Talos has added and modified multiple rules in the file-office, malware-cnc, os-windows, policy-other, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules) * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules) * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules) * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules) * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules) * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules) * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules) * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules) * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules) * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules) * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)
* 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt * 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt * 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt * 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt * 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt * 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt * 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt * 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt * 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection * 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt * 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt * 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt
* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt * 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt