <-> BROWSER-PLUGINS Sopcast SopCore ActiveX clsid access (browser-plugins.rules) * 1:15378 <-> DISABLED <-> BROWSER-PLUGINS Sopcast SopCore ActiveX function call access (browser-plugins.rules) * 1:1538 <-> DISABLED <-> PROTOCOL-NNTP AUTHINFO USER overflow attempt (protocol-nntp.rules) * 1:15380 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms v7 ActiveX clsid access (browser-plugins.rules) * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules) * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules) * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:1539 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/ls access (server-webapp.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:1541 <-> DISABLED <-> PROTOCOL-FINGER version query (protocol-finger.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:1542 <-> DISABLED <-> SERVER-WEBAPP cgimail access (server-webapp.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15423 <-> DISABLED <-> MALWARE-CNC Clampi virus communication detected (malware-cnc.rules) * 1:15424 <-> DISABLED <-> SERVER-WEBAPP phpBB mod shoutbox sql injection attempt (server-webapp.rules) * 1:15425 <-> DISABLED <-> SERVER-WEBAPP phpBB mod tag board sql injection attempt (server-webapp.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:1543 <-> DISABLED <-> SERVER-WEBAPP cgiwrap access (server-webapp.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:15432 <-> DISABLED <-> SERVER-WEBAPP wordpress cat parameter arbitrary file execution attempt (server-webapp.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:1544 <-> DISABLED <-> SERVER-WEBAPP Cisco Catalyst command execution attempt (server-webapp.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules) * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:1545 <-> DISABLED <-> SERVER-OTHER Cisco denial of service attempt (server-other.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:1197 <-> DISABLED <-> SERVER-WEBAPP Phorum code access (server-webapp.rules) * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:1198 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:1199 <-> DISABLED <-> SERVER-WEBAPP Compaq Insight directory traversal (server-webapp.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:1200 <-> DISABLED <-> INDICATOR-COMPROMISE Invalid URL (indicator-compromise.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:1201 <-> DISABLED <-> INDICATOR-COMPROMISE 403 Forbidden (indicator-compromise.rules) * 1:12010 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX clsid access (browser-plugins.rules) * 1:12012 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX function call access (browser-plugins.rules) * 1:12014 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:12015 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioStudio2 NCT WavChunksEditor ActiveX clsid access (browser-plugins.rules) * 1:12017 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioStudio2 NCT WavChunksEditor ActiveX function call access (browser-plugins.rules) * 1:12019 <-> DISABLED <-> BROWSER-PLUGINS NCTsoft NCTAudioFile2 NCTWMAFile ActiveX clsid access (browser-plugins.rules) * 1:1202 <-> DISABLED <-> SERVER-WEBAPP search.vts access (server-webapp.rules) * 1:12021 <-> DISABLED <-> BROWSER-PLUGINS NCTsoft NCTAudioFile2 NCTWMAFile ActiveX function call access (browser-plugins.rules) * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) * 1:12029 <-> DISABLED <-> BROWSER-PLUGINS HP Digital Imaging hpqxml.dll ActiveX clsid access (browser-plugins.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:1204 <-> DISABLED <-> SERVER-WEBAPP ax-admin.cgi access (server-webapp.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:1205 <-> DISABLED <-> SERVER-WEBAPP axs.cgi access (server-webapp.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12057 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold configuration access (server-webapp.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:15458 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navigating between pages race condition attempt (browser-ie.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules) * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15469 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:1549 <-> DISABLED <-> SERVER-MAIL HELO overflow attempt (server-mail.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15491 <-> DISABLED <-> SERVER-WEBAPP Subversion 1.0.2 dated-rev-report buffer overflow over http attempt (server-webapp.rules) * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:1550 <-> DISABLED <-> SERVER-MAIL ETRN overflow attempt (server-mail.rules) * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules) * 1:1551 <-> DISABLED <-> SERVER-WEBAPP /CVS/Entries access (server-webapp.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules) * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:1552 <-> DISABLED <-> SERVER-WEBAPP cvsweb version access (server-webapp.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15531 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Unexpected method call remote code execution attempt (browser-ie.rules) * 1:15534 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XML HttpRequest race condition exploit attempt (browser-ie.rules) * 1:15535 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setCapture heap corruption exploit attempt (browser-ie.rules) * 1:15538 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:1554 <-> DISABLED <-> SERVER-WEBAPP dbman db.cgi access (server-webapp.rules) * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout object use after free attempt (browser-ie.rules) * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules) * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:15543 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Communications Control v6 ActiveX clsid access (browser-plugins.rules) * 1:15545 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Communications Control v6 ActiveX function call access (browser-plugins.rules) * 1:15547 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 1 ActiveX clsid access (browser-plugins.rules) * 1:15549 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 1 ActiveX function call access (browser-plugins.rules) * 1:1555 <-> DISABLED <-> SERVER-WEBAPP DCShop access (server-webapp.rules) * 1:15551 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 2 ActiveX clsid access (browser-plugins.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules) * 1:15557 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EnjoySAP ActiveX clsid access (browser-plugins.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:1556 <-> DISABLED <-> SERVER-WEBAPP DCShop orders.txt access (server-webapp.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:1557 <-> DISABLED <-> SERVER-WEBAPP DCShop auth_user_file.txt access (server-webapp.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:1558 <-> DISABLED <-> SERVER-WEBAPP Delegate whois overflow attempt (server-webapp.rules) * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:1559 <-> DISABLED <-> SERVER-WEBAPP /doc/packages access (server-webapp.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:1560 <-> DISABLED <-> SERVER-WEBAPP /doc/ access (server-webapp.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:1562 <-> DISABLED <-> PROTOCOL-FTP SITE CHOWN overflow attempt (protocol-ftp.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:1563 <-> DISABLED <-> SERVER-WEBAPP login.htm attempt (server-webapp.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:1564 <-> DISABLED <-> SERVER-WEBAPP login.htm access (server-webapp.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:1565 <-> DISABLED <-> SERVER-WEBAPP eshop.pl arbitrary command execution attempt (server-webapp.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:1566 <-> DISABLED <-> SERVER-WEBAPP eshop.pl access (server-webapp.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:1567 <-> DISABLED <-> SERVER-IIS /exchange/root.asp attempt (server-iis.rules) * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules) * 1:12393 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 1 ActiveX clsid access (browser-plugins.rules) * 1:12395 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 2 ActiveX clsid access (browser-plugins.rules) * 1:12397 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 3 ActiveX clsid access (browser-plugins.rules) * 1:12399 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 4 ActiveX clsid access (browser-plugins.rules) * 1:1240 <-> DISABLED <-> SERVER-OTHER MDBMS overflow (server-other.rules) * 1:12401 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 5 ActiveX clsid access (browser-plugins.rules) * 1:12403 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 6 ActiveX clsid access (browser-plugins.rules) * 1:12405 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 7 ActiveX clsid access (browser-plugins.rules) * 1:12407 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 8 ActiveX clsid access (browser-plugins.rules) * 1:12409 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 9 ActiveX clsid access (browser-plugins.rules) * 1:1241 <-> DISABLED <-> SERVER-WEBAPP SWEditServlet directory traversal attempt (server-webapp.rules) * 1:12411 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 10 ActiveX clsid access (browser-plugins.rules) * 1:12413 <-> DISABLED <-> BROWSER-PLUGINS Earth Resource Mapper NCSView ActiveX clsid access (browser-plugins.rules) * 1:12415 <-> DISABLED <-> BROWSER-PLUGINS Earth Resource Mapper NCSView ActiveX function call access (browser-plugins.rules) * 1:12417 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro ActiveX clsid access (browser-plugins.rules) * 1:12419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro ActiveX function call access (browser-plugins.rules) * 1:1242 <-> DISABLED <-> SERVER-IIS ISAPI .ida access (server-iis.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12428 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink glitemflat.dll ActiveX clsid access (browser-plugins.rules) * 1:1243 <-> DISABLED <-> SERVER-IIS ISAPI .ida attempt (server-iis.rules) * 1:12430 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer Component ActiveX clsid access (browser-plugins.rules) * 1:12432 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer Component ActiveX function call access (browser-plugins.rules) * 1:12434 <-> DISABLED <-> BROWSER-PLUGINS BaoFeng Storm MPS.dll ActiveX clsid access (browser-plugins.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12438 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll ActiveX clsid access (browser-plugins.rules) * 1:1244 <-> DISABLED <-> SERVER-IIS ISAPI .idq attempt (server-iis.rules) * 1:12440 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll ActiveX function call access (browser-plugins.rules) * 1:12442 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll 2 ActiveX clsid access (browser-plugins.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules) * 1:1245 <-> DISABLED <-> SERVER-IIS ISAPI .idq access (server-iis.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:12461 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12466 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies QRCode ActiveX clsid access (browser-plugins.rules) * 1:12468 <-> DISABLED <-> BROWSER-PLUGINS COWON America JetAudio JetFlExt.dll ActiveX clsid access (browser-plugins.rules) * 1:12470 <-> DISABLED <-> BROWSER-PLUGINS COWON America JetAudio JetFlExt.dll ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12476 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger CYFT ActiveX clsid access (browser-plugins.rules) * 1:12478 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger CYFT ActiveX function call access (browser-plugins.rules) * 1:1248 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage rad fp30reg.dll access (server-other.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules) * 1:1249 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage rad fp4areg.dll access (server-other.rules) * 1:1250 <-> DISABLED <-> OS-OTHER Cisco IOS HTTP configuration attempt (os-other.rules) * 1:1252 <-> DISABLED <-> PROTOCOL-TELNET bsd telnet exploit response (protocol-telnet.rules) * 1:1253 <-> DISABLED <-> PROTOCOL-TELNET bsd exploit client finishing (protocol-telnet.rules) * 1:1254 <-> DISABLED <-> SERVER-WEBAPP PHPLIB remote command attempt (server-webapp.rules) * 1:1255 <-> DISABLED <-> SERVER-WEBAPP PHPLIB remote command attempt (server-webapp.rules) * 1:1256 <-> DISABLED <-> SERVER-IIS CodeRed v2 root.exe access (server-iis.rules) * 1:1257 <-> DISABLED <-> SERVER-OTHER Winnuke attack (server-other.rules) * 1:1259 <-> DISABLED <-> SERVER-WEBAPP SWEditServlet access (server-webapp.rules) * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules) * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12598 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Web Thunder ActiveX clsid access (browser-plugins.rules) * 1:12600 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt IncrementalHash ActiveX clsid access (browser-plugins.rules) * 1:12602 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt IncrementalHash ActiveX function call access (browser-plugins.rules) * 1:12604 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt PRNGenerator ActiveX clsid access (browser-plugins.rules) * 1:12606 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt PRNGenerator ActiveX function call access (browser-plugins.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:1261 <-> DISABLED <-> SERVER-OTHER AIX pdnsd overflow (server-other.rules) * 1:12610 <-> DISABLED <-> SERVER-WEBAPP phpBB viewtopic double URL encoding attempt (server-webapp.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:1262 <-> DISABLED <-> PROTOCOL-RPC portmap admind request TCP (protocol-rpc.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:1263 <-> DISABLED <-> PROTOCOL-RPC portmap amountd request TCP (protocol-rpc.rules) * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules) * 1:12637 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky Online Scanner KAVWebScan.dll ActiveX clsid access (browser-plugins.rules) * 1:12639 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky Online Scanner KAVWebScan.dll ActiveX function call access (browser-plugins.rules) * 1:1264 <-> DISABLED <-> PROTOCOL-RPC portmap bootparam request TCP (protocol-rpc.rules) * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12644 <-> DISABLED <-> BROWSER-PLUGINS PBEmail7 ActiveX clsid access (browser-plugins.rules) * 1:12646 <-> DISABLED <-> BROWSER-PLUGINS PBEmail7 ActiveX function call access (browser-plugins.rules) * 1:12648 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX ActiveX clsid access (browser-plugins.rules) * 1:1265 <-> DISABLED <-> PROTOCOL-RPC portmap cmsd request TCP (protocol-rpc.rules) * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:1392 <-> DISABLED <-> SERVER-WEBAPP lastlines.cgi access (server-webapp.rules) * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules) * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13934 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection hijack ie (malware-cnc.rules) * 1:13935 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection download other malware (malware-cnc.rules) * 1:13936 <-> DISABLED <-> MALWARE-CNC Trickler dropper agent.rqg variant outbound connection call home (malware-cnc.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:1394 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ecx NOOP (indicator-shellcode.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection click fraud (malware-cnc.rules) * 1:13942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection call home (malware-cnc.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection get whitelist (malware-cnc.rules) * 1:13945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection update (malware-cnc.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:1395 <-> DISABLED <-> SERVER-WEBAPP zml.cgi attempt (server-webapp.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules) * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules) * 1:1396 <-> DISABLED <-> SERVER-WEBAPP zml.cgi access (server-webapp.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer table layout access violation vulnerability (browser-ie.rules) * 1:13962 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MHTML zone control bypass attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:1397 <-> DISABLED <-> SERVER-WEBAPP wayboard attempt (server-webapp.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:13974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XHTML element memory corruption attempt (browser-ie.rules) * 1:13975 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13977 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:1398 <-> DISABLED <-> SERVER-OTHER CDE dtspcd exploit attempt (server-other.rules) * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules) * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:1399 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke remote file include attempt (server-webapp.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:1400 <-> DISABLED <-> SERVER-IIS /scripts/samples/ access (server-iis.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:1401 <-> DISABLED <-> SERVER-IIS /msadc/samples/ access (server-iis.rules) * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:1402 <-> DISABLED <-> SERVER-IIS iissamples access (server-iis.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:1405 <-> DISABLED <-> SERVER-WEBAPP AHG search.cgi access (server-webapp.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules) * 1:1406 <-> DISABLED <-> SERVER-WEBAPP agora.cgi access (server-webapp.rules) * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:1407 <-> DISABLED <-> SERVER-WEBAPP smssend.php access (server-webapp.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:1408 <-> DISABLED <-> SERVER-OTHER MSDTC attempt (server-other.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection call home (malware-cnc.rules) * 1:14082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection spread via spam (malware-cnc.rules) * 1:14083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection download other malware (malware-cnc.rules) * 1:14084 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection download cfg.bin (malware-cnc.rules) * 1:14085 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection collect user info (malware-cnc.rules) * 1:14086 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM variant outbound connection 1 (malware-cnc.rules) * 1:14087 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM variant outbound connection 2 (malware-cnc.rules) * 1:14088 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 1 ActiveX clsid access (browser-plugins.rules) * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules) * 1:14090 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 2 ActiveX clsid access (browser-plugins.rules) * 1:14092 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 3 ActiveX clsid access (browser-plugins.rules) * 1:14094 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 4 ActiveX clsid access (browser-plugins.rules) * 1:14096 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 5 ActiveX clsid access (browser-plugins.rules) * 1:14098 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 6 ActiveX clsid access (browser-plugins.rules) * 1:141 <-> DISABLED <-> MALWARE-BACKDOOR HackAttack 1.20 Connect (malware-backdoor.rules) * 1:1410 <-> DISABLED <-> SERVER-WEBAPP dcboard.cgi access (server-webapp.rules) * 1:14100 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 7 ActiveX clsid access (browser-plugins.rules) * 1:14102 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 8 ActiveX clsid access (browser-plugins.rules) * 1:14104 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 9 ActiveX clsid access (browser-plugins.rules) * 1:14106 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 10 ActiveX clsid access (browser-plugins.rules) * 1:14108 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 11 ActiveX clsid access (browser-plugins.rules) * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules) * 1:14110 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 12 ActiveX clsid access (browser-plugins.rules) * 1:14112 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 13 ActiveX clsid access (browser-plugins.rules) * 1:14114 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 14 ActiveX clsid access (browser-plugins.rules) * 1:14116 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 15 ActiveX clsid access (browser-plugins.rules) * 1:14118 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 16 ActiveX clsid access (browser-plugins.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:14120 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 17 ActiveX clsid access (browser-plugins.rules) * 1:14122 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 18 ActiveX clsid access (browser-plugins.rules) * 1:14124 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 19 ActiveX clsid access (browser-plugins.rules) * 1:14126 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 20 ActiveX clsid access (browser-plugins.rules) * 1:1206 <-> DISABLED <-> SERVER-WEBAPP cachemgr.cgi access (server-webapp.rules) * 1:12062 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support ActiveX clsid access (browser-plugins.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:1207 <-> DISABLED <-> SERVER-WEBAPP htgrep access (server-webapp.rules) * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1208 <-> DISABLED <-> SERVER-WEBAPP responder.cgi access (server-webapp.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12083 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar Actbar3 ActiveX clsid access (browser-plugins.rules) * 1:12085 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar Actbar3 ActiveX function call access (browser-plugins.rules) * 1:12087 <-> DISABLED <-> BROWSER-PLUGINS McAfee NeoTrace ActiveX clsid access (browser-plugins.rules) * 1:12089 <-> DISABLED <-> BROWSER-PLUGINS McAfee NeoTrace ActiveX function call access (browser-plugins.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (server-webapp.rules) * 1:12091 <-> DISABLED <-> BROWSER-PLUGINS EldoS SecureBlackbox PGPBBox ActiveX clsid access (browser-plugins.rules) * 1:12093 <-> DISABLED <-> BROWSER-PLUGINS EldoS SecureBlackbox PGPBBox ActiveX function call access (browser-plugins.rules) * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules) * 1:121 <-> DISABLED <-> MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request (malware-backdoor.rules) * 1:12100 <-> DISABLED <-> NETBIOS DCERPC-NCACN-IP-TCP ca alert function 16/23 overflow attempt (netbios.rules) * 1:1211 <-> DISABLED <-> SERVER-WEBAPP web-map.cgi access (server-webapp.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12116 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker SASATL ActiveX clsid access (browser-plugins.rules) * 1:12118 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker SASATL ActiveX function call access (browser-plugins.rules) * 1:1212 <-> DISABLED <-> SERVER-WEBAPP Admin_files access (server-webapp.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:1213 <-> DISABLED <-> SERVER-WEBAPP backup access (server-webapp.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:1214 <-> DISABLED <-> SERVER-WEBAPP intranet access (server-webapp.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:1215 <-> DISABLED <-> SERVER-WEBAPP ministats admin access (server-webapp.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:1216 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12650 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX ActiveX function call access (browser-plugins.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12661 <-> DISABLED <-> MALWARE-CNC troll.a variant outbound connection (malware-cnc.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules) * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:1267 <-> DISABLED <-> PROTOCOL-RPC portmap nisd request TCP (protocol-rpc.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:1268 <-> DISABLED <-> PROTOCOL-RPC portmap pcnfsd request TCP (protocol-rpc.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12689 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink ConnectAndEnterRoom ActiveX clsid access (browser-plugins.rules) * 1:1269 <-> DISABLED <-> PROTOCOL-RPC portmap rexd request TCP (protocol-rpc.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:1270 <-> DISABLED <-> PROTOCOL-RPC portmap rstatd request TCP (protocol-rpc.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules) * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:1271 <-> DISABLED <-> PROTOCOL-RPC portmap rusers request TCP (protocol-rpc.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:12714 <-> DISABLED <-> BROWSER-PLUGINS WebEx GPCContainer ActiveX clsid access (browser-plugins.rules) * 1:12716 <-> DISABLED <-> BROWSER-PLUGINS WebEx GPCContainer ActiveX function call access (browser-plugins.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:1272 <-> DISABLED <-> PROTOCOL-RPC portmap sadmind request TCP (protocol-rpc.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules) * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:1273 <-> DISABLED <-> PROTOCOL-RPC portmap selection_svc request TCP (protocol-rpc.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12733 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:12735 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne FlexGrid ActiveX function call access (browser-plugins.rules) * 1:12737 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Thunder PPLAYER.DLL ActiveX clsid access (browser-plugins.rules) * 1:12739 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Thunder PPLAYER.DLL ActiveX function call access (browser-plugins.rules) * 1:1274 <-> DISABLED <-> PROTOCOL-RPC portmap ttdbserv request TCP (protocol-rpc.rules) * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules) * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules) * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:12747 <-> DISABLED <-> BROWSER-PLUGINS BitDefender Online Scanner ActiveX clsid access (browser-plugins.rules) * 1:12749 <-> DISABLED <-> BROWSER-PLUGINS BitDefender Online Scanner ActiveX function call access (browser-plugins.rules) * 1:1275 <-> DISABLED <-> PROTOCOL-RPC portmap yppasswd request TCP (protocol-rpc.rules) * 1:12751 <-> DISABLED <-> BROWSER-PLUGINS RichFX Basic Player ActiveX clsid access (browser-plugins.rules) * 1:12753 <-> DISABLED <-> BROWSER-PLUGINS RichFX Basic Player ActiveX function call access (browser-plugins.rules) * 1:12755 <-> DISABLED <-> BROWSER-PLUGINS PPStream PowerList ActiveX clsid access (browser-plugins.rules) * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:1276 <-> DISABLED <-> PROTOCOL-RPC portmap ypserv request TCP (protocol-rpc.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12762 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar Helper Class ActiveX clsid access (browser-plugins.rules) * 1:12764 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar Helper Class ActiveX function call access (browser-plugins.rules) * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules) * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules) * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules) * 1:12771 <-> DISABLED <-> BROWSER-PLUGINS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12772 <-> DISABLED <-> BROWSER-PLUGINS obfuscated PPStream PowerPlayer ActiveX exploit attempt (browser-plugins.rules) * 1:12773 <-> DISABLED <-> BROWSER-PLUGINS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (browser-plugins.rules) * 1:12774 <-> DISABLED <-> BROWSER-PLUGINS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:1280 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 111 (protocol-rpc.rules) * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12803 <-> DISABLED <-> BROWSER-PLUGINS VideoLAN VLC ActiveX clsid access (browser-plugins.rules) * 1:12805 <-> DISABLED <-> BROWSER-PLUGINS VideoLAN VLC ActiveX function call access (browser-plugins.rules) * 1:12807 <-> ENABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:1281 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 32771 (protocol-rpc.rules) * 1:1283 <-> DISABLED <-> SERVER-IIS Microsoft Office Outlook web dos (server-iis.rules) * 1:1284 <-> DISABLED <-> SERVER-OTHER readme.eml download attempt (server-other.rules) * 1:1285 <-> DISABLED <-> SERVER-IIS msdac access (server-iis.rules) * 1:1286 <-> DISABLED <-> SERVER-IIS _mem_bin access (server-iis.rules) * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules) * 1:1289 <-> DISABLED <-> PROTOCOL-TFTP GET Admin.dll (protocol-tftp.rules) * 1:1290 <-> DISABLED <-> FILE-OTHER readme.eml autoload attempt (file-other.rules) * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:1291 <-> DISABLED <-> SERVER-WEBAPP sml3com access (server-webapp.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:1292 <-> DISABLED <-> INDICATOR-COMPROMISE directory listing (indicator-compromise.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12948 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 1 ActiveX clsid access (browser-plugins.rules) * 1:1295 <-> DISABLED <-> INDICATOR-COMPROMISE nimda RICHED20.DLL (indicator-compromise.rules) * 1:12950 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 2 ActiveX clsid access (browser-plugins.rules) * 1:12952 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 3 ActiveX clsid access (browser-plugins.rules) * 1:12954 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXLTPI.DLL ActiveX clsid access (browser-plugins.rules) * 1:12957 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSN Heartbeat 2 ActiveX clsid access (browser-plugins.rules) * 1:12959 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSN Heartbeat 3 ActiveX clsid access (browser-plugins.rules) * 1:12961 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 1 ActiveX clsid access (browser-plugins.rules) * 1:12963 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 2 ActiveX clsid access (browser-plugins.rules) * 1:12965 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 3 ActiveX clsid access (browser-plugins.rules) * 1:12967 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 4 ActiveX clsid access (browser-plugins.rules) * 1:12969 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 5 ActiveX clsid access (browser-plugins.rules) * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules) * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:1300 <-> DISABLED <-> SERVER-WEBAPP admin.php file upload attempt (server-webapp.rules) * 1:1301 <-> DISABLED <-> SERVER-WEBAPP admin.php access (server-webapp.rules) * 1:1302 <-> DISABLED <-> SERVER-WEBAPP console.exe access (server-webapp.rules) * 1:1303 <-> DISABLED <-> SERVER-WEBAPP cs.exe access (server-webapp.rules) * 1:1304 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi access (server-webapp.rules) * 1:1305 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi directory traversal attempt (server-webapp.rules) * 1:1307 <-> DISABLED <-> SERVER-WEBAPP store.cgi access (server-webapp.rules) * 1:1308 <-> DISABLED <-> SERVER-WEBAPP sendmessage.cgi access (server-webapp.rules) * 1:1309 <-> DISABLED <-> SERVER-WEBAPP zsh access (server-webapp.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13228 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 1 ActiveX clsid access (browser-plugins.rules) * 1:1323 <-> DISABLED <-> SERVER-OTHER rwhoisd format string attempt (server-other.rules) * 1:13230 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 2 ActiveX clsid access (browser-plugins.rules) * 1:13232 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX clsid access (browser-plugins.rules) * 1:13234 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX function call access (browser-plugins.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:1324 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow /bin/sh (indicator-shellcode.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13248 <-> DISABLED <-> MALWARE-CNC yuri 1.2 variant outbound connection (malware-cnc.rules) * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules) * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules) * 1:1326 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow NOOP (indicator-shellcode.rules) * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules) * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules) * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules) * 1:13266 <-> DISABLED <-> BROWSER-PLUGINS SkyFex Client ActiveX clsid access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:1327 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow (indicator-shellcode.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13273 <-> DISABLED <-> BROWSER-PLUGINS DivX Web Player ActiveX clsid access (browser-plugins.rules) * 1:13275 <-> DISABLED <-> BROWSER-PLUGINS DivX Web Player ActiveX function call access (browser-plugins.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules) * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules) * 1:13289 <-> DISABLED <-> BROWSER-PLUGINS Gatway CWebLaunchCtl ActiveX clsid access (browser-plugins.rules) * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13312 <-> DISABLED <-> BROWSER-PLUGINS StreamAudio ProxyManager ActiveX clsid access (browser-plugins.rules) * 1:13314 <-> DISABLED <-> BROWSER-PLUGINS StreamAudio ProxyManager ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13325 <-> DISABLED <-> BROWSER-PLUGINS Macrovision FLEXnet Connect ActiveX clsid access (browser-plugins.rules) * 1:13327 <-> DISABLED <-> BROWSER-PLUGINS Macrovision FLEXnet Connect ActiveX function call access (browser-plugins.rules) * 1:13329 <-> DISABLED <-> BROWSER-PLUGINS Toshiba Surveillance Surveillix DVR ActiveX clsid access (browser-plugins.rules) * 1:13331 <-> DISABLED <-> BROWSER-PLUGINS Toshiba Surveillance Surveillix DVR ActiveX function call access (browser-plugins.rules) * 1:13333 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms ActiveX clsid access (browser-plugins.rules) * 1:13335 <-> DISABLED <-> BROWSER-PLUGINS Lycos File Upload Component ActiveX clsid access (browser-plugins.rules) * 1:13337 <-> DISABLED <-> BROWSER-PLUGINS Comodo AntiVirus ActiveX clsid access (browser-plugins.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13348 <-> DISABLED <-> BROWSER-PLUGINS Move Networks Media Player ActiveX clsid access (browser-plugins.rules) * 1:13350 <-> DISABLED <-> BROWSER-PLUGINS Move Networks Media Player ActiveX function call access (browser-plugins.rules) * 1:13352 <-> DISABLED <-> BROWSER-PLUGINS Lycos File Upload Component ActiveX function call access (browser-plugins.rules) * 1:13354 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms ActiveX function call access (browser-plugins.rules) * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT FTP 530 Login failed response (app-detect.rules) * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13423 <-> DISABLED <-> BROWSER-PLUGINS SwiftView ActiveX clsid access (browser-plugins.rules) * 1:13426 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox DataGrid ActiveX clsid access (browser-plugins.rules) * 1:13428 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox DataGrid ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13446 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink HanGamePlugin ActiveX clsid access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules) * 1:13451 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual FoxPro foxtlib ActiveX clsid access (browser-plugins.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter field length invalid chunk size buffer overflow attempt (file-office.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13507 <-> DISABLED <-> MALWARE-CNC evilotus 1.3.2 variant outbound connection (malware-cnc.rules) * 1:13508 <-> DISABLED <-> MALWARE-CNC xploit 1.4.5 variant outbound connection (malware-cnc.rules) * 1:13509 <-> DISABLED <-> MALWARE-CNC xploit 1.4.5 pc variant outbound connection (malware-cnc.rules) * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules) * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules) * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules) * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13527 <-> DISABLED <-> BROWSER-PLUGINS D-Link MPEG4 SHM Audio Control ActiveX clsid access (browser-plugins.rules) * 1:13529 <-> DISABLED <-> BROWSER-PLUGINS D-Link MPEG4 SHM Audio Control ActiveX function call access (browser-plugins.rules) * 1:13531 <-> DISABLED <-> BROWSER-PLUGINS 4xem VatCtrl ActiveX clsid access (browser-plugins.rules) * 1:13533 <-> DISABLED <-> BROWSER-PLUGINS 4xem VatCtrl ActiveX function call access (browser-plugins.rules) * 1:13535 <-> DISABLED <-> BROWSER-PLUGINS Vivotek RTSP MPEG4 SP Control ActiveX clsid access (browser-plugins.rules) * 1:13537 <-> DISABLED <-> BROWSER-PLUGINS Vivotek RTSP MPEG4 SP Control ActiveX function call access (browser-plugins.rules) * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13543 <-> DISABLED <-> BROWSER-PLUGINS Learn2 STRunner ActiveX clsid access (browser-plugins.rules) * 1:13545 <-> DISABLED <-> BROWSER-PLUGINS Learn2 STRunner ActiveX function call access (browser-plugins.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12165 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12168 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid access (browser-plugins.rules) * 1:1217 <-> DISABLED <-> SERVER-WEBAPP plusmail access (server-webapp.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:1218 <-> DISABLED <-> SERVER-WEBAPP adminlogin access (server-webapp.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules) * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:12189 <-> DISABLED <-> BROWSER-PLUGINS Clever Internet Suite ActiveX clsid access (browser-plugins.rules) * 1:1219 <-> DISABLED <-> SERVER-WEBAPP dfire.cgi access (server-webapp.rules) * 1:12191 <-> DISABLED <-> BROWSER-PLUGINS Clever Internet Suite ActiveX function call access (browser-plugins.rules) * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules) * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules) * 1:1220 <-> DISABLED <-> SERVER-WEBAPP ultraboard access (server-webapp.rules) * 1:12200 <-> DISABLED <-> BROWSER-PLUGINS VMWare IntraProcessLogging ActiveX clsid access (browser-plugins.rules) * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules) * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12207 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (browser-plugins.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:1221 <-> DISABLED <-> SERVER-WEBAPP Muscat Empower cgi access (server-webapp.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules) * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules) * 1:1222 <-> DISABLED <-> SERVER-WEBAPP pals-cgi arbitrary file access attempt (server-webapp.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12221 <-> DISABLED <-> SERVER-WEBAPP file upload GLOBAL variable overwrite attempt (server-webapp.rules) * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules) * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:1224 <-> DISABLED <-> SERVER-WEBAPP ROADS search.pl attempt (server-webapp.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12246 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:12248 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:1225 <-> DISABLED <-> X11 MIT Magic Cookie detected (x11.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:12252 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:14128 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 21 ActiveX clsid access (browser-plugins.rules) * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules) * 1:14130 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 22 ActiveX clsid access (browser-plugins.rules) * 1:14132 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 23 ActiveX clsid access (browser-plugins.rules) * 1:14134 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 24 ActiveX clsid access (browser-plugins.rules) * 1:14136 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 25 ActiveX clsid access (browser-plugins.rules) * 1:14138 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 26 ActiveX clsid access (browser-plugins.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14140 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 27 ActiveX clsid access (browser-plugins.rules) * 1:14142 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 28 ActiveX clsid access (browser-plugins.rules) * 1:14144 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 29 ActiveX clsid access (browser-plugins.rules) * 1:14146 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 30 ActiveX clsid access (browser-plugins.rules) * 1:14148 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 31 ActiveX clsid access (browser-plugins.rules) * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules) * 1:14150 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 32 ActiveX clsid access (browser-plugins.rules) * 1:14152 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 33 ActiveX clsid access (browser-plugins.rules) * 1:14154 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 34 ActiveX clsid access (browser-plugins.rules) * 1:14156 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 35 ActiveX clsid access (browser-plugins.rules) * 1:14158 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 36 ActiveX clsid access (browser-plugins.rules) * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules) * 1:14160 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 37 ActiveX clsid access (browser-plugins.rules) * 1:14162 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 38 ActiveX clsid access (browser-plugins.rules) * 1:14164 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 39 ActiveX clsid access (browser-plugins.rules) * 1:14166 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 40 ActiveX clsid access (browser-plugins.rules) * 1:14168 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 41 ActiveX clsid access (browser-plugins.rules) * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules) * 1:14170 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 42 ActiveX clsid access (browser-plugins.rules) * 1:14172 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 43 ActiveX clsid access (browser-plugins.rules) * 1:14174 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 44 ActiveX clsid access (browser-plugins.rules) * 1:14176 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 45 ActiveX clsid access (browser-plugins.rules) * 1:14178 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 46 ActiveX clsid access (browser-plugins.rules) * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules) * 1:14180 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 47 ActiveX clsid access (browser-plugins.rules) * 1:14182 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 48 ActiveX clsid access (browser-plugins.rules) * 1:14184 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 49 ActiveX clsid access (browser-plugins.rules) * 1:14186 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 50 ActiveX clsid access (browser-plugins.rules) * 1:14188 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 51 ActiveX clsid access (browser-plugins.rules) * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules) * 1:14190 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 52 ActiveX clsid access (browser-plugins.rules) * 1:14192 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 53 ActiveX clsid access (browser-plugins.rules) * 1:14194 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 54 ActiveX clsid access (browser-plugins.rules) * 1:14196 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 55 ActiveX clsid access (browser-plugins.rules) * 1:14198 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 56 ActiveX clsid access (browser-plugins.rules) * 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules) * 1:14200 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 57 ActiveX clsid access (browser-plugins.rules) * 1:14202 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 58 ActiveX clsid access (browser-plugins.rules) * 1:14204 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 59 ActiveX clsid access (browser-plugins.rules) * 1:14206 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 60 ActiveX clsid access (browser-plugins.rules) * 1:14208 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 61 ActiveX clsid access (browser-plugins.rules) * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules) * 1:14210 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 62 ActiveX clsid access (browser-plugins.rules) * 1:14212 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 63 ActiveX clsid access (browser-plugins.rules) * 1:14214 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 64 ActiveX clsid access (browser-plugins.rules) * 1:14216 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 65 ActiveX clsid access (browser-plugins.rules) * 1:14218 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 66 ActiveX clsid access (browser-plugins.rules) * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules) * 1:14220 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 67 ActiveX clsid access (browser-plugins.rules) * 1:14222 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 68 ActiveX clsid access (browser-plugins.rules) * 1:14224 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 69 ActiveX clsid access (browser-plugins.rules) * 1:14226 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 70 ActiveX clsid access (browser-plugins.rules) * 1:14228 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 71 ActiveX clsid access (browser-plugins.rules) * 1:1423 <-> DISABLED <-> SERVER-WEBAPP content-disposition memchr overflow (server-webapp.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (server-webapp.rules) * 1:14231 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX clsid access (browser-plugins.rules) * 1:14233 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX function call access (browser-plugins.rules) * 1:14235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services CallHTMLHelp ActiveX buffer overflow attempt (browser-plugins.rules) * 1:14237 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services ActiveX function call access (browser-plugins.rules) * 1:14239 <-> DISABLED <-> BROWSER-PLUGINS Friendly Technologies fwRemoteConfig ActiveX clsid access (browser-plugins.rules) * 1:14241 <-> DISABLED <-> BROWSER-PLUGINS Friendly Technologies fwRemoteConfig ActiveX function call access (browser-plugins.rules) * 1:14243 <-> DISABLED <-> BROWSER-PLUGINS Najdi.si Toolbar ActiveX clsid access (browser-plugins.rules) * 1:14245 <-> DISABLED <-> BROWSER-PLUGINS Najdi.si Toolbar ActiveX function call access (browser-plugins.rules) * 1:14247 <-> DISABLED <-> BROWSER-PLUGINS Eyeball MessengerSDK ActiveX clsid access (browser-plugins.rules) * 1:14249 <-> DISABLED <-> BROWSER-PLUGINS Eyeball MessengerSDK ActiveX function call access (browser-plugins.rules) * 1:1425 <-> DISABLED <-> SERVER-WEBAPP content-disposition file upload attempt (server-webapp.rules) * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules) * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules) * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14266 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Image Acquisition Logger ActiveX clsid access (browser-plugins.rules) * 1:14268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Image Acquisition Logger ActiveX function call access (browser-plugins.rules) * 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules) * 1:14270 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Locator ActiveX clsid access (browser-plugins.rules) * 1:14272 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Locator ActiveX function call access (browser-plugins.rules) * 1:14274 <-> DISABLED <-> BROWSER-PLUGINS Vie2Lib.Vie2LinuxVolume ActiveX clsid access (browser-plugins.rules) * 1:14276 <-> DISABLED <-> BROWSER-PLUGINS Vie2Lib.Vie2LinuxVolume ActiveX function call access (browser-plugins.rules) * 1:14278 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Process ActiveX clsid access (browser-plugins.rules) * 1:1428 <-> DISABLED <-> POLICY-MULTIMEDIA audio galaxy keepalive (policy-multimedia.rules) * 1:14280 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Process ActiveX function call access (browser-plugins.rules) * 1:14282 <-> DISABLED <-> BROWSER-PLUGINS IntraProcessLogging.Logger ActiveX clsid access (browser-plugins.rules) * 1:14284 <-> DISABLED <-> BROWSER-PLUGINS IntraProcessLogging.Logger ActiveX function call access (browser-plugins.rules) * 1:14286 <-> DISABLED <-> BROWSER-PLUGINS VMClientHosts Class ActiveX clsid access (browser-plugins.rules) * 1:14288 <-> DISABLED <-> BROWSER-PLUGINS VMClientHosts Class ActiveX function call access (browser-plugins.rules) * 1:14290 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibCreateParamObj ActiveX clsid access (browser-plugins.rules) * 1:14292 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibCreateParamObj ActiveX function call access (browser-plugins.rules) * 1:14294 <-> DISABLED <-> BROWSER-PLUGINS RemoteDirDlg Class ActiveX clsid access (browser-plugins.rules) * 1:14296 <-> DISABLED <-> BROWSER-PLUGINS RemoteDirDlg Class ActiveX function call access (browser-plugins.rules) * 1:14298 <-> DISABLED <-> BROWSER-PLUGINS TeamListViewWnd Class ActiveX clsid access (browser-plugins.rules) * 1:14300 <-> DISABLED <-> BROWSER-PLUGINS TeamListViewWnd Class ActiveX function call access (browser-plugins.rules) * 1:14302 <-> DISABLED <-> BROWSER-PLUGINS VMStatusbarCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14304 <-> DISABLED <-> BROWSER-PLUGINS VMStatusbarCtl Class ActiveX function call access (browser-plugins.rules) * 1:14306 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCConfiguration ActiveX clsid access (browser-plugins.rules) * 1:14308 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCConfiguration ActiveX function call access (browser-plugins.rules) * 1:14310 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdate Class ActiveX clsid access (browser-plugins.rules) * 1:14312 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdate Class ActiveX function call access (browser-plugins.rules) * 1:14314 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 1 ActiveX clsid access (browser-plugins.rules) * 1:14316 <-> DISABLED <-> BROWSER-PLUGINS VmdbExecuteError Class ActiveX clsid access (browser-plugins.rules) * 1:14318 <-> DISABLED <-> BROWSER-PLUGINS VmdbExecuteError Class ActiveX function call access (browser-plugins.rules) * 1:1432 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules) * 1:14320 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 2 ActiveX clsid access (browser-plugins.rules) * 1:14322 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SysImageUti ActiveX clsid access (browser-plugins.rules) * 1:14324 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SysImageUti ActiveX function call access (browser-plugins.rules) * 1:14326 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Database Tools Query Designer V7.0 ActiveX clsid access (browser-plugins.rules) * 1:14328 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Database Tools Query Designer V7.0 ActiveX function call access (browser-plugins.rules) * 1:1433 <-> DISABLED <-> SERVER-WEBAPP .history access (server-webapp.rules) * 1:14330 <-> DISABLED <-> BROWSER-PLUGINS VmdbContext Class ActiveX clsid access (browser-plugins.rules) * 1:14332 <-> DISABLED <-> BROWSER-PLUGINS VmdbContext Class ActiveX function call access (browser-plugins.rules) * 1:14334 <-> DISABLED <-> BROWSER-PLUGINS VMClientVMs Class ActiveX clsid access (browser-plugins.rules) * 1:14336 <-> DISABLED <-> BROWSER-PLUGINS VMClientVMs Class ActiveX function call access (browser-plugins.rules) * 1:14338 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj Class ActiveX clsid access (browser-plugins.rules) * 1:1434 <-> DISABLED <-> SERVER-WEBAPP .bash_history access (server-webapp.rules) * 1:14340 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj Class ActiveX function call access (browser-plugins.rules) * 1:14342 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 3 ActiveX clsid access (browser-plugins.rules) * 1:14344 <-> DISABLED <-> BROWSER-PLUGINS VMMsg Class ActiveX clsid access (browser-plugins.rules) * 1:14346 <-> DISABLED <-> BROWSER-PLUGINS VMMsg Class ActiveX function call access (browser-plugins.rules) * 1:14348 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 4 ActiveX clsid access (browser-plugins.rules) * 1:1435 <-> DISABLED <-> PROTOCOL-DNS named authors attempt (protocol-dns.rules) * 1:14350 <-> DISABLED <-> BROWSER-PLUGINS reconfig.PopulatedDi ActiveX clsid access (browser-plugins.rules) * 1:14352 <-> DISABLED <-> BROWSER-PLUGINS reconfig.PopulatedDi ActiveX function call access (browser-plugins.rules) * 1:14354 <-> DISABLED <-> BROWSER-PLUGINS Elevated.ElevMgr ActiveX clsid access (browser-plugins.rules) * 1:14356 <-> DISABLED <-> BROWSER-PLUGINS Elevated.ElevMgr ActiveX function call access (browser-plugins.rules) * 1:14358 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 5 ActiveX clsid access (browser-plugins.rules) * 1:1436 <-> DISABLED <-> POLICY-MULTIMEDIA Apple Quicktime User Agent access (policy-multimedia.rules) * 1:14360 <-> DISABLED <-> BROWSER-PLUGINS HardwareCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14362 <-> DISABLED <-> BROWSER-PLUGINS HardwareCtl Class ActiveX function call access (browser-plugins.rules) * 1:14364 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 6 ActiveX clsid access (browser-plugins.rules) * 1:14366 <-> DISABLED <-> BROWSER-PLUGINS VmdbQuery Class ActiveX clsid access (browser-plugins.rules) * 1:14368 <-> DISABLED <-> BROWSER-PLUGINS VmdbQuery Class ActiveX function call access (browser-plugins.rules) * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media download detected (file-identify.rules) * 1:14370 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj2 Class ActiveX clsid access (browser-plugins.rules) * 1:14372 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj2 Class ActiveX function call access (browser-plugins.rules) * 1:14374 <-> DISABLED <-> BROWSER-PLUGINS VmappPoll Class ActiveX clsid access (browser-plugins.rules) * 1:14376 <-> DISABLED <-> BROWSER-PLUGINS VmappPoll Class ActiveX function call access (browser-plugins.rules) * 1:14378 <-> DISABLED <-> BROWSER-PLUGINS VMClient Class ActiveX clsid access (browser-plugins.rules) * 1:14380 <-> DISABLED <-> BROWSER-PLUGINS VMClient Class ActiveX function call access (browser-plugins.rules) * 1:14382 <-> DISABLED <-> BROWSER-PLUGINS Pq2vcom.Pq2v ActiveX clsid access (browser-plugins.rules) * 1:14384 <-> DISABLED <-> BROWSER-PLUGINS Pq2vcom.Pq2v ActiveX function call access (browser-plugins.rules) * 1:14386 <-> DISABLED <-> BROWSER-PLUGINS VmdbSchema Class ActiveX clsid access (browser-plugins.rules) * 1:14388 <-> DISABLED <-> BROWSER-PLUGINS VmdbSchema Class ActiveX function call access (browser-plugins.rules) * 1:1439 <-> DISABLED <-> POLICY-MULTIMEDIA Shoutcast playlist redirection (policy-multimedia.rules) * 1:14394 <-> DISABLED <-> BROWSER-PLUGINS VixCOM.VixLib ActiveX clsid access (browser-plugins.rules) * 1:14396 <-> DISABLED <-> BROWSER-PLUGINS VixCOM.VixLib ActiveX function call access (browser-plugins.rules) * 1:14398 <-> DISABLED <-> BROWSER-PLUGINS vmappsdk.CuiObj ActiveX clsid access (browser-plugins.rules) * 1:144 <-> DISABLED <-> PROTOCOL-FTP ADMw0rm ftp login attempt (protocol-ftp.rules) * 1:1440 <-> DISABLED <-> POLICY-MULTIMEDIA Icecast playlist redirection (policy-multimedia.rules) * 1:14400 <-> DISABLED <-> BROWSER-PLUGINS vmappsdk.CuiObj ActiveX function call access (browser-plugins.rules) * 1:14402 <-> DISABLED <-> BROWSER-PLUGINS RemoteBrowseDlg Class ActiveX clsid access (browser-plugins.rules) * 1:14404 <-> DISABLED <-> BROWSER-PLUGINS RemoteBrowseDlg Class ActiveX function call access (browser-plugins.rules) * 1:14406 <-> DISABLED <-> BROWSER-PLUGINS RegVmsCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14408 <-> DISABLED <-> BROWSER-PLUGINS RegVmsCtl Class ActiveX function call access (browser-plugins.rules) * 1:1441 <-> DISABLED <-> PROTOCOL-TFTP GET nc.exe (protocol-tftp.rules) * 1:14410 <-> DISABLED <-> BROWSER-PLUGINS VmdbEnumTags Class ActiveX clsid access (browser-plugins.rules) * 1:14412 <-> DISABLED <-> BROWSER-PLUGINS VmdbEnumTags Class ActiveX function call access (browser-plugins.rules) * 1:14414 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 7 ActiveX clsid access (browser-plugins.rules) * 1:1442 <-> DISABLED <-> PROTOCOL-TFTP GET shadow (protocol-tftp.rules) * 1:14420 <-> DISABLED <-> BROWSER-PLUGINS VmdbDatabase Class ActiveX clsid access (browser-plugins.rules) * 1:14422 <-> DISABLED <-> BROWSER-PLUGINS VmdbDatabase Class ActiveX function call access (browser-plugins.rules) * 1:14424 <-> DISABLED <-> BROWSER-PLUGINS VMAppSdkUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14426 <-> DISABLED <-> BROWSER-PLUGINS VMAppSdkUtil Class ActiveX function call access (browser-plugins.rules) * 1:14428 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 8 ActiveX clsid access (browser-plugins.rules) * 1:1443 <-> DISABLED <-> PROTOCOL-TFTP GET passwd (protocol-tftp.rules) * 1:14430 <-> DISABLED <-> BROWSER-PLUGINS VMEnumStrings Class ActiveX clsid access (browser-plugins.rules) * 1:14432 <-> DISABLED <-> BROWSER-PLUGINS VMEnumStrings Class ActiveX function call access (browser-plugins.rules) * 1:14434 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 9 ActiveX clsid access (browser-plugins.rules) * 1:14436 <-> DISABLED <-> BROWSER-PLUGINS VMClientHost Class ActiveX clsid access (browser-plugins.rules) * 1:14438 <-> DISABLED <-> BROWSER-PLUGINS VMClientHost Class ActiveX function call access (browser-plugins.rules) * 1:1444 <-> DISABLED <-> PROTOCOL-TFTP Get (protocol-tftp.rules) * 1:14440 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 10 ActiveX clsid access (browser-plugins.rules) * 1:14442 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 11 ActiveX clsid access (browser-plugins.rules) * 1:14444 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 12 ActiveX clsid access (browser-plugins.rules) * 1:14446 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 13 ActiveX clsid access (browser-plugins.rules) * 1:14448 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SystemReconfigur ActiveX clsid access (browser-plugins.rules) * 1:1445 <-> DISABLED <-> INDICATOR-COMPROMISE FTP file_id.diz access possible warez site (indicator-compromise.rules) * 1:14450 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SystemReconfigur ActiveX function call access (browser-plugins.rules) * 1:14452 <-> DISABLED <-> BROWSER-PLUGINS vmhwcfg.NwzCompleted ActiveX clsid access (browser-plugins.rules) * 1:14454 <-> DISABLED <-> BROWSER-PLUGINS vmhwcfg.NwzCompleted ActiveX function call access (browser-plugins.rules) * 1:14456 <-> DISABLED <-> BROWSER-PLUGINS MksCompatCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14458 <-> DISABLED <-> BROWSER-PLUGINS MksCompatCtl Class ActiveX function call access (browser-plugins.rules) * 1:1446 <-> DISABLED <-> SERVER-MAIL vrfy root (server-mail.rules) * 1:14460 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 14 ActiveX clsid access (browser-plugins.rules) * 1:14466 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 15 ActiveX clsid access (browser-plugins.rules) * 1:14468 <-> DISABLED <-> BROWSER-PLUGINS Elevated.HostDeviceInfos ActiveX clsid access (browser-plugins.rules) * 1:1447 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server RDP attempt (policy-other.rules) * 1:14470 <-> DISABLED <-> BROWSER-PLUGINS Elevated.HostDeviceInfos ActiveX function call access (browser-plugins.rules) * 1:14472 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 16 ActiveX clsid access (browser-plugins.rules) * 1:14474 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 17 ActiveX clsid access (browser-plugins.rules) * 1:14476 <-> DISABLED <-> BROWSER-PLUGINS reconfig.GuestInfo ActiveX clsid access (browser-plugins.rules) * 1:14478 <-> DISABLED <-> BROWSER-PLUGINS reconfig.GuestInfo ActiveX function call access (browser-plugins.rules) * 1:1448 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server request attempt (policy-other.rules) * 1:14480 <-> DISABLED <-> BROWSER-PLUGINS VmappPropFrame Class ActiveX clsid access (browser-plugins.rules) * 1:14482 <-> DISABLED <-> BROWSER-PLUGINS VmappPropFrame Class ActiveX function call access (browser-plugins.rules) * 1:14484 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.VhdConverter ActiveX clsid access (browser-plugins.rules) * 1:14486 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.VhdConverter ActiveX function call access (browser-plugins.rules) * 1:14488 <-> DISABLED <-> BROWSER-PLUGINS VMSwitchCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14490 <-> DISABLED <-> BROWSER-PLUGINS VMSwitchCtl Class ActiveX function call access (browser-plugins.rules) * 1:14492 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 18 ActiveX clsid access (browser-plugins.rules) * 1:14494 <-> DISABLED <-> BROWSER-PLUGINS VmdbUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14496 <-> DISABLED <-> BROWSER-PLUGINS VmdbUtil Class ActiveX function call access (browser-plugins.rules) * 1:14498 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 19 ActiveX clsid access (browser-plugins.rules) * 1:1450 <-> DISABLED <-> SERVER-MAIL Vintra Mailserver expn *@ (server-mail.rules) * 1:14500 <-> DISABLED <-> BROWSER-PLUGINS VMwareVpcCvt.VpcC ActiveX clsid access (browser-plugins.rules) * 1:14502 <-> DISABLED <-> BROWSER-PLUGINS VMwareVpcCvt.VpcC ActiveX function call access (browser-plugins.rules) * 1:14504 <-> DISABLED <-> BROWSER-PLUGINS VmdbCnxUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14506 <-> DISABLED <-> BROWSER-PLUGINS VmdbCnxUtil Class ActiveX function call access (browser-plugins.rules) * 1:14508 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrive ActiveX clsid access (browser-plugins.rules) * 1:1451 <-> DISABLED <-> SERVER-WEBAPP NPH-maillist access (server-webapp.rules) * 1:14510 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrive ActiveX function call access (browser-plugins.rules) * 1:14512 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 20 ActiveX clsid access (browser-plugins.rules) * 1:14514 <-> DISABLED <-> BROWSER-PLUGINS VMClientVM Class ActiveX clsid access (browser-plugins.rules) * 1:14516 <-> DISABLED <-> BROWSER-PLUGINS VMClientVM Class ActiveX function call access (browser-plugins.rules) * 1:14518 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 21 ActiveX clsid access (browser-plugins.rules) * 1:1452 <-> DISABLED <-> SERVER-WEBAPP args.cmd access (server-webapp.rules) * 1:14520 <-> DISABLED <-> BROWSER-PLUGINS Elevated.VMXCreator ActiveX clsid access (browser-plugins.rules) * 1:14522 <-> DISABLED <-> BROWSER-PLUGINS Elevated.VMXCreator ActiveX function call access (browser-plugins.rules) * 1:14524 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 22 ActiveX clsid access (browser-plugins.rules) * 1:14526 <-> DISABLED <-> BROWSER-PLUGINS HotfixWz Class ActiveX clsid access (browser-plugins.rules) * 1:14528 <-> DISABLED <-> BROWSER-PLUGINS HotfixWz Class ActiveX function call access (browser-plugins.rules) * 1:1453 <-> DISABLED <-> SERVER-WEBAPP AT-generated.cgi access (server-webapp.rules) * 1:14530 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdates Class ActiveX clsid access (browser-plugins.rules) * 1:14532 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdates Class ActiveX function call access (browser-plugins.rules) * 1:14534 <-> DISABLED <-> BROWSER-PLUGINS VMListCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14536 <-> DISABLED <-> BROWSER-PLUGINS VMListCtl Class ActiveX function call access (browser-plugins.rules) * 1:14538 <-> DISABLED <-> BROWSER-PLUGINS CheckedListViewWnd Class ActiveX clsid access (browser-plugins.rules) * 1:1454 <-> DISABLED <-> SERVER-WEBAPP wwwwais access (server-webapp.rules) * 1:14540 <-> DISABLED <-> BROWSER-PLUGINS CheckedListViewWnd Class ActiveX function call access (browser-plugins.rules) * 1:14542 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 23 ActiveX clsid access (browser-plugins.rules) * 1:14544 <-> DISABLED <-> BROWSER-PLUGINS VmdbTreeCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14546 <-> DISABLED <-> BROWSER-PLUGINS VmdbTreeCtl Class ActiveX function call access (browser-plugins.rules) * 1:14548 <-> DISABLED <-> BROWSER-PLUGINS Nwz Class ActiveX clsid access (browser-plugins.rules) * 1:1455 <-> DISABLED <-> SERVER-WEBAPP calendar.pl access (server-webapp.rules) * 1:14550 <-> DISABLED <-> BROWSER-PLUGINS Nwz Class ActiveX function call access (browser-plugins.rules) * 1:14552 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrives ActiveX clsid access (browser-plugins.rules) * 1:14554 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrives ActiveX function call access (browser-plugins.rules) * 1:14556 <-> DISABLED <-> BROWSER-PLUGINS MksCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14558 <-> DISABLED <-> BROWSER-PLUGINS MksCtl Class ActiveX function call access (browser-plugins.rules) * 1:1456 <-> DISABLED <-> SERVER-WEBAPP calender_admin.pl access (server-webapp.rules) * 1:14560 <-> DISABLED <-> BROWSER-PLUGINS VmappPropPath Class ActiveX clsid access (browser-plugins.rules) * 1:14562 <-> DISABLED <-> BROWSER-PLUGINS VmappPropPath Class ActiveX function call access (browser-plugins.rules) * 1:14564 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 24 ActiveX clsid access (browser-plugins.rules) * 1:14566 <-> DISABLED <-> BROWSER-PLUGINS PolicyCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14568 <-> DISABLED <-> BROWSER-PLUGINS PolicyCtl Class ActiveX function call access (browser-plugins.rules) * 1:1457 <-> DISABLED <-> SERVER-WEBAPP user_update_admin.pl access (server-webapp.rules) * 1:14570 <-> DISABLED <-> BROWSER-PLUGINS VmdbParseError Class ActiveX clsid access (browser-plugins.rules) * 1:14572 <-> DISABLED <-> BROWSER-PLUGINS VmdbParseError Class ActiveX function call access (browser-plugins.rules) * 1:14574 <-> DISABLED <-> BROWSER-PLUGINS NavigationCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14576 <-> DISABLED <-> BROWSER-PLUGINS NavigationCtl Class ActiveX function call access (browser-plugins.rules) * 1:14578 <-> DISABLED <-> BROWSER-PLUGINS VMList Class ActiveX clsid access (browser-plugins.rules) * 1:1458 <-> DISABLED <-> SERVER-WEBAPP user_update_passwd.pl access (server-webapp.rules) * 1:14580 <-> DISABLED <-> BROWSER-PLUGINS VMList Class ActiveX function call access (browser-plugins.rules) * 1:14582 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 25 ActiveX clsid access (browser-plugins.rules) * 1:14584 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 26 ActiveX clsid access (browser-plugins.rules) * 1:14586 <-> DISABLED <-> BROWSER-PLUGINS CurrentVMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14588 <-> DISABLED <-> BROWSER-PLUGINS CurrentVMCtl Class ActiveX function call access (browser-plugins.rules) * 1:1459 <-> DISABLED <-> SERVER-WEBAPP bb-histlog.sh access (server-webapp.rules) * 1:14590 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibHelper ActiveX clsid access (browser-plugins.rules) * 1:14592 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibHelper ActiveX function call access (browser-plugins.rules) * 1:14594 <-> DISABLED <-> BROWSER-PLUGINS Peachtree Accounting 2004 ActiveX clsid access (browser-plugins.rules) * 1:14596 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne VSFlexGrid ActiveX clsid access (browser-plugins.rules) * 1:14598 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne VSFlexGrid ActiveX function call access (browser-plugins.rules) * 1:146 <-> DISABLED <-> MALWARE-BACKDOOR NetSphere access (malware-backdoor.rules) * 1:1460 <-> DISABLED <-> SERVER-WEBAPP bb-histsvc.sh access (server-webapp.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14603 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveReport ARViewer2 ActiveX clsid access (browser-plugins.rules) * 1:14605 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveReport ARViewer2 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:1461 <-> DISABLED <-> SERVER-WEBAPP bb-rep.sh access (server-webapp.rules) * 1:14610 <-> DISABLED <-> SERVER-WEBAPP Joomla invalid token administrative password reset attempt (server-webapp.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:1462 <-> DISABLED <-> SERVER-WEBAPP bb-replog.sh access (server-webapp.rules) * 1:1463 <-> DISABLED <-> POLICY-SOCIAL IRC message (policy-social.rules) * 1:14631 <-> DISABLED <-> BROWSER-PLUGINS Husdawg System Requirements Lab Control ActiveX clsid access (browser-plugins.rules) * 1:14633 <-> DISABLED <-> BROWSER-PLUGINS PhotoStockPlus ActiveX clsid access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14637 <-> DISABLED <-> BROWSER-PLUGINS Microsoft PicturePusher ActiveX clsid access (browser-plugins.rules) * 1:14639 <-> DISABLED <-> BROWSER-PLUGINS Microsoft PicturePusher ActiveX function call access (browser-plugins.rules) * 1:1464 <-> DISABLED <-> INDICATOR-COMPROMISE oracle one hour install (indicator-compromise.rules) * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules) * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createRange cross domain scripting (browser-ie.rules) * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:1465 <-> DISABLED <-> SERVER-WEBAPP auktion.cgi access (server-webapp.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14656 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS mouseevent PII disclosure attempt (browser-ie.rules) * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules) * 1:1466 <-> DISABLED <-> SERVER-WEBAPP cgiforum.pl access (server-webapp.rules) * 1:1467 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi access (server-webapp.rules) * 1:1468 <-> DISABLED <-> SERVER-WEBAPP Web Shopper shopper.cgi attempt (server-webapp.rules) * 1:1469 <-> DISABLED <-> SERVER-WEBAPP Web Shopper shopper.cgi access (server-webapp.rules) * 1:147 <-> DISABLED <-> MALWARE-BACKDOOR GateCrasher (malware-backdoor.rules) * 1:1470 <-> DISABLED <-> SERVER-WEBAPP listrec.pl access (server-webapp.rules) * 1:1471 <-> DISABLED <-> SERVER-WEBAPP mailnews.cgi access (server-webapp.rules) * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules) * 1:1472 <-> DISABLED <-> SERVER-WEBAPP book.cgi access (server-webapp.rules) * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:1473 <-> DISABLED <-> SERVER-WEBAPP newsdesk.cgi access (server-webapp.rules) * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules) * 1:1474 <-> DISABLED <-> SERVER-WEBAPP cal_make.pl access (server-webapp.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules) * 1:14744 <-> DISABLED <-> BROWSER-PLUGINS Hummingbird HostExplorer ActiveX clsid access (browser-plugins.rules) * 1:14746 <-> DISABLED <-> BROWSER-PLUGINS Autodesk DWF Viewer ActiveX clsid access (browser-plugins.rules) * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules) * 1:1475 <-> DISABLED <-> SERVER-WEBAPP mailit.pl access (server-webapp.rules) * 1:14750 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX function call access (browser-plugins.rules) * 1:14752 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks Desktop Management ActiveX clsid access (browser-plugins.rules) * 1:14754 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks Desktop Management ActiveX function call access (browser-plugins.rules) * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:1476 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules) * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:14778 <-> DISABLED <-> BROWSER-PLUGINS Dart Communications PowerTCP FTP ActiveX clsid access (browser-plugins.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules) * 1:14780 <-> DISABLED <-> BROWSER-PLUGINS Dart Communications PowerTCP FTP ActiveX function call access (browser-plugins.rules) * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:1479 <-> DISABLED <-> SERVER-WEBAPP ttawebtop.cgi arbitrary file attempt (server-webapp.rules) * 1:1480 <-> DISABLED <-> SERVER-WEBAPP ttawebtop.cgi access (server-webapp.rules) * 1:1481 <-> DISABLED <-> SERVER-WEBAPP upload.cgi access (server-webapp.rules) * 1:1482 <-> DISABLED <-> SERVER-WEBAPP view_source access (server-webapp.rules) * 1:1483 <-> DISABLED <-> SERVER-WEBAPP ustorekeeper.pl access (server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (server-iis.rules) * 1:1486 <-> DISABLED <-> SERVER-IIS ctss.idc access (server-iis.rules) * 1:1487 <-> DISABLED <-> SERVER-IIS /iisadmpwd/aexp2.htr access (server-iis.rules) * 1:1488 <-> DISABLED <-> SERVER-WEBAPP store.cgi directory traversal attempt (server-webapp.rules) * 1:1489 <-> DISABLED <-> SERVER-WEBAPP nobody access (server-webapp.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:1490 <-> DISABLED <-> SERVER-WEBAPP Phorum /support/common.php attempt (server-webapp.rules) * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:1491 <-> DISABLED <-> SERVER-WEBAPP Phorum /support/common.php access (server-webapp.rules) * 1:1492 <-> DISABLED <-> SERVER-WEBAPP RBS ISP /newuser directory traversal attempt (server-webapp.rules) * 1:1493 <-> DISABLED <-> SERVER-WEBAPP RBS ISP /newuser access (server-webapp.rules) * 1:1494 <-> DISABLED <-> SERVER-WEBAPP SIX webboard generate.cgi attempt (server-webapp.rules) * 1:1495 <-> DISABLED <-> SERVER-WEBAPP SIX webboard generate.cgi access (server-webapp.rules) * 1:1496 <-> DISABLED <-> SERVER-WEBAPP spin_client.cgi access (server-webapp.rules) * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules) * 1:1499 <-> DISABLED <-> SERVER-WEBAPP SiteScope Service access (server-webapp.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules) * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules) * 1:14993 <-> DISABLED <-> BROWSER-PLUGINS Visagesoft eXPert PDF Viewer ActiveX clsid access (browser-plugins.rules) * 1:14995 <-> DISABLED <-> BROWSER-PLUGINS Visagesoft eXPert PDF Viewer ActiveX function call access (browser-plugins.rules) * 1:14997 <-> DISABLED <-> BROWSER-PLUGINS DjVu MSOffice Converter ActiveX clsid access (browser-plugins.rules) * 1:14999 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Debug Diagnostic Tool ActiveX clsid access (browser-plugins.rules) * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules) * 1:15001 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Debug Diagnostic Tool ActiveX function call access (browser-plugins.rules) * 1:15003 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX clsid access (browser-plugins.rules) * 1:15005 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX function call access (browser-plugins.rules) * 1:15007 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems / Adobe getPlus Download Manager ActiveX clsid access (browser-plugins.rules) * 1:1501 <-> DISABLED <-> SERVER-WEBAPP a1stats a1disp3.cgi directory traversal attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules) * 1:1502 <-> DISABLED <-> SERVER-WEBAPP a1stats a1disp3.cgi access (server-webapp.rules) * 1:1503 <-> DISABLED <-> SERVER-WEBAPP admentor admin.asp access (server-webapp.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:1505 <-> DISABLED <-> SERVER-WEBAPP alchemy http server PRN arbitrary command execution attempt (server-webapp.rules) * 1:1506 <-> DISABLED <-> SERVER-WEBAPP alchemy http server NUL arbitrary command execution attempt (server-webapp.rules) * 1:15069 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui mdrmsap ActiveX clsid access (browser-plugins.rules) * 1:1507 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl arbitrary command execution attempt (server-webapp.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:1508 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl access (server-webapp.rules) * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules) * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules) * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15088 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Charts ActiveX clsid access (browser-plugins.rules) * 1:1509 <-> DISABLED <-> SERVER-WEBAPP AltaVista Intranet Search directory traversal attempt (server-webapp.rules) * 1:15090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Charts ActiveX function call access (browser-plugins.rules) * 1:15092 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic DataGrid ActiveX clsid access (browser-plugins.rules) * 1:15094 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic DataGrid ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules) * 1:1510 <-> DISABLED <-> SERVER-WEBAPP test.bat arbitrary command execution attempt (server-webapp.rules) * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:1511 <-> DISABLED <-> SERVER-WEBAPP test.bat access (server-webapp.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:1512 <-> DISABLED <-> SERVER-WEBAPP input.bat arbitrary command execution attempt (server-webapp.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules) * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:1513 <-> DISABLED <-> SERVER-WEBAPP input.bat access (server-webapp.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:1514 <-> DISABLED <-> SERVER-WEBAPP input2.bat arbitrary command execution attempt (server-webapp.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:1515 <-> DISABLED <-> SERVER-WEBAPP input2.bat access (server-webapp.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15159 <-> DISABLED <-> BROWSER-PLUGINS Evans FTP ActiveX clsid access (browser-plugins.rules) * 1:1516 <-> DISABLED <-> SERVER-WEBAPP envout.bat arbitrary command execution attempt (server-webapp.rules) * 1:15161 <-> DISABLED <-> BROWSER-PLUGINS Evans FTP ActiveX function call access (browser-plugins.rules) * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules) * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG pathSegList memory corruption attempt (browser-firefox.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:1517 <-> DISABLED <-> SERVER-WEBAPP envout.bat access (server-webapp.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15173 <-> DISABLED <-> BROWSER-PLUGINS Phoenician Casino ActiveX clsid access (browser-plugins.rules) * 1:15175 <-> DISABLED <-> BROWSER-PLUGINS Phoenician Casino ActiveX function call access (browser-plugins.rules) * 1:15177 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:15179 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:1518 <-> DISABLED <-> SERVER-WEBAPP nstelemetry.adp access (server-webapp.rules) * 1:15181 <-> DISABLED <-> BROWSER-PLUGINS SaschArt SasCam Webcam Server ActiveX clsid access (browser-plugins.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:1519 <-> DISABLED <-> SERVER-WEBAPP apache ?M=D directory list attempt (server-webapp.rules) * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules) * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33176 <-> DISABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> DISABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33181 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33182 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Adobe Flash request (exploit-kit.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules) * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules) * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:332 <-> DISABLED <-> PROTOCOL-FINGER 0 query (protocol-finger.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33201 <-> DISABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33202 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:1568 <-> DISABLED <-> SERVER-IIS /exchange/root.asp access (server-iis.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules) * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:1569 <-> DISABLED <-> SERVER-WEBAPP loadpage.cgi directory traversal attempt (server-webapp.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:157 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Client FTP Open Request (malware-backdoor.rules) * 1:1570 <-> DISABLED <-> SERVER-WEBAPP loadpage.cgi access (server-webapp.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:1571 <-> DISABLED <-> SERVER-WEBAPP dcforum.cgi directory traversal attempt (server-webapp.rules) * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules) * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:1572 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi arbitrary file access attempt (server-webapp.rules) * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules) * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules) * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules) * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:1573 <-> DISABLED <-> SERVER-WEBAPP cgiforum.pl attempt (server-webapp.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules) * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:1574 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi attempt (server-webapp.rules) * 1:1575 <-> DISABLED <-> SERVER-WEBAPP Domino mab.nsf access (server-webapp.rules) * 1:1576 <-> DISABLED <-> SERVER-WEBAPP Domino cersvr.nsf access (server-webapp.rules) * 1:1577 <-> DISABLED <-> SERVER-WEBAPP Domino setup.nsf access (server-webapp.rules) * 1:1578 <-> DISABLED <-> SERVER-WEBAPP Domino statrep.nsf access (server-webapp.rules) * 1:1579 <-> DISABLED <-> SERVER-WEBAPP Domino webadmin.nsf access (server-webapp.rules) * 1:158 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Server FTP Open Reply (malware-backdoor.rules) * 1:1580 <-> DISABLED <-> SERVER-WEBAPP Domino events4.nsf access (server-webapp.rules) * 1:1581 <-> DISABLED <-> SERVER-WEBAPP Domino ntsync4.nsf access (server-webapp.rules) * 1:1582 <-> DISABLED <-> SERVER-WEBAPP Domino collect4.nsf access (server-webapp.rules) * 1:1583 <-> DISABLED <-> SERVER-WEBAPP Domino mailw46.nsf access (server-webapp.rules) * 1:1584 <-> DISABLED <-> SERVER-WEBAPP Domino bookmark.nsf access (server-webapp.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:1585 <-> DISABLED <-> SERVER-WEBAPP Domino agentrunner.nsf access (server-webapp.rules) * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:1586 <-> DISABLED <-> SERVER-WEBAPP Domino mail.box access (server-webapp.rules) * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules) * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules) * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules) * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:1587 <-> DISABLED <-> SERVER-WEBAPP cgitest.exe access (server-webapp.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules) * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules) * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules) * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules) * 1:15878 <-> DISABLED <-> BROWSER-PLUGINS AcerCtrls.APlunch ActiveX clsid access (browser-plugins.rules) * 1:1588 <-> DISABLED <-> SERVER-WEBAPP SalesLogix Eviewer access (server-webapp.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:1589 <-> DISABLED <-> SERVER-WEBAPP musicat empower attempt (server-webapp.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:1590 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt (server-webapp.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:1591 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi access (server-webapp.rules) * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:1592 <-> DISABLED <-> SERVER-WEBAPP /fcgi-bin/echo.exe access (server-webapp.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15926 <-> DISABLED <-> BROWSER-PLUGINS PPStream PPSMediaList ActiveX clsid access (browser-plugins.rules) * 1:15928 <-> DISABLED <-> BROWSER-PLUGINS PPStream PPSMediaList ActiveX function call access (browser-plugins.rules) * 1:1593 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi external site redirection attempt (server-webapp.rules) * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15933 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer URL canonicalization address bar spoofing attempt (browser-ie.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:1594 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi access (server-webapp.rules) * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules) * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules) * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:1595 <-> DISABLED <-> SERVER-IIS htimage.exe access (server-iis.rules) * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules) * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules) * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules) * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules) * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules) * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules) * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules) * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:1597 <-> DISABLED <-> SERVER-WEBAPP guestbook.cgi access (server-webapp.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15974 <-> DISABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:1598 <-> DISABLED <-> SERVER-WEBAPP Home Free search.cgi directory traversal attempt (server-webapp.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15982 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (server-webapp.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:1599 <-> DISABLED <-> SERVER-WEBAPP search.cgi access (server-webapp.rules) * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules) * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules) * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules) * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules) * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:1600 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary configuration file attempt (server-webapp.rules) * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules) * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules) * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules) * 1:1601 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary file read attempt (server-webapp.rules) * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules) * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules) * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules) * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules) * 1:1602 <-> DISABLED <-> SERVER-WEBAPP htsearch access (server-webapp.rules) * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules) * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules) * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules) * 1:16028 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameters invalid memory access attempt (server-webapp.rules) * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules) * 1:1603 <-> DISABLED <-> SERVER-WEBAPP DELETE attempt (server-webapp.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules) * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules) * 1:1604 <-> DISABLED <-> SERVER-WEBAPP iChat directory traversal attempt (server-webapp.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules) * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules) * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules) * 1:1605 <-> DISABLED <-> SERVER-OTHER iParty DOS attempt (server-other.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules) * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules) * 1:16056 <-> DISABLED <-> SERVER-WEBAPP Symantec Scan Engine authentication bypass attempt (server-webapp.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:1606 <-> DISABLED <-> SERVER-WEBAPP icat access (server-webapp.rules) * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules) * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules) * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules) * 1:1607 <-> DISABLED <-> SERVER-WEBAPP HyperSeek hsx.cgi access (server-webapp.rules) * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules) * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules) * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16078 <-> DISABLED <-> SERVER-WEBAPP PHP memory_limit vulnerability exploit attempt (server-webapp.rules) * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules) * 1:1608 <-> DISABLED <-> SERVER-WEBAPP htmlscript attempt (server-webapp.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules) * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules) * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16093 <-> ENABLED <-> MALWARE-CNC bugsprey variant inbound connection (malware-cnc.rules) * 1:16094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.exchan.gen variant outbound connection (malware-cnc.rules) * 1:16095 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection getfile (malware-cnc.rules) * 1:16096 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection download (malware-cnc.rules) * 1:16097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vvm variant outbound connection (malware-cnc.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.wdv variant outbound connection (malware-cnc.rules) * 1:161 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Client connect (malware-backdoor.rules) * 1:1610 <-> DISABLED <-> SERVER-WEBAPP formmail arbitrary command execution attempt (server-webapp.rules) * 1:16100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection file.exe (malware-cnc.rules) * 1:16101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection 57329.exe (malware-cnc.rules) * 1:16102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection sft_ver1.1454.0.exe (malware-cnc.rules) * 1:16103 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules) * 1:16104 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules) * 1:16105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob variant outbound connection topqualityads (malware-cnc.rules) * 1:16106 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules) * 1:16107 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules) * 1:16108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.exchanger.gen2 variant outbound connection (malware-cnc.rules) * 1:16109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection onestoponlineshop (malware-cnc.rules) * 1:1611 <-> DISABLED <-> SERVER-WEBAPP eXtropia webstore access (server-webapp.rules) * 1:16110 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection childhe (malware-cnc.rules) * 1:16111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv installtime detection (malware-cnc.rules) * 1:16112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vhb variant outbound connection contact remote server (malware-cnc.rules) * 1:16113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vhb variant outbound connection request login page (malware-cnc.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:1612 <-> DISABLED <-> SERVER-WEBAPP ftp.pl attempt (server-webapp.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.nsis.agent.s variant outbound connection (malware-cnc.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:1613 <-> DISABLED <-> SERVER-WEBAPP handler attempt (server-webapp.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16139 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gen2 variant outbound connection scanner page (malware-cnc.rules) * 1:1614 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise gwweb.exe attempt (server-webapp.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules) * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules) * 1:16149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:1615 <-> DISABLED <-> SERVER-WEBAPP htgrep attempt (server-webapp.rules) * 1:16150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:16151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized or deleted object access attempt (browser-ie.rules) * 1:16152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer table layout unitialized or deleted object access attempt (browser-ie.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer indexing service malformed parameters (browser-ie.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16159 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (browser-plugins.rules) * 1:1616 <-> DISABLED <-> PROTOCOL-DNS named version attempt (protocol-dns.rules) * 1:16161 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (browser-plugins.rules) * 1:16163 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (browser-plugins.rules) * 1:16165 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (browser-plugins.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:1617 <-> DISABLED <-> SERVER-WEBAPP Bugzilla doeditvotes.cgi access (server-webapp.rules) * 1:16172 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D line set heap corruption attempt (file-pdf.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:1618 <-> DISABLED <-> SERVER-IIS .asp chunked Transfer-Encoding (server-iis.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:16188 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules) * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules) * 1:162 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Server access (malware-backdoor.rules) * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules) * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules) * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules) * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules) * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules) * 1:1621 <-> DISABLED <-> PROTOCOL-FTP CMD overflow attempt (protocol-ftp.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16218 <-> DISABLED <-> SERVER-WEBAPP Content-Length request offset smuggling attempt (server-webapp.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:1622 <-> DISABLED <-> PROTOCOL-FTP RNFR ././ attempt (protocol-ftp.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16221 <-> DISABLED <-> OS-WINDOWS Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial of service attempt (os-windows.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:1623 <-> DISABLED <-> PROTOCOL-FTP invalid MODE (protocol-ftp.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:1624 <-> DISABLED <-> PROTOCOL-FTP PWD overflow attempt (protocol-ftp.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16242 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection adload (malware-cnc.rules) * 1:16243 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection 3264.php (malware-cnc.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:1625 <-> DISABLED <-> PROTOCOL-FTP SYST overflow attempt (protocol-ftp.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:1626 <-> DISABLED <-> SERVER-IIS /StoreCSVS/InstantOrder.asmx request (server-iis.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (malware-cnc.rules) * 1:16272 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection lordhack (malware-cnc.rules) * 1:16273 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection dxcpm (malware-cnc.rules) * 1:16274 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection connect to server (malware-cnc.rules) * 1:16275 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection download files (malware-cnc.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:1628 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi directory traversal attempt attempt (server-webapp.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules) * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules) * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:163 <-> DISABLED <-> MALWARE-BACKDOOR WinCrash 1.0 Server Active (malware-backdoor.rules) * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:16305 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16307 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mouse move during refresh memory corruption attempt (browser-ie.rules) * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16326 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 DOM memory corruption attempt (browser-ie.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16330 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer orphan DOM objects memory corruption attempt (browser-ie.rules) * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16340 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules) * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:1635 <-> DISABLED <-> PROTOCOL-POP APOP overflow attempt (protocol-pop.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules) * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16358 <-> DISABLED <-> MALWARE-CNC bugsprey variant outbound connection (malware-cnc.rules) * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:1636 <-> DISABLED <-> SERVER-OTHER Xtramail Username overflow attempt (server-other.rules) * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:1637 <-> DISABLED <-> SERVER-WEBAPP yabb access (server-webapp.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16373 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt (file-pdf.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:16377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:16379 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui sapirrfc ActiveX clsid access (browser-plugins.rules) * 1:1638 <-> DISABLED <-> INDICATOR-SCAN SSH Version map attempt (indicator-scan.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules) * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16386 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules) * 1:16388 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules) * 1:1639 <-> DISABLED <-> POLICY-SOCIAL IRC DCC file transfer request (policy-social.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules) * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules) * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules) * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules) * 1:1640 <-> DISABLED <-> POLICY-SOCIAL IRC DCC chat request (policy-social.rules) * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules) * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules) * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules) * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules) * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:1641 <-> DISABLED <-> SERVER-OTHER DB2 dos attempt (server-other.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:1642 <-> DISABLED <-> SERVER-WEBAPP document.d2w access (server-webapp.rules) * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (file-image.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:16427 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method (server-webapp.rules) * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules) * 1:16429 <-> DISABLED <-> SERVER-WEBAPP Novell iManager eDirectory plugin schema buffer overflow attempt - GET request (server-webapp.rules) * 1:1643 <-> DISABLED <-> SERVER-WEBAPP db2www access (server-webapp.rules) * 1:16430 <-> DISABLED <-> SERVER-WEBAPP Novell iManager eDirectory plugin schema buffer overflow attempt - POST request (server-webapp.rules) * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules) * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules) * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules) * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules) * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules) * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules) * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules) * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules) * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules) * 1:1645 <-> DISABLED <-> SERVER-WEBAPP testcgi access (server-webapp.rules) * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cutwail.AI variant outbound connection (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:1646 <-> DISABLED <-> SERVER-WEBAPP test.cgi access (server-webapp.rules) * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules) * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules) * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16475 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:1648 <-> DISABLED <-> SERVER-WEBAPP perl.exe command attempt (server-webapp.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:1649 <-> DISABLED <-> SERVER-WEBAPP perl command attempt (server-webapp.rules) * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16495 <-> DISABLED <-> MALWARE-CNC Rustock botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:1650 <-> DISABLED <-> SERVER-WEBAPP tst.bat access (server-webapp.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules) * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules) * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:16505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules) * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:1651 <-> DISABLED <-> SERVER-WEBAPP environ.pl access (server-webapp.rules) * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules) * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules) * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules) * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules) * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:1652 <-> DISABLED <-> SERVER-WEBAPP campas attempt (server-webapp.rules) * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules) * 1:16523 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:1654 <-> DISABLED <-> SERVER-WEBAPP cart32.exe access (server-webapp.rules) * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules) * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules) * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules) * 1:1655 <-> DISABLED <-> SERVER-WEBAPP pfdispaly.cgi arbitrary command execution attempt (server-webapp.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules) * 1:1656 <-> DISABLED <-> SERVER-WEBAPP pfdispaly.cgi access (server-webapp.rules) * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16565 <-> DISABLED <-> BROWSER-PLUGINS Ultra Shareware Office Control ActiveX clsid access (browser-plugins.rules) * 1:16566 <-> DISABLED <-> BROWSER-PLUGINS Tumbleweed SecureTransport ActiveX clsid access (browser-plugins.rules) * 1:16568 <-> DISABLED <-> BROWSER-PLUGINS Altnet Download Manager ADM4 ActiveX clsid access (browser-plugins.rules) * 1:16569 <-> DISABLED <-> BROWSER-PLUGINS EnjoySAP kweditcontrol ActiveX clsid access (browser-plugins.rules) * 1:1657 <-> DISABLED <-> SERVER-WEBAPP pagelog.cgi directory traversal attempt (server-webapp.rules) * 1:16571 <-> DISABLED <-> BROWSER-PLUGINS EnjoySAP kweditcontrol ActiveX function call access (browser-plugins.rules) * 1:16573 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via unescape (browser-plugins.rules) * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules) * 1:16575 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX buffer overflow attempt (browser-plugins.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:1658 <-> DISABLED <-> SERVER-WEBAPP pagelog.cgi access (server-webapp.rules) * 1:16580 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioFile2 ActiveX clsid access via object tag (browser-plugins.rules) * 1:16581 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX clsid unsafe function access attempt (browser-plugins.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16584 <-> DISABLED <-> BROWSER-IE Oracle Java Web Start arbitrary command execution attempt - Internet Explorer (browser-ie.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16587 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:16590 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX exploit attempt (browser-plugins.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules) * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules) * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16599 <-> DISABLED <-> BROWSER-PLUGINS AtHocGov IWSAlerts ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:1660 <-> DISABLED <-> SERVER-IIS trace.axd access (server-iis.rules) * 1:16600 <-> DISABLED <-> MALWARE-CNC Otlard Win.Trojan.activity (malware-cnc.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16608 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ActiveX control access attempt (browser-plugins.rules) * 1:16609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:1661 <-> DISABLED <-> SERVER-IIS cmd32.exe access (server-iis.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:1662 <-> DISABLED <-> SERVER-WEBAPP /~ftp access (server-webapp.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:1663 <-> DISABLED <-> SERVER-WEBAPP *%20.pl access (server-webapp.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules) * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules) * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules) * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:1664 <-> DISABLED <-> SERVER-WEBAPP mkplog.exe access (server-webapp.rules) * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules) * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules) * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules) * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules) * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules) * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules) * 1:16654 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules) * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:16658 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:16659 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:1666 <-> DISABLED <-> INDICATOR-COMPROMISE index of /cgi-bin/ response (indicator-compromise.rules) * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules) * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:1667 <-> DISABLED <-> SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt (server-webapp.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules) * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules) * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16678 <-> DISABLED <-> SERVER-WEBAPP Tandberg VCS local file disclosure attempt (server-webapp.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:1668 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/ access (server-webapp.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16681 <-> DISABLED <-> SERVER-WEBAPP Basic Authorization string overflow attempt (server-webapp.rules) * 1:16682 <-> DISABLED <-> SERVER-WEBAPP Oracle ONE Web Server JSP source code disclosure attempt (server-webapp.rules) * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules) * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16687 <-> DISABLED <-> BROWSER-PLUGINS Juniper Networks SSL-VPN Client JuniperSetup ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:1669 <-> DISABLED <-> SERVER-WEBAPP /cgi-dos/ access (server-webapp.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:16693 <-> ENABLED <-> MALWARE-CNC Torpig bot sinkhole server DNS lookup (malware-cnc.rules) * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:1670 <-> DISABLED <-> SERVER-WEBAPP /home/ftp access (server-webapp.rules) * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules) * 1:16704 <-> DISABLED <-> BROWSER-PLUGINS CA eTrust PestPatrol ActiveX Initialize method overflow attempt (browser-plugins.rules) * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules) * 1:1671 <-> DISABLED <-> SERVER-WEBAPP /home/www access (server-webapp.rules) * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules) * 1:16711 <-> DISABLED <-> BROWSER-PLUGINS E-Book Systems FlipViewer FlipViewerX.dll activex clsid access ActiveX clsid access (browser-plugins.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16714 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX Control access attempt (browser-plugins.rules) * 1:16715 <-> DISABLED <-> BROWSER-PLUGINS SaschArt SasCam Webcam Server ActiveX control exploit attempt (browser-plugins.rules) * 1:16716 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules) * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules) * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules) * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules) * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules) * 1:16725 <-> DISABLED <-> BROWSER-PLUGINS ActivePDF WebGrabber APWebGrb.ocx GetStatus method overflow attempt (browser-plugins.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16729 <-> DISABLED <-> BROWSER-PLUGINS McAfee Remediation client ActiveX control access attempt (browser-plugins.rules) * 1:1673 <-> DISABLED <-> SERVER-ORACLE EXECUTE_SYSTEM attempt (server-oracle.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:1674 <-> DISABLED <-> SERVER-ORACLE connect_data remote version detection attempt (server-oracle.rules) * 1:16740 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX control code execution attempt (browser-plugins.rules) * 1:16741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16745 <-> DISABLED <-> BROWSER-PLUGINS DjVu ActiveX control access attempt (browser-plugins.rules) * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:1675 <-> DISABLED <-> SERVER-ORACLE misparsed login response (server-oracle.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:1676 <-> DISABLED <-> SERVER-ORACLE select union attempt (server-oracle.rules) * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16767 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player SceneURL ActiveX clsid access (browser-plugins.rules) * 1:16769 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player ActiveX function call access (browser-plugins.rules) * 1:1677 <-> DISABLED <-> SERVER-ORACLE select like '%' attempt (server-oracle.rules) * 1:16771 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player WindsPlayerIE.View.1 ActiveX SceneURL method overflow attempt (browser-plugins.rules) * 1:16772 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules) * 1:16774 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX function call access (browser-plugins.rules) * 1:16776 <-> DISABLED <-> BROWSER-PLUGINS KeyWorks KeyHelp ActiveX control JumpURL method access attempt (browser-plugins.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16779 <-> DISABLED <-> BROWSER-PLUGINS EasyMail IMAP4 ActiveX clsid access (browser-plugins.rules) * 1:1678 <-> DISABLED <-> SERVER-ORACLE select like '%' attempt backslash escaped (server-oracle.rules) * 1:16781 <-> DISABLED <-> BROWSER-PLUGINS EasyMail IMAP4 ActiveX function call access (browser-plugins.rules) * 1:16783 <-> DISABLED <-> BROWSER-PLUGINS Autodesk iDrop ActiveX clsid access (browser-plugins.rules) * 1:16784 <-> DISABLED <-> BROWSER-PLUGINS Autodesk iDrop ActiveX function call access (browser-plugins.rules) * 1:16785 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Winds3D Player SceneURL method command execution attempt (browser-plugins.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules) * 1:16789 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX object access attempt (browser-plugins.rules) * 1:1679 <-> DISABLED <-> SERVER-ORACLE describe attempt (server-oracle.rules) * 1:16790 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX clsid access attempt (browser-plugins.rules) * 1:16791 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EAI WebViewer3D ActiveX clsid access (browser-plugins.rules) * 1:16793 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EAI WebViewer3D ActiveX function call access (browser-plugins.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:1680 <-> DISABLED <-> SERVER-ORACLE all_constraints access (server-oracle.rules) * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16802 <-> DISABLED <-> BROWSER-PLUGINS WinDVD IASystemInfo.dll ActiveX clsid access (browser-plugins.rules) * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules) * 1:16805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E config check (malware-cnc.rules) * 1:16806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - FTP upload seclog (malware-cnc.rules) * 1:16807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - FTP Upload ps_dump (malware-cnc.rules) * 1:16808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - register client (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:1681 <-> DISABLED <-> SERVER-ORACLE all_views access (server-oracle.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1682 <-> DISABLED <-> SERVER-ORACLE all_source access (server-oracle.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1683 <-> DISABLED <-> SERVER-ORACLE all_tables access (server-oracle.rules) * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1684 <-> DISABLED <-> SERVER-ORACLE all_tab_columns access (server-oracle.rules) * 1:1685 <-> DISABLED <-> SERVER-ORACLE all_tab_privs access (server-oracle.rules) * 1:1686 <-> DISABLED <-> SERVER-ORACLE dba_tablespace access (server-oracle.rules) * 1:1687 <-> DISABLED <-> SERVER-ORACLE dba_tables access (server-oracle.rules) * 1:1688 <-> DISABLED <-> SERVER-ORACLE user_tablespace access (server-oracle.rules) * 1:1689 <-> DISABLED <-> SERVER-ORACLE sys.all_users access (server-oracle.rules) * 1:1690 <-> DISABLED <-> SERVER-ORACLE grant attempt (server-oracle.rules) * 1:1691 <-> DISABLED <-> SERVER-ORACLE ALTER USER attempt (server-oracle.rules) * 1:16911 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - ucsp0416.exe?t= (malware-cnc.rules) * 1:16912 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - net/cfg2.bin (malware-cnc.rules) * 1:16913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - count_log/log/boot.php?p= (malware-cnc.rules) * 1:16914 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .bin?ucsp (malware-cnc.rules) * 1:16915 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /MNG/Download/?File=AZF (malware-cnc.rules) * 1:16916 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /jarun/jezerce (malware-cnc.rules) * 1:16917 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ekaterina/velika (malware-cnc.rules) * 1:16918 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ultimate/fight (malware-cnc.rules) * 1:16919 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /tmp/pm.exe?t= (malware-cnc.rules) * 1:1692 <-> DISABLED <-> SERVER-ORACLE drop table attempt (server-oracle.rules) * 1:16920 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /DownLoadFile/BaePo/ver (malware-cnc.rules) * 1:16921 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /s1/launcher/update/Update/data/ (malware-cnc.rules) * 1:16922 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (malware-cnc.rules) * 1:16923 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /search.php?username=coolweb07&keywords= (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:16925 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /message.php?subid= (malware-cnc.rules) * 1:16926 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (malware-cnc.rules) * 1:16927 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MGWEB.php?c=TestUrl (malware-cnc.rules) * 1:16928 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (malware-cnc.rules) * 1:16929 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - gate.php?guid= (malware-cnc.rules) * 1:1693 <-> DISABLED <-> SERVER-ORACLE create table attempt (server-oracle.rules) * 1:16930 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - count.asp?mac= (malware-cnc.rules) * 1:16931 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - feedbigfoot.php?m= (malware-cnc.rules) * 1:16932 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /qqnongchang/qqkj. (malware-cnc.rules) * 1:16933 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /root/9 frt.rar (malware-cnc.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:1694 <-> DISABLED <-> SERVER-ORACLE alter table attempt (server-oracle.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:1695 <-> DISABLED <-> SERVER-ORACLE truncate table attempt (server-oracle.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:1696 <-> DISABLED <-> SERVER-ORACLE create database attempt (server-oracle.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:1697 <-> DISABLED <-> SERVER-ORACLE alter database attempt (server-oracle.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:1700 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe access (server-webapp.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:1701 <-> DISABLED <-> SERVER-WEBAPP calendar-admin.pl access (server-webapp.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:1702 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl access (server-webapp.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:1703 <-> DISABLED <-> SERVER-WEBAPP auktion.cgi directory traversal attempt (server-webapp.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules) * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules) * 1:1704 <-> DISABLED <-> SERVER-WEBAPP cal_make.pl directory traversal attempt (server-webapp.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:1705 <-> DISABLED <-> SERVER-WEBAPP echo.bat arbitrary command execution attempt (server-webapp.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules) * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules) * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:1706 <-> DISABLED <-> SERVER-WEBAPP echo.bat access (server-webapp.rules) * 1:17060 <-> DISABLED <-> BROWSER-PLUGINS Roxio CinePlayer SonicDVDDashVRNav.dll ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:17061 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Personal Firewall 2004 ActiveX clsid access (browser-plugins.rules) * 1:17063 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 1 ActiveX clsid access (browser-plugins.rules) * 1:17065 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 2 ActiveX clsid access (browser-plugins.rules) * 1:17067 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 3 ActiveX clsid access (browser-plugins.rules) * 1:17069 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 4 ActiveX clsid access (browser-plugins.rules) * 1:1707 <-> DISABLED <-> SERVER-WEBAPP hello.bat arbitrary command execution attempt (server-webapp.rules) * 1:17071 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 5 ActiveX clsid access (browser-plugins.rules) * 1:17073 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX clsid access (browser-plugins.rules) * 1:17075 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX function call access (browser-plugins.rules) * 1:17077 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin.1 ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:17078 <-> DISABLED <-> BROWSER-PLUGINS GOM Player GomWeb ActiveX clsid access (browser-plugins.rules) * 1:1708 <-> DISABLED <-> SERVER-WEBAPP hello.bat access (server-webapp.rules) * 1:17080 <-> DISABLED <-> BROWSER-PLUGINS GOM Player GomWeb ActiveX function call access (browser-plugins.rules) * 1:17082 <-> DISABLED <-> BROWSER-PLUGINS SonicWALL SSL-VPN NeLaunchCtrl ActiveX clsid access (browser-plugins.rules) * 1:17084 <-> DISABLED <-> BROWSER-PLUGINS Creative Software AutoUpdate Engine ActiveX clsid access (browser-plugins.rules) * 1:17086 <-> DISABLED <-> BROWSER-PLUGINS Creative Software AutoUpdate Engine CTSUEng.ocx ActiveX control access attempt (browser-plugins.rules) * 1:17087 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX clsid access (browser-plugins.rules) * 1:17089 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX function call access (browser-plugins.rules) * 1:1709 <-> DISABLED <-> SERVER-WEBAPP ad.cgi access (server-webapp.rules) * 1:17091 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX control OpenPDF buffer overflow attempt (browser-plugins.rules) * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules) * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules) * 1:17096 <-> DISABLED <-> BROWSER-PLUGINS AOL WinAmpX ActiveX clsid access (browser-plugins.rules) * 1:17098 <-> DISABLED <-> BROWSER-PLUGINS AOL IWinAmpActiveX class ConvertFile buffer overflow attempt (browser-plugins.rules) * 1:17099 <-> DISABLED <-> BROWSER-PLUGINS CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX clsid access (browser-plugins.rules) * 1:1710 <-> DISABLED <-> SERVER-WEBAPP bbs_forum.cgi access (server-webapp.rules) * 1:17101 <-> DISABLED <-> BROWSER-PLUGINS CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX function call access (browser-plugins.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17106 <-> ENABLED <-> FILE-IDENTIFY download of RMF file - potentially malicious (file-identify.rules) * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:1711 <-> DISABLED <-> SERVER-WEBAPP bsguest.cgi access (server-webapp.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules) * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules) * 1:1712 <-> DISABLED <-> SERVER-WEBAPP bslist.cgi access (server-webapp.rules) * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI cinepak codec decompression remote code execution attempt (file-multimedia.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:1713 <-> DISABLED <-> SERVER-WEBAPP cgforum.cgi access (server-webapp.rules) * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution attempt (browser-ie.rules) * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules) * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules) * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:17136 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 race condition exploit attempt (browser-ie.rules) * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:1714 <-> DISABLED <-> SERVER-WEBAPP newdesk access (server-webapp.rules) * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules) * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules) * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules) * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules) * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules) * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules) * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules) * 1:1715 <-> DISABLED <-> SERVER-WEBAPP register.cgi access (server-webapp.rules) * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules) * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules) * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules) * 1:1716 <-> DISABLED <-> SERVER-WEBAPP gbook.cgi access (server-webapp.rules) * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX control access (browser-plugins.rules) * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules) * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules) * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17167 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 1 ActiveX clsid access (browser-plugins.rules) * 1:17169 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 2 ActiveX clsid access (browser-plugins.rules) * 1:1717 <-> DISABLED <-> SERVER-WEBAPP simplestguest.cgi access (server-webapp.rules) * 1:17171 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 3 ActiveX clsid access (browser-plugins.rules) * 1:17173 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 4 ActiveX clsid access (browser-plugins.rules) * 1:17175 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 5 ActiveX clsid access (browser-plugins.rules) * 1:17177 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 6 ActiveX clsid access (browser-plugins.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:1718 <-> DISABLED <-> SERVER-WEBAPP statsconfig.pl access (server-webapp.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:1719 <-> DISABLED <-> SERVER-WEBAPP talkback.cgi directory traversal attempt (server-webapp.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:1720 <-> DISABLED <-> SERVER-WEBAPP talkback.cgi access (server-webapp.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules) * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules) * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules) * 1:1721 <-> DISABLED <-> SERVER-WEBAPP adcycle access (server-webapp.rules) * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules) * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules) * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:1722 <-> DISABLED <-> SERVER-WEBAPP MachineInfo access (server-webapp.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules) * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules) * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user attempt (server-other.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:1723 <-> DISABLED <-> SERVER-WEBAPP emumail.cgi NULL attempt (server-webapp.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17239 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers CREATE command buffer overflow attempt (server-mail.rules) * 1:1724 <-> DISABLED <-> SERVER-WEBAPP emumail.cgi access (server-webapp.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules) * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules) * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:1725 <-> DISABLED <-> SERVER-IIS +.htr code fragment attempt (server-iis.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules) * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:1726 <-> DISABLED <-> SERVER-IIS doctodep.btr access (server-iis.rules) * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules) * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules) * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:1727 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname access (server-webapp.rules) * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules) * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules) * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules) * 1:17282 <-> DISABLED <-> SERVER-OTHER Multiple products RAR archive decompression buffer overflow attempt (server-other.rules) * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules) * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules) * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules) * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules) * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:1729 <-> DISABLED <-> POLICY-SOCIAL IRC channel join (policy-social.rules) * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules) * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules) * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules) * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17296 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office Outlook Web Access XSRF attempt (server-webapp.rules) * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules) * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules) * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules) * 1:1730 <-> DISABLED <-> SERVER-WEBAPP ustorekeeper.pl directory traversal attempt (server-webapp.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules) * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:1731 <-> DISABLED <-> SERVER-WEBAPP a1stats access (server-webapp.rules) * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:17311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules) * 1:17316 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Folder GUID Code Execution attempt (os-windows.rules) * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules) * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:1732 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request UDP (protocol-rpc.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules) * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules) * 1:17323 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder unescaped (indicator-shellcode.rules) * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules) * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules) * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules) * 1:1733 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request TCP (protocol-rpc.rules) * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules) * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules) * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules) * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules) * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules) * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules) * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules) * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules) * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules) * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules) * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules) * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules) * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules) * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules) * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:1735 <-> DISABLED <-> BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt (browser-other.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules) * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules) * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules) * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules) * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:1736 <-> DISABLED <-> SERVER-WEBAPP squirrel mail spell-check arbitrary command attempt (server-webapp.rules) * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules) * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP Response Parsing Memory Corruption (browser-ie.rules) * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules) * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules) * 1:1737 <-> DISABLED <-> SERVER-WEBAPP squirrel mail theme arbitrary command attempt (server-webapp.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules) * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:1738 <-> DISABLED <-> SERVER-WEBAPP global.inc access (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules) * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules) * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules) * 1:1739 <-> DISABLED <-> SERVER-WEBAPP DNSTools administrator authentication bypass attempt (server-webapp.rules) * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:17391 <-> DISABLED <-> SERVER-OTHER Multiple products UNIX platform backslash directory traversal attempt (server-other.rules) * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules) * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:1740 <-> DISABLED <-> SERVER-WEBAPP DNSTools authentication bypass attempt (server-webapp.rules) * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules) * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules) * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules) * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules) * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules) * 1:1741 <-> DISABLED <-> SERVER-WEBAPP DNSTools access (server-webapp.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules) * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules) * 1:1742 <-> DISABLED <-> SERVER-WEBAPP Blahz-DNS dostuff.php modify user attempt (server-webapp.rules) * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules) * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules) * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules) * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:1743 <-> DISABLED <-> SERVER-WEBAPP Blahz-DNS dostuff.php access (server-webapp.rules) * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules) * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules) * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules) * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules) * 1:1744 <-> DISABLED <-> SERVER-WEBAPP SecureSite authentication bypass attempt (server-webapp.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules) * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules) * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules) * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules) * 1:1745 <-> DISABLED <-> SERVER-WEBAPP Messagerie supp_membre.php access (server-webapp.rules) * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules) * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:1746 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request UDP (protocol-rpc.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules) * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules) * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules) * 1:1747 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request TCP (protocol-rpc.rules) * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules) * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules) * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules) * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules) * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules) * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules) * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules) * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:1750 <-> DISABLED <-> SERVER-IIS users.xml access (server-iis.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:1751 <-> DISABLED <-> SERVER-OTHER cachefsd buffer overflow attempt (server-other.rules) * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules) * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:17518 <-> DISABLED <-> PROTOCOL-FTP FlashGet PWD command stack buffer overflow attempt (protocol-ftp.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules) * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules) * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules) * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules) * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules) * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules) * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules) * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules) * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules) * 1:1753 <-> DISABLED <-> SERVER-IIS as_web.exe access (server-iis.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules) * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules) * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:1754 <-> DISABLED <-> SERVER-IIS as_web4.exe access (server-iis.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules) * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules) * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules) * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules) * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules) * 1:1755 <-> DISABLED <-> PROTOCOL-IMAP partial body buffer overflow attempt (protocol-imap.rules) * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules) * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules) * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules) * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules) * 1:1756 <-> DISABLED <-> SERVER-IIS NewsPro administration authentication attempt (server-iis.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules) * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules) * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules) * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules) * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules) * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules) * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules) * 1:1757 <-> DISABLED <-> SERVER-WEBAPP b2 arbitrary command execution attempt (server-webapp.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules) * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules) * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules) * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules) * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS IBM SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules) * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules) * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules) * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules) * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:1759 <-> DISABLED <-> SQL xp_cmdshell program execution 445 (sql.rules) * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules) * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:17592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft MyInfo.dll ActiveX clsid access (browser-plugins.rules) * 1:17593 <-> DISABLED <-> BROWSER-PLUGINS Microsoft msdxm.ocx ActiveX clsid access (browser-plugins.rules) * 1:17594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft creator.dll 1 ActiveX clsid access (browser-plugins.rules) * 1:17595 <-> DISABLED <-> BROWSER-PLUGINS Microsoft creator.dll 2 ActiveX clsid access (browser-plugins.rules) * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules) * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules) * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules) * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules) * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules) * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17621 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules) * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:1763 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules) * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules) * 1:1764 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules) * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules) * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17648 <-> DISABLED <-> SERVER-IIS source code disclosure attempt (server-iis.rules) * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules) * 1:1765 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc access (server-webapp.rules) * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules) * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17654 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX exploit attempt (browser-plugins.rules) * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules) * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules) * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules) * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules) * 1:1766 <-> DISABLED <-> SERVER-WEBAPP search.dll directory listing attempt (server-webapp.rules) * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules) * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:1767 <-> DISABLED <-> SERVER-WEBAPP search.dll access (server-webapp.rules) * 1:17670 <-> DISABLED <-> BROWSER-PLUGINS BigAnt Office Manager ActiveX clsid access (browser-plugins.rules) * 1:17672 <-> DISABLED <-> BROWSER-PLUGINS BigAnt Office Manager ActiveX function call access (browser-plugins.rules) * 1:17674 <-> DISABLED <-> BROWSER-PLUGINS Skype Extras Manager ActiveX clsid access (browser-plugins.rules) * 1:17676 <-> DISABLED <-> BROWSER-PLUGINS Skype Extras Manager ActiveX function call access (browser-plugins.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules) * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:1769 <-> DISABLED <-> SERVER-WEBAPP .DS_Store access (server-webapp.rules) * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules) * 1:1770 <-> DISABLED <-> SERVER-WEBAPP .FBCIndex access (server-webapp.rules) * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules) * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules) * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules) * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules) * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules) * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules) * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules) * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:1772 <-> DISABLED <-> SERVER-IIS pbserver access (server-iis.rules) * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17724 <-> DISABLED <-> OS-WINDOWS Microsoft IIS malicious ASP file upload attempt (os-windows.rules) * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules) * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:1773 <-> DISABLED <-> SERVER-WEBAPP php.exe access (server-webapp.rules) * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules) * 1:17735 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17737 <-> DISABLED <-> SERVER-MAIL Microsoft collaboration data objects buffer overflow attempt (server-mail.rules) * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:1774 <-> DISABLED <-> SERVER-WEBAPP bb_smilies.php access (server-webapp.rules) * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules) * 1:17742 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption attempt (file-office.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules) * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules) * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:1775 <-> DISABLED <-> SERVER-MYSQL root login attempt (server-mysql.rules) * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules) * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules) * 1:1776 <-> DISABLED <-> SERVER-MYSQL show databases attempt (server-mysql.rules) * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules) * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules) * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules) * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules) * 1:1777 <-> DISABLED <-> PROTOCOL-FTP EXPLOIT STAT asterisk dos attempt (protocol-ftp.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules) * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17774 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS XSRF exploit attempt (browser-ie.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:1778 <-> DISABLED <-> PROTOCOL-FTP EXPLOIT STAT ? dos attempt (protocol-ftp.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (malware-cnc.rules) * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:1787 <-> DISABLED <-> SERVER-WEBAPP csPassword.cgi access (server-webapp.rules) * 1:1788 <-> DISABLED <-> SERVER-WEBAPP csPassword password.cgi.tmp access (server-webapp.rules) * 1:1789 <-> DISABLED <-> POLICY-SOCIAL IRC dns request (policy-social.rules) * 1:17898 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (malware-cnc.rules) * 1:17899 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /reques0.asp?kind=006&mac= (malware-cnc.rules) * 1:1790 <-> DISABLED <-> POLICY-SOCIAL IRC dns response (policy-social.rules) * 1:17900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /basic/cn3c2/c.*dll (malware-cnc.rules) * 1:17901 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /mybackup21.rar (malware-cnc.rules) * 1:17902 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /?getexe=loader.exe (malware-cnc.rules) * 1:17903 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - stid= (malware-cnc.rules) * 1:17905 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (malware-cnc.rules) * 1:17906 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - 2x/.*php (malware-cnc.rules) * 1:17907 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (malware-cnc.rules) * 1:17908 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /images/crypt_22.exe (malware-cnc.rules) * 1:17909 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /images/css/1.exe (malware-cnc.rules) * 1:17910 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /7xdown.exe (malware-cnc.rules) * 1:17911 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /winhelper.exe (malware-cnc.rules) * 1:17912 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /upopwin/count.asp?mac= (malware-cnc.rules) * 1:17913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ok.exe (malware-cnc.rules) * 1:17914 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /LjBin/Bin.Dll (malware-cnc.rules) * 1:17915 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1001ns/cfg3n.bin (malware-cnc.rules) * 1:17916 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /dh/stats.bin (malware-cnc.rules) * 1:17917 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /zeus/config.bin (malware-cnc.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:1792 <-> DISABLED <-> PROTOCOL-NNTP return code buffer overflow attempt (protocol-nntp.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:1802 <-> DISABLED <-> SERVER-IIS .asa HTTP header buffer overflow attempt (server-iis.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:1803 <-> DISABLED <-> SERVER-IIS .cer HTTP header buffer overflow attempt (server-iis.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:1804 <-> DISABLED <-> SERVER-IIS .cdx HTTP header buffer overflow attempt (server-iis.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:1805 <-> DISABLED <-> SERVER-WEBAPP Oracle Reports CGI access (server-webapp.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:1806 <-> DISABLED <-> SERVER-IIS .htr chunked Transfer-Encoding (server-iis.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18064 <-> DISABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP apache chunked encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18098 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules) * 1:18099 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules) * 1:1810 <-> DISABLED <-> SERVER-OTHER successful gobbles ssh exploit GOBBLE (server-other.rules) * 1:18100 <-> DISABLED <-> MALWARE-CNC Tidserv malware command and control channel traffic (malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:1811 <-> DISABLED <-> SERVER-OTHER successful gobbles ssh exploit uname (server-other.rules) * 1:1812 <-> DISABLED <-> SERVER-OTHER gobbles SSH exploit attempt (server-other.rules) * 1:1813 <-> DISABLED <-> PROTOCOL-ICMP digital island bandwidth query (protocol-icmp.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:1814 <-> DISABLED <-> SERVER-WEBAPP CISCO VoIP DOS ATTEMPT (server-webapp.rules) * 1:1815 <-> DISABLED <-> SERVER-WEBAPP directory.php arbitrary command attempt (server-webapp.rules) * 1:1816 <-> DISABLED <-> SERVER-WEBAPP directory.php access (server-webapp.rules) * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:1817 <-> DISABLED <-> SERVER-IIS MS Site Server default login attempt (server-iis.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (browser-ie.rules) * 1:18175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (browser-ie.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:1818 <-> DISABLED <-> SERVER-IIS MS Site Server admin attempt (server-iis.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:1819 <-> DISABLED <-> SERVER-OTHER Alcatel PABX 4400 connection attempt (server-other.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:1820 <-> DISABLED <-> SERVER-WEBAPP IBM Net.Commerce orderdspc.d2w access (server-webapp.rules) * 1:18200 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book request for wab32res.dll over SMB attempt (os-windows.rules) * 1:18207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book request for msoeres32.dll over SMB attempt (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:1821 <-> DISABLED <-> SERVER-OTHER LPD dvips remote command execution attempt (server-other.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules) * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules) * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules) * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules) * 1:1822 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi directory traversal attempt (server-webapp.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:1823 <-> DISABLED <-> SERVER-WEBAPP AlienForm af.cgi directory traversal attempt (server-webapp.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules) * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules) * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:1824 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi access (server-webapp.rules) * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:1825 <-> DISABLED <-> SERVER-WEBAPP AlienForm af.cgi access (server-webapp.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:1826 <-> DISABLED <-> SERVER-WEBAPP WEB-INF access (server-webapp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:1827 <-> DISABLED <-> SERVER-APACHE Apache Tomcat servlet mapping cross site scripting attempt (server-apache.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool request for fveapi.dll over SMB attempt (os-windows.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (malware-cnc.rules) * 1:1828 <-> DISABLED <-> SERVER-WEBAPP iPlanet Search directory traversal attempt (server-webapp.rules) * 1:18280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (malware-cnc.rules) * 1:18282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer drag-and-drop vulnerability (browser-ie.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:1829 <-> DISABLED <-> SERVER-APACHE Apache Tomcat TroubleShooter servlet access (server-apache.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18299 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer implicit drag and drop file installation attempt (browser-ie.rules) * 1:1830 <-> DISABLED <-> SERVER-APACHE Apache Tomcat SnoopServlet servlet access (server-apache.rules) * 1:18300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP command injection attempt (browser-ie.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18307 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameset memory corruption attempt (browser-ie.rules) * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:1831 <-> DISABLED <-> SERVER-WEBAPP jigsaw dos attempt (server-webapp.rules) * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:1832 <-> DISABLED <-> POLICY-SOCIAL ICQ forced user addition (policy-social.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18321 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInterrogator ActiveX clsid access (browser-plugins.rules) * 1:18322 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInterrogator ActiveX function call access (browser-plugins.rules) * 1:18323 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:18324 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:18325 <-> DISABLED <-> BROWSER-PLUGINS Image Viewer CP Gold 6 ActiveX clsid access (browser-plugins.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18333 <-> DISABLED <-> SERVER-WEBAPP phpBook date command execution attempt (server-webapp.rules) * 1:18334 <-> DISABLED <-> SERVER-WEBAPP phpBook mail command execution attempt (server-webapp.rules) * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules) * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules) * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules) * 1:1834 <-> DISABLED <-> SERVER-WEBAPP PHP-Wiki cross site scripting attempt (server-webapp.rules) * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules) * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules) * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules) * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules) * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules) * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules) * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules) * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules) * 1:1835 <-> DISABLED <-> SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt (server-webapp.rules) * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules) * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules) * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules) * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules) * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules) * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules) * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules) * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules) * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules) * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules) * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules) * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules) * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules) * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules) * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules) * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules) * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules) * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules) * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules) * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules) * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules) * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules) * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules) * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules) * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules) * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules) * 1:1838 <-> DISABLED <-> SERVER-OTHER SSH server banner overflow (server-other.rules) * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules) * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules) * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules) * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules) * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules) * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules) * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules) * 1:1839 <-> DISABLED <-> SERVER-WEBAPP mailman cross site scripting attempt (server-webapp.rules) * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules) * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules) * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules) * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules) * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules) * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 1:1840 <-> DISABLED <-> FILE-JAVA Oracle Javascript document.domain attempt (file-java.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules) * 1:18402 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules) * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules) * 1:18404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:1841 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18417 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:1843 <-> DISABLED <-> MALWARE-BACKDOOR trinity connection attempt (malware-backdoor.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:1844 <-> DISABLED <-> PROTOCOL-IMAP authenticate overflow attempt (protocol-imap.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:1845 <-> DISABLED <-> PROTOCOL-IMAP list literal overflow attempt (protocol-imap.rules) * 1:18450 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18454 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:1846 <-> DISABLED <-> POLICY-MULTIMEDIA vncviewer Java applet download attempt (policy-multimedia.rules) * 1:18460 <-> DISABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules) * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules) * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:18466 <-> DISABLED <-> SERVER-WEBAPP raSMP User-Agent XSS injection attempt (server-webapp.rules) * 1:18467 <-> DISABLED <-> SERVER-WEBAPP raSMP User-Agent XSS injection attempt (server-webapp.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:1847 <-> DISABLED <-> SERVER-WEBAPP webalizer access (server-webapp.rules) * 1:18470 <-> DISABLED <-> SERVER-WEBAPP Java floating point number denial of service - via URI (server-webapp.rules) * 1:18471 <-> DISABLED <-> SERVER-WEBAPP Java floating point number denial of service - via POST (server-webapp.rules) * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (server-webapp.rules) * 1:1848 <-> DISABLED <-> SERVER-WEBAPP webcart-lite access (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:1849 <-> DISABLED <-> SERVER-WEBAPP webfind.exe access (server-webapp.rules) * 1:18490 <-> DISABLED <-> BROWSER-PLUGINS Whale Client Components ActiveX clsid access (browser-plugins.rules) * 1:18491 <-> DISABLED <-> BROWSER-PLUGINS Whale Client Components ActiveX ProgID access (browser-plugins.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18496 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18497 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension request for ehtrace.dll over SMB attempt (os-windows.rules) * 1:18498 <-> DISABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:185 <-> DISABLED <-> MALWARE-BACKDOOR CDK (malware-backdoor.rules) * 1:1850 <-> DISABLED <-> SERVER-WEBAPP way-board.cgi access (server-webapp.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:1851 <-> DISABLED <-> SERVER-WEBAPP active.log access (server-webapp.rules) * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules) * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18517 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:1852 <-> DISABLED <-> SERVER-WEBAPP robots.txt access (server-webapp.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:1853 <-> DISABLED <-> MALWARE-BACKDOOR win-trin00 connection attempt (malware-backdoor.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors request for iacenc.dll over SMB attempt (os-windows.rules) * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules) * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules) * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:1854 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht handler->agent niggahbitch (protocol-icmp.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:18543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:18544 <-> DISABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules) * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules) * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules) * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules) * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules) * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules) * 1:1855 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht agent->handler skillz (protocol-icmp.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules) * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:1856 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht handler->agent ficken (protocol-icmp.rules) * 1:18560 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaboc variant outbound connection (malware-cnc.rules) * 1:18564 <-> DISABLED <-> MALWARE-CNC RussKill botnet variant outbound connection (malware-cnc.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:1857 <-> DISABLED <-> SERVER-WEBAPP robot.txt access (server-webapp.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:1858 <-> DISABLED <-> SERVER-WEBAPP CISCO PIX Firewall Manager directory traversal attempt (server-webapp.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:18586 <-> DISABLED <-> SERVER-WEBAPP Visuplay CMS news_article.php unspecified SQL injection attempt (server-webapp.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules) * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:1859 <-> DISABLED <-> SERVER-WEBAPP Oracle JavaServer default password login attempt (server-webapp.rules) * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:1860 <-> DISABLED <-> SERVER-WEBAPP Linksys router default password login attempt (server-webapp.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:1861 <-> DISABLED <-> SERVER-WEBAPP Linksys router default username and password login attempt (server-webapp.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:1862 <-> DISABLED <-> SERVER-WEBAPP mrtg.cgi directory traversal attempt (server-webapp.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18632 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:1864 <-> DISABLED <-> PROTOCOL-FTP SITE NEWER attempt (protocol-ftp.rules) * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:1865 <-> DISABLED <-> SERVER-WEBAPP webdist.cgi arbitrary command attempt (server-webapp.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules) * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:1867 <-> DISABLED <-> X11 xdmcp info query (x11.rules) * 1:18670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18678 <-> DISABLED <-> SERVER-WEBAPP osCommerce categories.php Arbitrary File Upload And Code Execution (server-webapp.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:1868 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl arbitrary file read attempt (server-webapp.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:1869 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl access (server-webapp.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:1870 <-> DISABLED <-> SERVER-WEBAPP siteUserMod.cgi access (server-webapp.rules) * 1:18700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BHO.argt checkin (malware-cnc.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:1871 <-> DISABLED <-> SERVER-WEBAPP Oracle XSQLConfig.xml access (server-webapp.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (malware-cnc.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (malware-cnc.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:1873 <-> DISABLED <-> SERVER-WEBAPP globals.jsa access (server-webapp.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:18741 <-> DISABLED <-> BROWSER-PLUGINS CrystalReports EnterpriseControls ActiveX clsid access (browser-plugins.rules) * 1:18742 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere Expect header cross-site scripting (server-webapp.rules) * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:1875 <-> DISABLED <-> SERVER-WEBAPP cgicso access (server-webapp.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules) * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules) * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:1876 <-> DISABLED <-> SERVER-WEBAPP nph-publish.cgi access (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18761 <-> DISABLED <-> SERVER-WEBAPP Majordomo2 http directory traversal attempt (server-webapp.rules) * 1:18762 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW (malware-cnc.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules) * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:1877 <-> DISABLED <-> SERVER-WEBAPP printenv access (server-webapp.rules) * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules) * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules) * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules) * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:1878 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18782 <-> DISABLED <-> MALWARE-CNC URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (malware-cnc.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:1879 <-> DISABLED <-> SERVER-WEBAPP book.cgi arbitrary command execution attempt (server-webapp.rules) * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules) * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules) * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules) * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules) * 1:1881 <-> DISABLED <-> SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack (server-webapp.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:1887 <-> DISABLED <-> SERVER-OTHER OpenSSL Worm traffic (server-other.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:1888 <-> DISABLED <-> PROTOCOL-FTP SITE CPWD overflow attempt (protocol-ftp.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:1889 <-> DISABLED <-> MALWARE-CNC slapper worm admin traffic (malware-cnc.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:1890 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules) * 1:18900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (W32.Swizzor -- malware-cnc.rules) * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:1891 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:1892 <-> DISABLED <-> PROTOCOL-SNMP null community string attempt (protocol-snmp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules) * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18932 <-> DISABLED <-> SERVER-WEBAPP Jboss default configuration unauthorized application add attempt (server-webapp.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1894 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:1895 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules) * 1:1896 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18960 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules) * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:1897 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules) * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules) * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules) * 1:1898 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:1899 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:18993 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager server name exploit attempt (server-webapp.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules) * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules) * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:1900 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules) * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules) * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules) * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV integer overflow attempt (file-flash.rules) * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules) * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules) * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules) * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:1901 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules) * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:1902 <-> DISABLED <-> PROTOCOL-IMAP lsub literal overflow attempt (protocol-imap.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19022 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (malware-cnc.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (malware-cnc.rules) * 1:19029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PcClient.AI variant outbound connection (malware-cnc.rules) * 1:1903 <-> DISABLED <-> PROTOCOL-IMAP rename overflow attempt (protocol-imap.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.qd variant outbound connection (malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:1904 <-> DISABLED <-> PROTOCOL-IMAP find overflow attempt (protocol-imap.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules) * 1:1905 <-> DISABLED <-> PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt (protocol-rpc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:1906 <-> DISABLED <-> PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt (protocol-rpc.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:1907 <-> DISABLED <-> PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules) * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19076 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:1908 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules) * 1:19080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules) * 1:19082 <-> DISABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:19083 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules) * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:1909 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt (protocol-rpc.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules) * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules) * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules) * 1:1910 <-> DISABLED <-> PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt (protocol-rpc.rules) * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules) * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules) * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:1911 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules) * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules) * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules) * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules) * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules) * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules) * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules) * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules) * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules) * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules) * 1:1912 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules) * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules) * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19123 <-> DISABLED <-> MALWARE-CNC Dropper Win.Trojan.Cefyns.A variant outbound connection (malware-cnc.rules) * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19126 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19127 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:1913 <-> DISABLED <-> PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt (protocol-rpc.rules) * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt (file-image.rules) * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:1914 <-> DISABLED <-> PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt (protocol-rpc.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules) * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules) * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules) * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:1915 <-> DISABLED <-> PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt (protocol-rpc.rules) * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules) * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules) * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules) * 1:19156 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules) * 1:1916 <-> DISABLED <-> PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt (protocol-rpc.rules) * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules) * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules) * 1:19169 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:19170 <-> DISABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules) * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules) * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19176 <-> DISABLED <-> SERVER-WEBAPP cookiejacking attempt (server-webapp.rules) * 1:19177 <-> DISABLED <-> SERVER-WEBAPP cookiejacking attempt (server-webapp.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:1918 <-> DISABLED <-> PROTOCOL-ICMP SolarWinds IP scan attempt (protocol-icmp.rules) * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules) * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:19184 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:1919 <-> DISABLED <-> PROTOCOL-FTP CWD overflow attempt (protocol-ftp.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:19193 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules) * 1:19194 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19195 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules) * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:1920 <-> DISABLED <-> PROTOCOL-FTP SITE NEWER overflow attempt (protocol-ftp.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules) * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules) * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules) * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules) * 1:19209 <-> DISABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules) * 1:1921 <-> DISABLED <-> PROTOCOL-FTP SITE ZIPCHK overflow attempt (protocol-ftp.rules) * 1:19210 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:1922 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt TCP (protocol-rpc.rules) * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19222 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19226 <-> DISABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules) * 1:19227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules) * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:1923 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt UDP (protocol-rpc.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19235 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer copy/paste memory corruption attempt (browser-ie.rules) * 1:19236 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer drag event memory corruption attempt (browser-ie.rules) * 1:19237 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:19238 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 self remove from markup vulnerability (browser-ie.rules) * 1:19239 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 toStaticHTML XSS attempt (browser-ie.rules) * 1:1924 <-> DISABLED <-> PROTOCOL-RPC mountd UDP export request (protocol-rpc.rules) * 1:19240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7/8 reload stylesheet attempt (browser-ie.rules) * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:19246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:1925 <-> DISABLED <-> PROTOCOL-RPC mountd TCP exportall request (protocol-rpc.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19256 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - greenherbalteagirlholdingcup (malware-cnc.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:1926 <-> DISABLED <-> PROTOCOL-RPC mountd UDP exportall request (protocol-rpc.rules) * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19265 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19266 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:1927 <-> DISABLED <-> PROTOCOL-FTP authorized_keys (protocol-ftp.rules) * 1:1928 <-> DISABLED <-> PROTOCOL-FTP shadow retrieval attempt (protocol-ftp.rules) * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules) * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules) * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules) * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules) * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules) * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules) * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules) * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules) * 1:19292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules) * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules) * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:1931 <-> DISABLED <-> SERVER-WEBAPP rpc-nlog.pl access (server-webapp.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (malware-cnc.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (malware-cnc.rules) * 1:19313 <-> DISABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules) * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:1932 <-> DISABLED <-> SERVER-WEBAPP rpc-smb.pl access (server-webapp.rules) * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules) * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (malware-cnc.rules) * 1:1933 <-> DISABLED <-> SERVER-WEBAPP cart.cgi access (server-webapp.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (malware-cnc.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fibbit.ax variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:1936 <-> DISABLED <-> PROTOCOL-POP AUTH overflow attempt (protocol-pop.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (malware-cnc.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:1937 <-> DISABLED <-> PROTOCOL-POP LIST overflow attempt (protocol-pop.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:1938 <-> DISABLED <-> PROTOCOL-POP XTND overflow attempt (protocol-pop.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP SIP REGISTER flood attempt (protocol-voip.rules) * 1:1939 <-> DISABLED <-> SERVER-OTHER bootp hardware address length overflow (server-other.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (malware-cnc.rules) * 1:1940 <-> DISABLED <-> SERVER-OTHER bootp invalid hardware type (server-other.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (malware-cnc.rules) * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI cinepak codec decompression remote code execution attempt (file-multimedia.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (malware-cnc.rules) * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules) * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19415 <-> DISABLED <-> MALWARE-CNC vsFTPd 2.3.4 backdoor connection (malware-cnc.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:1942 <-> DISABLED <-> PROTOCOL-FTP RMDIR overflow attempt (protocol-ftp.rules) * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:1943 <-> DISABLED <-> SERVER-WEBAPP /Carello/add.exe access (server-webapp.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:19437 <-> DISABLED <-> INDICATOR-OBFUSCATION select concat statement - possible sql injection (indicator-obfuscation.rules) * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules) * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:1944 <-> DISABLED <-> SERVER-WEBAPP /ecscripts/ecware.exe access (server-webapp.rules) * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules) * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules) * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (malware-cnc.rules) * 1:19455 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aw variant outbound connection (malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:1946 <-> DISABLED <-> SERVER-WEBAPP answerbook2 admin attempt (server-webapp.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:1947 <-> DISABLED <-> SERVER-WEBAPP answerbook2 arbitrary command execution attempt (server-webapp.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (malware-cnc.rules) * 1:1948 <-> DISABLED <-> PROTOCOL-DNS dns zone transfer via UDP detected (protocol-dns.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (malware-cnc.rules) * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (malware-cnc.rules) * 1:1949 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt TCP 111 (protocol-rpc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (malware-cnc.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:1950 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt UDP 111 (protocol-rpc.rules) * 1:1951 <-> DISABLED <-> PROTOCOL-RPC mountd TCP mount request (protocol-rpc.rules) * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules) * 1:1953 <-> DISABLED <-> PROTOCOL-RPC AMD TCP pid request (protocol-rpc.rules) * 1:1954 <-> DISABLED <-> PROTOCOL-RPC AMD UDP pid request (protocol-rpc.rules) * 1:1955 <-> DISABLED <-> PROTOCOL-RPC AMD TCP version request (protocol-rpc.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:19553 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin session_to_unset session variable injection attempt (server-webapp.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19558 <-> DISABLED <-> SERVER-WEBAPP JBoss expression language actionOutcome remote code execution (server-webapp.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:1956 <-> DISABLED <-> PROTOCOL-RPC AMD UDP version request (protocol-rpc.rules) * 1:19560 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt (file-multimedia.rules) * 1:19561 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ieframe.dll ActiveX clsid access (browser-plugins.rules) * 1:19562 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (browser-plugins.rules) * 1:19563 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX function call access (browser-plugins.rules) * 1:19564 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (browser-plugins.rules) * 1:19565 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX function call access (browser-plugins.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:1957 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP PING (protocol-rpc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:1958 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP PING (protocol-rpc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:1959 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request UDP (protocol-rpc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:1960 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request TCP (protocol-rpc.rules) * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (malware-cnc.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:1961 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request UDP (protocol-rpc.rules) * 1:19610 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (malware-cnc.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products request for dwmapi.dll over SMB attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:1962 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request TCP (protocol-rpc.rules) * 1:19620 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:1963 <-> DISABLED <-> PROTOCOL-RPC RQUOTA getquota overflow attempt UDP (protocol-rpc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:1964 <-> DISABLED <-> PROTOCOL-RPC tooltalk UDP overflow attempt (protocol-rpc.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules) * 1:1965 <-> DISABLED <-> PROTOCOL-RPC tooltalk TCP overflow attempt (protocol-rpc.rules) * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19651 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX function call access (browser-plugins.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (malware-cnc.rules) * 1:19653 <-> DISABLED <-> SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt (server-webapp.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (malware-cnc.rules) * 1:1966 <-> DISABLED <-> SERVER-OTHER GlobalSunTech Access Point Information Disclosure attempt (server-other.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (malware-cnc.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19666 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer multi-window access memory corruption attempt (browser-ie.rules) * 1:19667 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain scripting attack (browser-ie.rules) * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:1967 <-> DISABLED <-> SERVER-WEBAPP phpbb quick-reply.php arbitrary command attempt (server-webapp.rules) * 1:19670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:19672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:1968 <-> DISABLED <-> SERVER-WEBAPP phpbb quick-reply.php access (server-webapp.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19687 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:1969 <-> DISABLED <-> SERVER-WEBAPP ion-p access (server-webapp.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19694 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET Chart Control directory traversal attempt (server-webapp.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (malware-cnc.rules) * 1:1970 <-> DISABLED <-> SERVER-IIS MDAC Content-Type overflow attempt (server-iis.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19707 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:1971 <-> DISABLED <-> PROTOCOL-FTP SITE EXEC format string attempt (protocol-ftp.rules) * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (mal