The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit, file-flash, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31360 <-> DISABLED <-> SERVER-WEBAPP Phormation PHP arbitrary remote code execution attempt (server-webapp.rules) * 1:31359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules) * 1:31358 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lehnjb.epac.to - Win.Trojan.Httneilc (blacklist.rules) * 1:31357 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gjjb.flnet.org - Win.Trojan.Httneilc (blacklist.rules) * 3:31361 <-> ENABLED <-> EXPLOIT OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (exploit.rules)
* 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 3:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 3:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2960.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31357 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gjjb.flnet.org - Win.Trojan.Httneilc (blacklist.rules) * 1:31358 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lehnjb.epac.to - Win.Trojan.Httneilc (blacklist.rules) * 1:31359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP Phormation PHP arbitrary remote code execution attempt (server-webapp.rules) * 3:31361 <-> ENABLED <-> EXPLOIT OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (exploit.rules)
* 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 3:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 3:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31357 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gjjb.flnet.org - Win.Trojan.Httneilc (blacklist.rules) * 1:31359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules) * 1:31358 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lehnjb.epac.to - Win.Trojan.Httneilc (blacklist.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP Phormation PHP arbitrary remote code execution attempt (server-webapp.rules) * 3:31361 <-> ENABLED <-> EXPLOIT OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (exploit.rules)
* 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 3:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 3:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash directory traversal attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
