Sourcefire VRT Certified Rules Update

Date: 2005-09-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
4194 - WEB-CLIENT multipacket CBO CBL CBM file transfer start (web-client.rules)
4195 - WEB-CLIENT multipacket CBO CBL CBM file transfer attempt (web-client.rules)
4196 - WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules)
4197 - WEB-CLIENT DigWebX MSN ActiveX Object Access (web-client.rules)

Updated rules:
 275 - DOS NAPTHA (dos.rules)
 276 - DOS Real Audio Server (dos.rules)
 277 - DOS Real Server template.html (dos.rules)
 303 - DNS EXPLOIT named tsig overflow attempt (dns.rules)
 306 - EXPLOIT VQServer admin (exploit.rules)
 357 - FTP piss scan (ftp.rules)
 806 - WEB-CGI yabb directory traversal attempt (web-cgi.rules)
 811 - WEB-CGI websitepro path access (web-cgi.rules)
 813 - WEB-CGI webplus directory traversal (web-cgi.rules)
 820 - WEB-CGI anaconda directory transversal attempt (web-cgi.rules)
 860 - WEB-CGI snork.bat access (web-cgi.rules)
 908 - WEB-COLDFUSION administrator access (web-coldfusion.rules)
 967 - WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules)
 980 - WEB-IIS CGImail.exe access (web-iis.rules)
1018 - WEB-IIS iisadmpwd attempt (web-iis.rules)
1079 - WEB-MISC WebDAV propfind access (web-misc.rules)
1108 - WEB-MISC Tomcat server snoop access (web-misc.rules)
1109 - WEB-MISC ROXEN directory list attempt (web-misc.rules)
1160 - WEB-MISC Netscape dir index wp (web-misc.rules)
1187 - WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules)
1196 - WEB-CGI SGI InfoSearch fname attempt (web-cgi.rules)
1207 - WEB-MISC htgrep access (web-misc.rules)
1240 - EXPLOIT MDBMS overflow (exploit.rules)
1456 - WEB-CGI calender_admin.pl access (web-cgi.rules)
1468 - WEB-CGI Web Shopper shopper.cgi attempt (web-cgi.rules)
1536 - WEB-CGI calendar_admin.pl arbitrary command execution attempt (web-cgi.rules)
1537 - WEB-CGI calendar_admin.pl access (web-cgi.rules)
1538 - NNTP AUTHINFO USER overflow attempt (nntp.rules)
1539 - WEB-CGI /cgi-bin/ls access (web-cgi.rules)
1546 - WEB-MISC Cisco /%% DOS attempt (web-misc.rules)
1552 - WEB-MISC cvsweb version access (web-misc.rules)
1558 - WEB-MISC Delegate whois overflow attempt (web-misc.rules)
1569 - WEB-CGI loadpage.cgi directory traversal attempt (web-cgi.rules)
1570 - WEB-CGI loadpage.cgi access (web-cgi.rules)
1598 - WEB-CGI Home Free search.cgi directory traversal attempt (web-cgi.rules)
1605 - DOS iParty DOS attempt (dos.rules)
1615 - WEB-MISC htgrep attempt (web-misc.rules)
1621 - FTP CMD overflow attempt (ftp.rules)
1622 - FTP RNFR ././ attempt (ftp.rules)
1623 - FTP invalid MODE (ftp.rules)
1624 - FTP PWD overflow attempt (ftp.rules)
1625 - FTP SYST overflow attempt (ftp.rules)
1637 - WEB-CGI yabb access (web-cgi.rules)
1654 - WEB-CGI cart32.exe access (web-cgi.rules)
1890 - RPC status GHBN format string attack (rpc.rules)
1891 - RPC status GHBN format string attack (rpc.rules)
1913 - RPC STATD UDP stat mon_name format string exploit attempt (rpc.rules)
1914 - RPC STATD TCP stat mon_name format string exploit attempt (rpc.rules)
1915 - RPC STATD UDP monitor mon_name format string exploit attempt (rpc.rules)
1916 - RPC STATD TCP monitor mon_name format string exploit attempt (rpc.rules)
1971 - FTP SITE EXEC format string attempt (ftp.rules)
2079 - RPC portmap nlockmgr request UDP (rpc.rules)
2080 - RPC portmap nlockmgr request TCP (rpc.rules)
2179 - FTP PASS format string attempt (ftp.rules)
2239 - WEB-MISC redirect.exe access (web-misc.rules)
2240 - WEB-MISC changepw.exe access (web-misc.rules)
2417 - FTP format string attempt (ftp.rules)
2921 - DNS UDP inverse query (dns.rules)
2922 - DNS TCP inverse query (dns.rules)
3077 - FTP RNFR overflow attempt (ftp.rules)
3218 - NETBIOS SMB OpenKey overflow attempt (netbios.rules)
3219 - NETBIOS SMB OpenKey little endian overflow attempt (netbios.rules)
3220 - NETBIOS SMB OpenKey unicode overflow attempt (netbios.rules)
3221 - NETBIOS SMB OpenKey unicode little endian overflow attempt (netbios.rules)
3222 - NETBIOS SMB OpenKey andx overflow attempt (netbios.rules)
3223 - NETBIOS SMB OpenKey little endian andx overflow attempt (netbios.rules)
3224 - NETBIOS SMB OpenKey unicode andx overflow attempt (netbios.rules)
3225 - NETBIOS SMB OpenKey unicode little endian andx overflow attempt (netbios.rules)
3226 - NETBIOS SMB-DS OpenKey overflow attempt (netbios.rules)
3227 - NETBIOS SMB-DS OpenKey little endian overflow attempt (netbios.rules)
3228 - NETBIOS SMB-DS OpenKey unicode overflow attempt (netbios.rules)
3229 - NETBIOS SMB-DS OpenKey unicode little endian overflow attempt (netbios.rules)
3230 - NETBIOS SMB-DS OpenKey andx overflow attempt (netbios.rules)
3231 - NETBIOS SMB-DS OpenKey little endian andx overflow attempt (netbios.rules)
3232 - NETBIOS SMB-DS OpenKey unicode andx overflow attempt (netbios.rules)
3233 - NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt (netbios.rules)
3523 - FTP SITE INDEX format string attempt (ftp.rules)