Sourcefire VRT Rules Update

Date: 2013-03-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:26318 <-> ENABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules)
 * 1:26317 <-> ENABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules)
 * 1:26316 <-> ENABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26315 <-> ENABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26314 <-> ENABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26313 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26312 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26311 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26310 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26309 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26308 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26307 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26306 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26305 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26304 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26303 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26302 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26301 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26300 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26299 <-> ENABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26298 <-> DISABLED <-> SERVER-WEBAPP Media Wiki script injection attempt (server-webapp.rules)
 * 1:26297 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit redirection page (exploit-kit.rules)
 * 1:26296 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26294 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura Exploit Kit exploit request (exploit-kit.rules)
 * 1:26292 <-> ENABLED <-> FILE-OTHER Oracle Java Jar file downloaded when zip is defined (file-other.rules)
 * 1:26291 <-> ENABLED <-> MALWARE-CNC Android Ksapp device registration (malware-cnc.rules)
 * 1:26290 <-> ENABLED <-> MALWARE-CNC ANDR.Trojan.RootSmart outbound communication attempt (malware-cnc.rules)
 * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules)
 * 1:26288 <-> ENABLED <-> MALWARE-CNC Brontok Worm outbound connection (malware-cnc.rules)
 * 1:26287 <-> ENABLED <-> MALWARE-CNC Ortega Rootkit outbound connection - search.namequery.com (malware-cnc.rules)
 * 1:26286 <-> ENABLED <-> MALWARE-CNC Ortega Rootkit outbound connection - search.dnssearch.org (malware-cnc.rules)
 * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Garveep variant outbound connection (malware-cnc.rules)
 * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules)
 * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 unauthenticated password reset attempt (server-webapp.rules)
 * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules)
 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules)
 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi multiple vulnerabilities attempt (server-webapp.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:26274 <-> ENABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules)
 * 1:26273 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Chuli APK file download (malware-other.rules)
 * 1:26272 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Chuli APK file download (malware-other.rules)
 * 1:26271 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26270 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26269 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26268 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26267 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26266 <-> DISABLED <-> DELETED MALWARE-CNC Zeus v3 DGA DNS query detected (deleted.rules)
 * 1:26265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mercury.yori.pl - Kazy Trojan (blacklist.rules)
 * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan outbound connection (malware-cnc.rules)
 * 1:26263 <-> ENABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules)
 * 1:26262 <-> ENABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules)

Modified Rules:


 * 1:941 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage contents.htm access (server-other.rules)
 * 1:940 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage shtml.dll access (server-other.rules)
 * 1:939 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage posting (server-other.rules)
 * 1:937 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage _vti_rpc access (server-other.rules)
 * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access  (server-other.rules)
 * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules)
 * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules)
 * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules)
 * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules)
 * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules)
 * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules)
 * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules)
 * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules)
 * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules)
 * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules)
 * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules)
 * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules)
 * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules)
 * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules)
 * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules)
 * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules)
 * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules)
 * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules)
 * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules)
 * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules)
 * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules)
 * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules)
 * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules)
 * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules)
 * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules)
 * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules)
 * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules)
 * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules)
 * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules)
 * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules)
 * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules)
 * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules)
 * 1:902 <-> DISABLED <-> SERVER-WEBAPP tstisapi.dll access (server-webapp.rules)
 * 1:901 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi access (server-webapp.rules)
 * 1:900 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi directory traversal attempt (server-webapp.rules)
 * 1:899 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl directory traversal attempt (server-webapp.rules)
 * 1:898 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi access (server-webapp.rules)
 * 1:897 <-> DISABLED <-> SERVER-WEBAPP pals-cgi access (server-webapp.rules)
 * 1:896 <-> DISABLED <-> SERVER-WEBAPP way-board access (server-webapp.rules)
 * 1:895 <-> DISABLED <-> SERVER-WEBAPP redirect access (server-webapp.rules)
 * 1:894 <-> DISABLED <-> SERVER-WEBAPP bb-hist.sh access (server-webapp.rules)
 * 1:892 <-> DISABLED <-> SERVER-WEBAPP AnyForm2 access (server-webapp.rules)
 * 1:891 <-> DISABLED <-> SERVER-WEBAPP upload.pl access (server-webapp.rules)
 * 1:890 <-> DISABLED <-> SERVER-WEBAPP sendform.cgi access (server-webapp.rules)
 * 1:889 <-> DISABLED <-> SERVER-WEBAPP ppdscgi.exe access (server-webapp.rules)
 * 1:888 <-> DISABLED <-> SERVER-WEBAPP wwwadmin.pl access (server-webapp.rules)
 * 1:887 <-> DISABLED <-> SERVER-WEBAPP www-sql access (server-webapp.rules)
 * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules)
 * 1:885 <-> DISABLED <-> SERVER-WEBAPP bash access (server-webapp.rules)
 * 1:883 <-> DISABLED <-> SERVER-WEBAPP flexform access (server-webapp.rules)
 * 1:882 <-> DISABLED <-> SERVER-WEBAPP calendar access (server-webapp.rules)
 * 1:881 <-> DISABLED <-> SERVER-WEBAPP archie access (server-webapp.rules)
 * 1:880 <-> DISABLED <-> SERVER-WEBAPP LWGate access (server-webapp.rules)
 * 1:879 <-> DISABLED <-> SERVER-WEBAPP admin.pl access (server-webapp.rules)
 * 1:878 <-> DISABLED <-> SERVER-WEBAPP w3tvars.pm access (server-webapp.rules)
 * 1:877 <-> DISABLED <-> SERVER-WEBAPP rksh access (server-webapp.rules)
 * 1:875 <-> DISABLED <-> SERVER-WEBAPP win-c-sample.exe access (server-webapp.rules)
 * 1:872 <-> DISABLED <-> SERVER-WEBAPP tcsh access (server-webapp.rules)
 * 1:871 <-> DISABLED <-> SERVER-WEBAPP survey.cgi access (server-webapp.rules)
 * 1:870 <-> DISABLED <-> SERVER-WEBAPP snorkerz.cmd access (server-webapp.rules)
 * 1:869 <-> DISABLED <-> SERVER-WEBAPP dumpenv.pl access (server-webapp.rules)
 * 1:868 <-> DISABLED <-> SERVER-WEBAPP rsh access (server-webapp.rules)
 * 1:867 <-> DISABLED <-> SERVER-WEBAPP visadmin.exe access (server-webapp.rules)
 * 1:866 <-> DISABLED <-> SERVER-WEBAPP post-query access (server-webapp.rules)
 * 1:865 <-> DISABLED <-> SERVER-WEBAPP ksh access (server-webapp.rules)
 * 1:864 <-> DISABLED <-> SERVER-WEBAPP day5datanotifier.cgi access (server-webapp.rules)
 * 1:863 <-> DISABLED <-> SERVER-WEBAPP day5datacopier.cgi access (server-webapp.rules)
 * 1:862 <-> DISABLED <-> SERVER-WEBAPP csh access (server-webapp.rules)
 * 1:861 <-> DISABLED <-> SERVER-WEBAPP w3-msql access (server-webapp.rules)
 * 1:860 <-> DISABLED <-> SERVER-WEBAPP snork.bat access (server-webapp.rules)
 * 1:859 <-> DISABLED <-> SERVER-WEBAPP man.sh access (server-webapp.rules)
 * 1:858 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules)
 * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules)
 * 1:856 <-> DISABLED <-> SERVER-WEBAPP environ.cgi access (server-webapp.rules)
 * 1:854 <-> DISABLED <-> SERVER-WEBAPP classifieds.cgi access (server-webapp.rules)
 * 1:853 <-> DISABLED <-> SERVER-WEBAPP wrap access (server-webapp.rules)
 * 1:852 <-> DISABLED <-> SERVER-WEBAPP wguest.exe access (server-webapp.rules)
 * 1:851 <-> DISABLED <-> SERVER-WEBAPP files.pl access (server-webapp.rules)
 * 1:850 <-> DISABLED <-> SERVER-WEBAPP wais.pl access (server-webapp.rules)
 * 1:849 <-> DISABLED <-> SERVER-WEBAPP view-source access (server-webapp.rules)
 * 1:848 <-> DISABLED <-> SERVER-WEBAPP view-source directory traversal (server-webapp.rules)
 * 1:847 <-> DISABLED <-> SERVER-WEBAPP campas access (server-webapp.rules)
 * 1:846 <-> DISABLED <-> SERVER-WEBAPP bnbform.cgi access (server-webapp.rules)
 * 1:845 <-> DISABLED <-> SERVER-WEBAPP AT-admin.cgi access (server-webapp.rules)
 * 1:844 <-> DISABLED <-> SERVER-WEBAPP args.bat access (server-webapp.rules)
 * 1:843 <-> DISABLED <-> SERVER-WEBAPP anform2 access (server-webapp.rules)
 * 1:842 <-> DISABLED <-> SERVER-WEBAPP aglimpse access (server-webapp.rules)
 * 1:840 <-> DISABLED <-> SERVER-WEBAPP perlshop.cgi access (server-webapp.rules)
 * 1:839 <-> DISABLED <-> SERVER-WEBAPP finger access (server-webapp.rules)
 * 1:838 <-> DISABLED <-> SERVER-WEBAPP webgais access (server-webapp.rules)
 * 1:837 <-> DISABLED <-> SERVER-WEBAPP uploader.exe access (server-webapp.rules)
 * 1:836 <-> DISABLED <-> SERVER-WEBAPP textcounter.pl access (server-webapp.rules)
 * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules)
 * 1:834 <-> DISABLED <-> SERVER-WEBAPP rwwwshell.pl access (server-webapp.rules)
 * 1:833 <-> DISABLED <-> SERVER-WEBAPP rguest.exe access (server-webapp.rules)
 * 1:832 <-> DISABLED <-> SERVER-WEBAPP perl.exe access (server-webapp.rules)
 * 1:829 <-> DISABLED <-> SERVER-WEBAPP nph-test-cgi access (server-webapp.rules)
 * 1:828 <-> DISABLED <-> SERVER-WEBAPP maillist.pl access (server-webapp.rules)
 * 1:827 <-> DISABLED <-> SERVER-WEBAPP info2www access (server-webapp.rules)
 * 1:826 <-> DISABLED <-> SERVER-WEBAPP htmlscript access (server-webapp.rules)
 * 1:825 <-> DISABLED <-> SERVER-WEBAPP glimpse access (server-webapp.rules)
 * 1:824 <-> DISABLED <-> SERVER-WEBAPP php.cgi access (server-webapp.rules)
 * 1:823 <-> DISABLED <-> SERVER-WEBAPP cvsweb.cgi access (server-webapp.rules)
 * 1:821 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe overflow attempt (server-webapp.rules)
 * 1:820 <-> DISABLED <-> SERVER-WEBAPP anaconda directory transversal attempt (server-webapp.rules)
 * 1:819 <-> DISABLED <-> SERVER-WEBAPP mmstdod.cgi access (server-webapp.rules)
 * 1:818 <-> DISABLED <-> SERVER-WEBAPP dcforum.cgi access (server-webapp.rules)
 * 1:817 <-> DISABLED <-> SERVER-WEBAPP dcboard.cgi invalid user addition attempt (server-webapp.rules)
 * 1:815 <-> DISABLED <-> SERVER-WEBAPP websendmail access (server-webapp.rules)
 * 1:813 <-> DISABLED <-> SERVER-WEBAPP webplus directory traversal (server-webapp.rules)
 * 1:812 <-> DISABLED <-> SERVER-WEBAPP webplus version access (server-webapp.rules)
 * 1:811 <-> DISABLED <-> SERVER-WEBAPP websitepro path access (server-webapp.rules)
 * 1:810 <-> DISABLED <-> SERVER-WEBAPP whois_raw.cgi access (server-webapp.rules)
 * 1:809 <-> DISABLED <-> SERVER-WEBAPP whois_raw.cgi arbitrary command execution attempt (server-webapp.rules)
 * 1:808 <-> DISABLED <-> SERVER-WEBAPP webdriver access (server-webapp.rules)
 * 1:807 <-> DISABLED <-> SERVER-WEBAPP /wwwboard/passwd.txt access (server-webapp.rules)
 * 1:806 <-> DISABLED <-> SERVER-WEBAPP yabb directory traversal attempt (server-webapp.rules)
 * 1:805 <-> DISABLED <-> SERVER-WEBAPP webspeed access (server-webapp.rules)
 * 1:804 <-> DISABLED <-> SERVER-WEBAPP SWSoft ASPSeek Overflow attempt (server-webapp.rules)
 * 1:803 <-> DISABLED <-> SERVER-WEBAPP HyperSeek hsx.cgi directory traversal attempt (server-webapp.rules)
 * 1:719 <-> DISABLED <-> TELNET root login (telnet.rules)
 * 1:718 <-> DISABLED <-> TELNET login incorrect (telnet.rules)
 * 1:717 <-> DISABLED <-> TELNET not on console (telnet.rules)
 * 1:715 <-> DISABLED <-> TELNET Attempted SU from wrong group (telnet.rules)
 * 1:714 <-> DISABLED <-> TELNET resolv_host_conf (telnet.rules)
 * 1:713 <-> DISABLED <-> TELNET livingston DOS (telnet.rules)
 * 1:712 <-> DISABLED <-> TELNET ld_library_path (telnet.rules)
 * 1:711 <-> DISABLED <-> TELNET SGI telnetd format bug (telnet.rules)
 * 1:710 <-> DISABLED <-> TELNET EZsetup account attempt (telnet.rules)
 * 1:709 <-> DISABLED <-> TELNET 4Dgifts SGI account attempt (telnet.rules)
 * 1:704 <-> DISABLED <-> SERVER-MSSQL xp_sprintf possible buffer overflow (server-mssql.rules)
 * 1:695 <-> DISABLED <-> SERVER-MSSQL xp_sprintf possible buffer overflow (server-mssql.rules)
 * 1:694 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules)
 * 1:693 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules)
 * 1:692 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules)
 * 1:691 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules)
 * 1:689 <-> DISABLED <-> SERVER-MSSQL xp_reg* registry access (server-mssql.rules)
 * 1:688 <-> ENABLED <-> SQL sa login failed (sql.rules)
 * 1:687 <-> DISABLED <-> SQL xp_cmdshell - program execution (sql.rules)
 * 1:686 <-> DISABLED <-> SERVER-MSSQL xp_reg* - registry access (server-mssql.rules)
 * 1:685 <-> DISABLED <-> SQL sp_adduser - database user creation (sql.rules)
 * 1:684 <-> DISABLED <-> SQL sp_delete_alert log file deletion (sql.rules)
 * 1:683 <-> DISABLED <-> SQL sp_password - password change (sql.rules)
 * 1:681 <-> DISABLED <-> SQL xp_cmdshell program execution (sql.rules)
 * 1:679 <-> DISABLED <-> SQL sp_adduser database user creation (sql.rules)
 * 1:678 <-> DISABLED <-> SQL sp_delete_alert log file deletion (sql.rules)
 * 1:677 <-> DISABLED <-> SQL sp_password password change (sql.rules)
 * 1:676 <-> DISABLED <-> SQL sp_start_job - program execution (sql.rules)
 * 1:673 <-> DISABLED <-> SQL sp_start_job - program execution (sql.rules)
 * 1:672 <-> DISABLED <-> SERVER-MAIL vrfy decode (server-mail.rules)
 * 1:671 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9c exploit (server-mail.rules)
 * 1:670 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:669 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:668 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:309 <-> DISABLED <-> SERVER-MAIL sniffit overflow (server-mail.rules)
 * 1:308 <-> DISABLED <-> EXPLOIT NextFTP client overflow (exploit.rules)
 * 1:307 <-> DISABLED <-> SERVER-OTHER CHAT IRC topic overflow (server-other.rules)
 * 1:306 <-> DISABLED <-> SERVER-OTHER VQServer admin (server-other.rules)
 * 1:305 <-> DISABLED <-> SERVER-OTHER delegate proxy overflow (server-other.rules)
 * 1:304 <-> DISABLED <-> SERVER-OTHER SCO calserver overflow (server-other.rules)
 * 1:303 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt (server-other.rules)
 * 1:302 <-> DISABLED <-> OS-LINUX Redhat 7.0 lprd overflow (os-linux.rules)
 * 1:301 <-> DISABLED <-> SERVER-OTHER LPRng overflow (server-other.rules)
 * 1:300 <-> DISABLED <-> OS-SOLARIS Oracle Solaris npls x86 overflow (os-solaris.rules)
 * 1:667 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules)
 * 1:665 <-> DISABLED <-> SERVER-MAIL Sendmail 5.6.5 exploit (server-mail.rules)
 * 1:664 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO decode attempt (server-mail.rules)
 * 1:663 <-> DISABLED <-> SERVER-MAIL Sendmail rcpt to command attempt (server-mail.rules)
 * 1:662 <-> DISABLED <-> SERVER-MAIL Sendmail 5.5.5 exploit (server-mail.rules)
 * 1:661 <-> DISABLED <-> SERVER-MAIL Majordomo ifs (server-mail.rules)
 * 1:660 <-> DISABLED <-> SERVER-MAIL expn root (server-mail.rules)
 * 1:659 <-> DISABLED <-> SERVER-MAIL Sendmail expn decode (server-mail.rules)
 * 1:658 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange Server 5.5 mime DOS (server-mail.rules)
 * 1:657 <-> DISABLED <-> SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt (server-mail.rules)
 * 1:655 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:652 <-> DISABLED <-> INDICATOR-SHELLCODE Linux shellcode (indicator-shellcode.rules)
 * 1:650 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setuid 0 (indicator-shellcode.rules)
 * 1:649 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setgid 0 (indicator-shellcode.rules)
 * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules)
 * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules)
 * 1:646 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:645 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:644 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules)
 * 1:643 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules)
 * 1:642 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules)
 * 1:641 <-> DISABLED <-> INDICATOR-SHELLCODE Digital UNIX NOOP (indicator-shellcode.rules)
 * 1:640 <-> DISABLED <-> INDICATOR-SHELLCODE AIX NOOP (indicator-shellcode.rules)
 * 1:639 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules)
 * 1:638 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules)
 * 1:637 <-> DISABLED <-> SCAN Webtrends Scanner UDP Probe (scan.rules)
 * 1:636 <-> DISABLED <-> SCAN cybercop udp bomb (scan.rules)
 * 1:635 <-> DISABLED <-> SCAN XTACACS logout (scan.rules)
 * 1:634 <-> DISABLED <-> SCAN Amanda client-version request (scan.rules)
 * 1:632 <-> DISABLED <-> SERVER-MAIL expn cybercop attempt (server-mail.rules)
 * 1:631 <-> DISABLED <-> SERVER-MAIL ehlo cybercop attempt (server-mail.rules)
 * 1:630 <-> DISABLED <-> SCAN synscan portscan (scan.rules)
 * 1:627 <-> DISABLED <-> SCAN cybercop os SFU12 probe (scan.rules)
 * 1:626 <-> DISABLED <-> SCAN cybercop os PA12 attempt (scan.rules)
 * 1:622 <-> DISABLED <-> SCAN ipEye SYN scan (scan.rules)
 * 1:619 <-> DISABLED <-> SCAN cybercop os probe (scan.rules)
 * 1:616 <-> DISABLED <-> SCAN ident version request (scan.rules)
 * 1:614 <-> DISABLED <-> MALWARE-BACKDOOR hack-a-tack attempt (malware-backdoor.rules)
 * 1:613 <-> DISABLED <-> SCAN myscan (scan.rules)
 * 1:612 <-> DISABLED <-> RPC rusers query UDP (rpc.rules)
 * 1:611 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules)
 * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules)
 * 1:609 <-> DISABLED <-> PROTOCOL-SERVICES rsh froot (protocol-services.rules)
 * 1:608 <-> DISABLED <-> PROTOCOL-SERVICES rsh echo + + (protocol-services.rules)
 * 1:607 <-> DISABLED <-> PROTOCOL-SERVICES rsh bin (protocol-services.rules)
 * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules)
 * 1:605 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules)
 * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES rsh froot (protocol-services.rules)
 * 1:603 <-> DISABLED <-> PROTOCOL-SERVICES rlogin echo++ (protocol-services.rules)
 * 1:602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin bin (protocol-services.rules)
 * 1:601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin LinuxNIS (protocol-services.rules)
 * 1:599 <-> DISABLED <-> RPC portmap listing TCP 32771 (rpc.rules)
 * 1:598 <-> DISABLED <-> RPC portmap listing TCP 111 (rpc.rules)
 * 1:595 <-> DISABLED <-> RPC portmap espd request TCP (rpc.rules)
 * 1:593 <-> DISABLED <-> RPC portmap snmpXdmi request TCP (rpc.rules)
 * 1:591 <-> DISABLED <-> RPC portmap ypupdated request TCP (rpc.rules)
 * 1:590 <-> DISABLED <-> RPC portmap ypserv request UDP (rpc.rules)
 * 1:589 <-> DISABLED <-> RPC portmap yppasswd request UDP (rpc.rules)
 * 1:588 <-> DISABLED <-> RPC portmap ttdbserv request UDP (rpc.rules)
 * 1:587 <-> DISABLED <-> RPC portmap status request UDP (rpc.rules)
 * 1:586 <-> DISABLED <-> RPC portmap selection_svc request UDP (rpc.rules)
 * 1:585 <-> DISABLED <-> RPC portmap sadmind request UDP (rpc.rules)
 * 1:584 <-> DISABLED <-> RPC portmap rusers request UDP (rpc.rules)
 * 1:583 <-> DISABLED <-> RPC portmap rstatd request UDP (rpc.rules)
 * 1:582 <-> DISABLED <-> RPC portmap rexd request UDP (rpc.rules)
 * 1:581 <-> DISABLED <-> RPC portmap pcnfsd request UDP (rpc.rules)
 * 1:580 <-> DISABLED <-> RPC portmap nisd request UDP (rpc.rules)
 * 1:579 <-> DISABLED <-> RPC portmap mountd request UDP (rpc.rules)
 * 1:578 <-> DISABLED <-> RPC portmap cmsd request UDP (rpc.rules)
 * 1:577 <-> DISABLED <-> RPC portmap bootparam request UDP (rpc.rules)
 * 1:576 <-> DISABLED <-> RPC portmap amountd request UDP (rpc.rules)
 * 1:575 <-> DISABLED <-> RPC portmap admind request UDP (rpc.rules)
 * 1:574 <-> DISABLED <-> RPC mountd TCP export request (rpc.rules)
 * 1:572 <-> DISABLED <-> RPC DOS ttdbserv Solaris (rpc.rules)
 * 1:569 <-> ENABLED <-> RPC snmpXdmi overflow attempt TCP (rpc.rules)
 * 1:568 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules)
 * 1:567 <-> DISABLED <-> SERVER-MAIL SMTP relaying denied (server-mail.rules)
 * 1:566 <-> DISABLED <-> APP-DETECT PCAnywhere server response (app-detect.rules)
 * 1:560 <-> DISABLED <-> APP-DETECT VNC server response (app-detect.rules)
 * 1:557 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules)
 * 1:556 <-> DISABLED <-> PUA-P2P Outbound GNUTella client request (pua-p2p.rules)
 * 1:555 <-> DISABLED <-> POLICY-OTHER WinGate telnet server response (policy-other.rules)
 * 1:554 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD / ' possible warez site (indicator-compromise.rules)
 * 1:553 <-> DISABLED <-> POLICY-OTHER FTP anonymous login attempt (policy-other.rules)
 * 1:548 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD .' possible warez site (indicator-compromise.rules)
 * 1:547 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD  ' possible warez site (indicator-compromise.rules)
 * 1:546 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD  ' possible warez site (indicator-compromise.rules)
 * 1:545 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD / ' possible warez site (indicator-compromise.rules)
 * 1:544 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'RETR 1MB' possible warez site (indicator-compromise.rules)
 * 1:543 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'STOR 1MB' possible warez site (indicator-compromise.rules)
 * 1:542 <-> DISABLED <-> POLICY-SOCIAL IRC nick change (policy-social.rules)
 * 1:541 <-> DISABLED <-> POLICY-SOCIAL ICQ access (policy-social.rules)
 * 1:540 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN message (policy-social.rules)
 * 1:535 <-> DISABLED <-> NETBIOS SMB CD... (netbios.rules)
 * 1:534 <-> DISABLED <-> NETBIOS SMB CD.. (netbios.rules)
 * 1:530 <-> DISABLED <-> OS-WINDOWS NT NULL session (os-windows.rules)
 * 1:529 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules)
 * 1:520 <-> DISABLED <-> TFTP root directory (tftp.rules)
 * 1:519 <-> DISABLED <-> TFTP parent directory (tftp.rules)
 * 1:518 <-> DISABLED <-> TFTP Put (tftp.rules)
 * 1:517 <-> DISABLED <-> X11 xdmcp query (x11.rules)
 * 1:516 <-> DISABLED <-> SNMP NT UserList (snmp.rules)
 * 1:514 <-> DISABLED <-> SERVER-OTHER ramen worm (server-other.rules)
 * 1:512 <-> DISABLED <-> PUA-OTHER PCAnywhere Failed Login (pua-other.rules)
 * 1:510 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules)
 * 1:509 <-> DISABLED <-> SERVER-WEBAPP PCCS mysql database admin tool access (server-webapp.rules)
 * 1:508 <-> DISABLED <-> SERVER-OTHER gopher proxy (server-other.rules)
 * 1:507 <-> DISABLED <-> PUA-OTHER PCAnywhere Attempted Administrator Login (pua-other.rules)
 * 1:505 <-> DISABLED <-> SERVER-OTHER Insecure TIMBUKTU Password (server-other.rules)
 * 1:498 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned root (indicator-compromise.rules)
 * 1:497 <-> DISABLED <-> INDICATOR-COMPROMISE file copied ok (indicator-compromise.rules)
 * 1:495 <-> DISABLED <-> INDICATOR-COMPROMISE command error (indicator-compromise.rules)
 * 1:494 <-> ENABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules)
 * 1:493 <-> DISABLED <-> APP-DETECT psyBNC access (app-detect.rules)
 * 1:492 <-> DISABLED <-> TELNET login failed (telnet.rules)
 * 1:491 <-> DISABLED <-> PROTOCOL-FTP Bad login (protocol-ftp.rules)
 * 1:490 <-> DISABLED <-> SERVER-MAIL battle-mail traffic (server-mail.rules)
 * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules)
 * 1:484 <-> DISABLED <-> PROTOCOL-ICMP PING Sniffer Pro/NetXRay network scan (protocol-icmp.rules)
 * 1:483 <-> DISABLED <-> PROTOCOL-ICMP PING CyberKit 2.2 Windows (protocol-icmp.rules)
 * 1:482 <-> DISABLED <-> PROTOCOL-ICMP PING WhatsupGold Windows (protocol-icmp.rules)
 * 1:481 <-> DISABLED <-> PROTOCOL-ICMP TJPingPro1.1Build 2 Windows (protocol-icmp.rules)
 * 1:480 <-> DISABLED <-> PROTOCOL-ICMP PING speedera (protocol-icmp.rules)
 * 1:476 <-> DISABLED <-> PROTOCOL-ICMP webtrends scanner (protocol-icmp.rules)
 * 1:474 <-> DISABLED <-> PROTOCOL-ICMP superscan echo (protocol-icmp.rules)
 * 1:467 <-> DISABLED <-> PROTOCOL-ICMP Nemesis v1.1 Echo (protocol-icmp.rules)
 * 1:466 <-> DISABLED <-> PROTOCOL-ICMP L3retriever Ping (protocol-icmp.rules)
 * 1:465 <-> DISABLED <-> PROTOCOL-ICMP ISS Pinger (protocol-icmp.rules)
 * 1:463 <-> ENABLED <-> PROTOCOL-ICMP unassigned type 7 undefined code (protocol-icmp.rules)
 * 1:462 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 7 (protocol-icmp.rules)
 * 1:461 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 undefined code (protocol-icmp.rules)
 * 1:460 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 (protocol-icmp.rules)
 * 1:459 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 undefined code (protocol-icmp.rules)
 * 1:458 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 (protocol-icmp.rules)
 * 1:457 <-> DISABLED <-> PROTOCOL-ICMP Traceroute undefined code (protocol-icmp.rules)
 * 1:456 <-> DISABLED <-> PROTOCOL-ICMP Traceroute (protocol-icmp.rules)
 * 1:454 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request undefined code (protocol-icmp.rules)
 * 1:453 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request (protocol-icmp.rules)
 * 1:452 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply undefined code (protocol-icmp.rules)
 * 1:451 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply (protocol-icmp.rules)
 * 1:450 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit undefined code (protocol-icmp.rules)
 * 1:449 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit (protocol-icmp.rules)
 * 1:448 <-> DISABLED <-> PROTOCOL-ICMP Source Quench undefined code (protocol-icmp.rules)
 * 1:446 <-> DISABLED <-> PROTOCOL-ICMP SKIP undefined code (protocol-icmp.rules)
 * 1:445 <-> DISABLED <-> PROTOCOL-ICMP SKIP (protocol-icmp.rules)
 * 1:443 <-> DISABLED <-> PROTOCOL-ICMP Router Selection (protocol-icmp.rules)
 * 1:441 <-> DISABLED <-> PROTOCOL-ICMP Router Advertisement (protocol-icmp.rules)
 * 1:440 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 undefined code (protocol-icmp.rules)
 * 1:439 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 (protocol-icmp.rules)
 * 1:438 <-> DISABLED <-> PROTOCOL-ICMP Redirect undefined code (protocol-icmp.rules)
 * 1:437 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Network (protocol-icmp.rules)
 * 1:436 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Host (protocol-icmp.rules)
 * 1:433 <-> DISABLED <-> PROTOCOL-ICMP Photuris undefined code! (protocol-icmp.rules)
 * 1:432 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Decryption Failed (protocol-icmp.rules)
 * 1:431 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Authentication Failed (protocol-icmp.rules)
 * 1:430 <-> DISABLED <-> PROTOCOL-ICMP Photuris Unknown Security Parameters Index (protocol-icmp.rules)
 * 1:429 <-> DISABLED <-> PROTOCOL-ICMP Photuris Reserved (protocol-icmp.rules)
 * 1:428 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem undefined Code (protocol-icmp.rules)
 * 1:427 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Unspecified Error (protocol-icmp.rules)
 * 1:426 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Missing a Required Option (protocol-icmp.rules)
 * 1:425 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Bad Length (protocol-icmp.rules)
 * 1:424 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request undefined code (protocol-icmp.rules)
 * 1:423 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request (protocol-icmp.rules)
 * 1:422 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply undefined code (protocol-icmp.rules)
 * 1:421 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply (protocol-icmp.rules)
 * 1:420 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect undefined code (protocol-icmp.rules)
 * 1:419 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect (protocol-icmp.rules)
 * 1:418 <-> DISABLED <-> PROTOCOL-ICMP Information Request undefined code (protocol-icmp.rules)
 * 1:417 <-> DISABLED <-> PROTOCOL-ICMP Information Request (protocol-icmp.rules)
 * 1:416 <-> DISABLED <-> PROTOCOL-ICMP Information Reply undefined code (protocol-icmp.rules)
 * 1:415 <-> DISABLED <-> PROTOCOL-ICMP Information Reply (protocol-icmp.rules)
 * 1:414 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You undefined code (protocol-icmp.rules)
 * 1:413 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You (protocol-icmp.rules)
 * 1:412 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here undefined code (protocol-icmp.rules)
 * 1:411 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here (protocol-icmp.rules)
 * 1:410 <-> DISABLED <-> PROTOCOL-ICMP Fragment Reassembly Time Exceeded (protocol-icmp.rules)
 * 1:409 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply undefined code (protocol-icmp.rules)
 * 1:408 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply (protocol-icmp.rules)
 * 1:407 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable cndefined code (protocol-icmp.rules)
 * 1:406 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Route Failed (protocol-icmp.rules)
 * 1:405 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Host Isolated (protocol-icmp.rules)
 * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules)
 * 1:403 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Precedence Cutoff in effect (protocol-icmp.rules)
 * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules)
 * 1:401 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable (protocol-icmp.rules)
 * 1:400 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable for Type of Service (protocol-icmp.rules)
 * 1:399 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable (protocol-icmp.rules)
 * 1:398 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable for Type of Service (protocol-icmp.rules)
 * 1:397 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Precedence Violation (protocol-icmp.rules)
 * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules)
 * 1:395 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Network Unknown (protocol-icmp.rules)
 * 1:394 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Host Unknown (protocol-icmp.rules)
 * 1:393 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error undefined code (protocol-icmp.rules)
 * 1:392 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error (protocol-icmp.rules)
 * 1:391 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address undefined code (protocol-icmp.rules)
 * 1:390 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address (protocol-icmp.rules)
 * 1:389 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request undefined code (protocol-icmp.rules)
 * 1:388 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request (protocol-icmp.rules)
 * 1:387 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply undefined code (protocol-icmp.rules)
 * 1:386 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply (protocol-icmp.rules)
 * 1:385 <-> DISABLED <-> PROTOCOL-ICMP traceroute (protocol-icmp.rules)
 * 1:384 <-> DISABLED <-> PROTOCOL-ICMP PING (protocol-icmp.rules)
 * 1:382 <-> DISABLED <-> PROTOCOL-ICMP PING Windows (protocol-icmp.rules)
 * 1:381 <-> DISABLED <-> PROTOCOL-ICMP PING Oracle Solaris (protocol-icmp.rules)
 * 1:380 <-> DISABLED <-> PROTOCOL-ICMP PING Seer Windows (protocol-icmp.rules)
 * 1:379 <-> DISABLED <-> PROTOCOL-ICMP PING Pinger Windows (protocol-icmp.rules)
 * 1:378 <-> DISABLED <-> PROTOCOL-ICMP PING Ping-O-MeterWindows (protocol-icmp.rules)
 * 1:377 <-> DISABLED <-> PROTOCOL-ICMP PING Network Toolbox 3 Windows (protocol-icmp.rules)
 * 1:376 <-> DISABLED <-> PROTOCOL-ICMP PING Microsoft Windows (protocol-icmp.rules)
 * 1:375 <-> DISABLED <-> PROTOCOL-ICMP PING LINUX/*BSD (protocol-icmp.rules)
 * 1:374 <-> DISABLED <-> PROTOCOL-ICMP PING IP NetMonitor Macintosh (protocol-icmp.rules)
 * 1:373 <-> DISABLED <-> PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software (protocol-icmp.rules)
 * 1:372 <-> DISABLED <-> PROTOCOL-ICMP PING Delphi-Piette Windows (protocol-icmp.rules)
 * 1:371 <-> DISABLED <-> PROTOCOL-ICMP PING Cisco Type.x (protocol-icmp.rules)
 * 1:370 <-> DISABLED <-> PROTOCOL-ICMP PING BeOS4.x (protocol-icmp.rules)
 * 1:369 <-> DISABLED <-> PROTOCOL-ICMP PING BayRS Router (protocol-icmp.rules)
 * 1:368 <-> DISABLED <-> PROTOCOL-ICMP PING BSDtype (protocol-icmp.rules)
 * 1:366 <-> DISABLED <-> PROTOCOL-ICMP PING *NIX (protocol-icmp.rules)
 * 1:365 <-> DISABLED <-> PROTOCOL-ICMP PING undefined code (protocol-icmp.rules)
 * 1:364 <-> DISABLED <-> PROTOCOL-ICMP IRDP router selection (protocol-icmp.rules)
 * 1:363 <-> DISABLED <-> PROTOCOL-ICMP IRDP router advertisement (protocol-icmp.rules)
 * 1:362 <-> DISABLED <-> PROTOCOL-FTP tar parameters (protocol-ftp.rules)
 * 1:361 <-> DISABLED <-> PROTOCOL-FTP SITE EXEC attempt (protocol-ftp.rules)
 * 1:360 <-> DISABLED <-> PROTOCOL-FTP serv-u directory transversal (protocol-ftp.rules)
 * 1:359 <-> DISABLED <-> PROTOCOL-FTP satan scan (protocol-ftp.rules)
 * 1:358 <-> DISABLED <-> PROTOCOL-FTP saint scan (protocol-ftp.rules)
 * 1:357 <-> DISABLED <-> PROTOCOL-FTP piss scan (protocol-ftp.rules)
 * 1:356 <-> DISABLED <-> PROTOCOL-FTP passwd retrieval attempt (protocol-ftp.rules)
 * 1:355 <-> DISABLED <-> PROTOCOL-FTP pass wh00t (protocol-ftp.rules)
 * 1:354 <-> DISABLED <-> PROTOCOL-FTP iss scan (protocol-ftp.rules)
 * 1:353 <-> DISABLED <-> PROTOCOL-FTP adm scan (protocol-ftp.rules)
 * 1:337 <-> DISABLED <-> PROTOCOL-FTP CEL overflow attempt (protocol-ftp.rules)
 * 1:336 <-> DISABLED <-> PROTOCOL-FTP CWD ~root attempt (protocol-ftp.rules)
 * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules)
 * 1:334 <-> DISABLED <-> PROTOCOL-FTP .forward (protocol-ftp.rules)
 * 1:333 <-> DISABLED <-> PROTOCOL-FINGER . query (protocol-finger.rules)
 * 1:332 <-> DISABLED <-> PROTOCOL-FINGER 0 query (protocol-finger.rules)
 * 1:331 <-> DISABLED <-> PROTOCOL-FINGER cybercop query (protocol-finger.rules)
 * 1:330 <-> DISABLED <-> PROTOCOL-FINGER redirection attempt (protocol-finger.rules)
 * 1:328 <-> DISABLED <-> PROTOCOL-FINGER bomb attempt (protocol-finger.rules)
 * 1:327 <-> DISABLED <-> PROTOCOL-FINGER remote command pipe execution attempt (protocol-finger.rules)
 * 1:326 <-> DISABLED <-> PROTOCOL-FINGER remote command execution attempt (protocol-finger.rules)
 * 1:324 <-> DISABLED <-> PROTOCOL-FINGER null request (protocol-finger.rules)
 * 1:323 <-> DISABLED <-> PROTOCOL-FINGER root query (protocol-finger.rules)
 * 1:322 <-> DISABLED <-> PROTOCOL-FINGER search query (protocol-finger.rules)
 * 1:321 <-> DISABLED <-> PROTOCOL-FINGER account enumeration attempt (protocol-finger.rules)
 * 1:320 <-> DISABLED <-> PROTOCOL-FINGER cmd_rootsh backdoor attempt (protocol-finger.rules)
 * 1:317 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules)
 * 1:316 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules)
 * 1:315 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules)
 * 1:314 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt (server-other.rules)
 * 1:313 <-> DISABLED <-> OS-LINUX ntalkd x86 Linux overflow (os-linux.rules)
 * 1:311 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 unsucessful overflow (browser-other.rules)
 * 1:310 <-> DISABLED <-> SERVER-MAIL x86 windows MailMax overflow (server-mail.rules)
 * 1:292 <-> DISABLED <-> OS-LINUX x86 Linux samba overflow (os-linux.rules)
 * 1:290 <-> DISABLED <-> PROTOCOL-POP EXPLOIT qpopper overflow (protocol-pop.rules)
 * 1:289 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 SCO overflow (protocol-pop.rules)
 * 1:288 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 Linux overflow (protocol-pop.rules)
 * 1:287 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules)
 * 1:286 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules)
 * 1:283 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 client overflow (browser-other.rules)
 * 1:281 <-> DISABLED <-> DOS Ascend Route (dos.rules)
 * 1:279 <-> DISABLED <-> DOS Bay/Nortel Nautica Marlin (dos.rules)
 * 1:278 <-> DISABLED <-> DOS RealNetworks Server template.html (dos.rules)
 * 1:277 <-> DISABLED <-> DOS RealNetworks Server template.html (dos.rules)
 * 1:276 <-> DISABLED <-> DOS RealNetworks Audio Server denial of service attempt (dos.rules)
 * 1:274 <-> DISABLED <-> PROTOCOL-ICMP ath (protocol-icmp.rules)
 * 1:272 <-> DISABLED <-> DOS IGMP dos attack (dos.rules)
 * 1:271 <-> DISABLED <-> DOS UDP echo+chargen bomb (dos.rules)
 * 1:267 <-> DISABLED <-> OS-SOLARIS EXPLOIT sparc overflow attempt (os-solaris.rules)
 * 1:266 <-> DISABLED <-> OS-OTHER EXPLOIT x86 FreeBSD overflow attempt (os-other.rules)
 * 1:265 <-> DISABLED <-> OS-LINUX OS-LINUX x86 Linux overflow attempt ADMv2 (os-linux.rules)
 * 1:264 <-> DISABLED <-> OS-LINUX OS-LINUX x86 Linux overflow attempt (os-linux.rules)
 * 1:26204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:262 <-> DISABLED <-> OS-LINUX OS-LINUX x86 Linux overflow attempt (os-linux.rules)
 * 1:261 <-> DISABLED <-> SERVER-OTHER Bind named overflow attempt (server-other.rules)
 * 1:26096 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:26056 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit Portable Executable download (exploit-kit.rules)
 * 1:26055 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:26054 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:26053 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:26052 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:26051 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious jar file download (exploit-kit.rules)
 * 1:26050 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit SWF file download (exploit-kit.rules)
 * 1:26049 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:26048 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit PDF exploit (exploit-kit.rules)
 * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper outbound connection (malware-cnc.rules)
 * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper outbound connection (malware-cnc.rules)
 * 1:260 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADMROCKS (server-other.rules)
 * 1:25961 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit Portable Executable download (exploit-kit.rules)
 * 1:25959 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:25958 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:25957 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:25956 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious class file download (exploit-kit.rules)
 * 1:25955 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious jar file download (exploit-kit.rules)
 * 1:25954 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit SWF file download (exploit-kit.rules)
 * 1:25951 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:25950 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit PDF exploit (exploit-kit.rules)
 * 1:259 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADM (server-other.rules)
 * 1:258 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records (server-other.rules)
 * 1:257 <-> DISABLED <-> DNS named version attempt (dns.rules)
 * 1:256 <-> DISABLED <-> DNS named authors attempt (dns.rules)
 * 1:255 <-> DISABLED <-> DNS zone transfer TCP (dns.rules)
 * 1:254 <-> DISABLED <-> DNS SPOOF query response with TTL of 1 min. and no authority (dns.rules)
 * 1:253 <-> DISABLED <-> DNS SPOOF query response PTR with TTL of 1 min. and no authority (dns.rules)
 * 1:251 <-> DISABLED <-> PROTOCOL-ICMP - TFN client command LE (protocol-icmp.rules)
 * 1:25054 <-> ENABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:250 <-> DISABLED <-> MALWARE-OTHER mstream handler to client (malware-other.rules)
 * 1:248 <-> DISABLED <-> MALWARE-OTHER mstream handler to client (malware-other.rules)
 * 1:247 <-> DISABLED <-> MALWARE-OTHER mstream client to handler (malware-other.rules)
 * 1:246 <-> DISABLED <-> MALWARE-OTHER mstream agent pong to handler (malware-other.rules)
 * 1:245 <-> DISABLED <-> MALWARE-OTHER mstream handler ping to agent (malware-other.rules)
 * 1:244 <-> DISABLED <-> MALWARE-OTHER mstream handler to agent (malware-other.rules)
 * 1:243 <-> DISABLED <-> MALWARE-OTHER mstream agent to handler (malware-other.rules)
 * 1:24146 <-> ENABLED <-> BLACKLIST DNS request for known malware domain reslove-dns.com - Dorifel (blacklist.rules)
 * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules)
 * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules)
 * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules)
 * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
 * 1:240 <-> DISABLED <-> MALWARE-OTHER shaft agent to handler (malware-other.rules)
 * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing page with specific structure - fewbgazr catch (exploit-kit.rules)
 * 1:239 <-> DISABLED <-> MALWARE-OTHER shaft handler to agent (malware-other.rules)
 * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing page with specific structure - hwehes (exploit-kit.rules)
 * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:238 <-> DISABLED <-> PROTOCOL-ICMP TFN server response (protocol-icmp.rules)
 * 1:237 <-> DISABLED <-> MALWARE-OTHER Trin00 Master to Daemon default password attempt (malware-other.rules)
 * 1:236 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client check gag (protocol-icmp.rules)
 * 1:235 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default mdie password (malware-other.rules)
 * 1:234 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default password (malware-other.rules)
 * 1:23309 <-> ENABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:233 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default startup password (malware-other.rules)
 * 1:232 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master *HELLO* message detected (malware-other.rules)
 * 1:231 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master message detected (malware-other.rules)
 * 1:230 <-> DISABLED <-> MALWARE-OTHER shaft client login to handler (malware-other.rules)
 * 1:229 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client check skillz (protocol-icmp.rules)
 * 1:228 <-> DISABLED <-> PROTOCOL-ICMP TFN client command BE (protocol-icmp.rules)
 * 1:227 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client spoofworks (protocol-icmp.rules)
 * 1:226 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht server response (protocol-icmp.rules)
 * 1:225 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht gag server response (protocol-icmp.rules)
 * 1:224 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht server spoof (protocol-icmp.rules)
 * 1:223 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master PONG message detected (malware-other.rules)
 * 1:222 <-> DISABLED <-> PROTOCOL-ICMP tfn2k icmp possible communication (protocol-icmp.rules)
 * 1:221 <-> DISABLED <-> PROTOCOL-ICMP TFN Probe (protocol-icmp.rules)
 * 1:220 <-> DISABLED <-> MALWARE-BACKDOOR HideSource backdoor attempt (malware-backdoor.rules)
 * 1:219 <-> DISABLED <-> MALWARE-BACKDOOR HidePak backdoor attempt (malware-backdoor.rules)
 * 1:2183 <-> DISABLED <-> SERVER-MAIL Sendmail Content-Transfer-Encoding overflow attempt (server-mail.rules)
 * 1:218 <-> DISABLED <-> MALWARE-BACKDOOR MISC Solaris 2.5 attempt (malware-backdoor.rules)
 * 1:217 <-> DISABLED <-> MALWARE-BACKDOOR MISC sm4ck attempt (malware-backdoor.rules)
 * 1:216 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit satori attempt (malware-backdoor.rules)
 * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing page with specific structure - BBB (exploit-kit.rules)
 * 1:215 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules)
 * 1:214 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt lrkr0x (malware-backdoor.rules)
 * 1:213 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules)
 * 1:212 <-> DISABLED <-> MALWARE-BACKDOOR MISC rewt attempt (malware-backdoor.rules)
 * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules)
 * 1:211 <-> DISABLED <-> MALWARE-BACKDOOR MISC r00t attempt (malware-backdoor.rules)
 * 1:210 <-> DISABLED <-> MALWARE-BACKDOOR attempt (malware-backdoor.rules)
 * 1:209 <-> DISABLED <-> MALWARE-BACKDOOR w00w00 attempt (malware-backdoor.rules)
 * 1:208 <-> DISABLED <-> MALWARE-BACKDOOR PhaseZero Server Active on Network (malware-backdoor.rules)
 * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules)
 * 1:185 <-> DISABLED <-> MALWARE-BACKDOOR CDK (malware-backdoor.rules)
 * 1:17623 <-> ENABLED <-> FILE-OTHER Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-other.rules)
 * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules)
 * 1:163 <-> DISABLED <-> MALWARE-BACKDOOR WinCrash 1.0 Server Active (malware-backdoor.rules)
 * 1:162 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Server access (malware-backdoor.rules)
 * 1:161 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Client connect (malware-backdoor.rules)
 * 1:158 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Server FTP Open Reply (malware-backdoor.rules)
 * 1:157 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Client FTP Open Request (malware-backdoor.rules)
 * 1:152 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Connection (malware-backdoor.rules)
 * 1:147 <-> DISABLED <-> MALWARE-BACKDOOR GateCrasher (malware-backdoor.rules)
 * 1:144 <-> DISABLED <-> PROTOCOL-FTP ADMw0rm ftp login attempt (protocol-ftp.rules)
 * 1:146 <-> DISABLED <-> MALWARE-BACKDOOR NetSphere access (malware-backdoor.rules)
 * 1:141 <-> DISABLED <-> MALWARE-BACKDOOR HackAttack 1.20 Connect (malware-backdoor.rules)
 * 1:121 <-> DISABLED <-> MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request (malware-backdoor.rules)
 * 1:119 <-> DISABLED <-> MALWARE-BACKDOOR Doly 2.0 access (malware-backdoor.rules)
 * 1:117 <-> DISABLED <-> MALWARE-BACKDOOR Infector.1.x (malware-backdoor.rules)
 * 1:118 <-> DISABLED <-> MALWARE-BACKDOOR SatansBackdoor.2.0.Beta (malware-backdoor.rules)
 * 1:115 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection established (malware-backdoor.rules)
 * 1:110 <-> DISABLED <-> MALWARE-BACKDOOR netbus getinfo (malware-backdoor.rules)
 * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules)
 * 1:105 <-> DISABLED <-> MALWARE-BACKDOOR - Dagger_1.4.0 (malware-backdoor.rules)
 * 1:942 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage orders.htm access (server-other.rules)
 * 1:943 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpsrvadm.exe access (server-other.rules)
 * 1:944 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpremadm.exe access (server-other.rules)
 * 1:945 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpadmin.htm access (server-other.rules)
 * 1:946 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpadmcgi.exe access (server-other.rules)
 * 1:947 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage orders.txt access (server-other.rules)
 * 1:948 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage form_results access (server-other.rules)
 * 1:949 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage registrations.htm access (server-other.rules)
 * 1:950 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage cfgwiz.exe access (server-other.rules)
 * 1:951 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage authors.pwd access (server-other.rules)
 * 1:952 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage author.exe access (server-other.rules)
 * 1:953 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage administrators.pwd access (server-other.rules)
 * 1:954 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage form_results.htm access (server-other.rules)
 * 1:955 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage access.cnf access (server-other.rules)
 * 1:956 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage register.txt access (server-other.rules)
 * 1:957 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage registrations.txt access (server-other.rules)
 * 1:958 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.cnf access (server-other.rules)
 * 1:959 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.pwd (server-other.rules)
 * 1:960 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.stp access (server-other.rules)
 * 1:961 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage services.cnf access (server-other.rules)
 * 1:962 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage shtml.exe access (server-other.rules)
 * 1:963 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage svcacl.cnf access (server-other.rules)
 * 1:964 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage users.pwd access (server-other.rules)
 * 1:965 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage writeto.cnf access (server-other.rules)
 * 1:966 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage .... request (server-other.rules)
 * 1:967 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage dvwssr.dll access (server-other.rules)
 * 1:968 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage register.htm access (server-other.rules)
 * 1:969 <-> DISABLED <-> SERVER-IIS WebDAV file lock attempt (server-iis.rules)
 * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules)
 * 1:973 <-> DISABLED <-> SERVER-IIS *.idc attempt (server-iis.rules)
 * 1:974 <-> DISABLED <-> SERVER-IIS Directory transversal attempt (server-iis.rules)
 * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules)
 * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules)
 * 1:977 <-> DISABLED <-> SERVER-IIS .cnf access (server-iis.rules)
 * 1:978 <-> DISABLED <-> SERVER-IIS ASP contents view (server-iis.rules)
 * 1:979 <-> DISABLED <-> SERVER-IIS ASP contents view (server-iis.rules)
 * 1:980 <-> DISABLED <-> SERVER-IIS CGImail.exe access (server-iis.rules)
 * 1:984 <-> DISABLED <-> SERVER-IIS JET VBA access (server-iis.rules)
 * 1:985 <-> DISABLED <-> SERVER-IIS JET VBA access (server-iis.rules)
 * 1:986 <-> DISABLED <-> SERVER-IIS MSProxy access (server-iis.rules)
 * 1:987 <-> DISABLED <-> FILE-IDENTIFY .htr access file download request (file-identify.rules)
 * 1:989 <-> DISABLED <-> MALWARE-CNC sensepost.exe command shell (malware-cnc.rules)
 * 1:990 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage _vti_inf.html access (server-other.rules)
 * 1:991 <-> DISABLED <-> SERVER-IIS achg.htr access (server-iis.rules)
 * 1:992 <-> DISABLED <-> SERVER-IIS adctest.asp access (server-iis.rules)
 * 1:993 <-> DISABLED <-> SERVER-IIS iisadmin access (server-iis.rules)
 * 1:994 <-> DISABLED <-> SERVER-IIS /scripts/iisadmin/default.htm access (server-iis.rules)
 * 1:995 <-> DISABLED <-> SERVER-IIS ism.dll access (server-iis.rules)
 * 1:996 <-> DISABLED <-> SERVER-IIS anot.htr access (server-iis.rules)
 * 1:997 <-> DISABLED <-> SERVER-IIS asp-dot attempt (server-iis.rules)
 * 1:998 <-> DISABLED <-> SERVER-IIS asp-srch attempt (server-iis.rules)
 * 1:999 <-> DISABLED <-> SERVER-IIS bdir access (server-iis.rules)
 * 3:26213 <-> ENABLED <-> MISC g01 exploit kit dns request - doesntexist.com (misc.rules)
 * 3:26214 <-> ENABLED <-> MISC g01 exploit kit dns request - dnsalias.com (misc.rules)
 * 3:26215 <-> ENABLED <-> MISC g01 exploit kit dns request - dynalias.com (misc.rules)