Sourcefire VRT Update

Date: 2007-03-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
10217 <-> NETBIOS SMB svcctl alter context attempt (rpc.rules)
10218 <-> NETBIOS SMB svcctl unicode alter context attempt (rpc.rules)
10219 <-> NETBIOS SMB svcctl WriteAndX alter context attempt (rpc.rules)
10220 <-> NETBIOS SMB svcctl WriteAndX unicode alter context attempt (rpc.rules)
10221 <-> NETBIOS SMB-DS svcctl alter context attempt (rpc.rules)
10222 <-> NETBIOS SMB-DS svcctl WriteAndX alter context attempt (rpc.rules)
10223 <-> NETBIOS SMB-DS svcctl unicode alter context attempt (rpc.rules)
10224 <-> NETBIOS SMB-DS svcctl WriteAndX unicode alter context attempt (rpc.rules)
10225 <-> NETBIOS SMB svcctl little endian alter context attempt (rpc.rules)
10226 <-> NETBIOS SMB svcctl WriteAndX little endian alter context attempt (rpc.rules)
10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (rpc.rules)
10228 <-> NETBIOS SMB svcctl WriteAndX unicode little endian alter context attempt (rpc.rules)
10229 <-> NETBIOS SMB-DS svcctl little endian alter context attempt (rpc.rules)
10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (rpc.rules)
10231 <-> NETBIOS SMB-DS svcctl unicode little endian alter context attempt (rpc.rules)
10232 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian alter context attempt (rpc.rules)
10233 <-> NETBIOS SMB svcctl bind attempt (rpc.rules)
10234 <-> NETBIOS SMB svcctl unicode bind attempt (rpc.rules)
10235 <-> NETBIOS SMB svcctl WriteAndX bind attempt (rpc.rules)
10236 <-> NETBIOS SMB svcctl WriteAndX unicode bind attempt (rpc.rules)
10237 <-> NETBIOS SMB-DS svcctl bind attempt (rpc.rules)
10238 <-> NETBIOS SMB-DS svcctl WriteAndX bind attempt (rpc.rules)
10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (rpc.rules)
10240 <-> NETBIOS SMB-DS svcctl WriteAndX unicode bind attempt (rpc.rules)
10241 <-> NETBIOS SMB svcctl little endian bind attempt (rpc.rules)
10242 <-> NETBIOS SMB svcctl WriteAndX little endian bind attempt (rpc.rules)
10243 <-> NETBIOS SMB svcctl unicode little endian bind attempt (rpc.rules)
10244 <-> NETBIOS SMB svcctl WriteAndX unicode little endian bind attempt (rpc.rules)
10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (rpc.rules)
10246 <-> NETBIOS SMB-DS svcctl WriteAndX little endian bind attempt (rpc.rules)
10247 <-> NETBIOS SMB-DS svcctl unicode little endian bind attempt (rpc.rules)
10248 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian bind attempt (rpc.rules)
10249 <-> NETBIOS SMB svcctl andx alter context attempt (rpc.rules)
10250 <-> NETBIOS SMB svcctl unicode andx alter context attempt (rpc.rules)
10251 <-> NETBIOS SMB svcctl WriteAndX andx alter context attempt (rpc.rules)
10252 <-> NETBIOS SMB svcctl WriteAndX unicode andx alter context attempt (rpc.rules)
10253 <-> NETBIOS SMB-DS svcctl andx alter context attempt (rpc.rules)
10254 <-> NETBIOS SMB-DS svcctl WriteAndX andx alter context attempt (rpc.rules)
10255 <-> NETBIOS SMB-DS svcctl unicode andx alter context attempt (rpc.rules)
10256 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx alter context attempt (rpc.rules)
10257 <-> NETBIOS SMB svcctl little endian andx alter context attempt (rpc.rules)
10258 <-> NETBIOS SMB svcctl WriteAndX little endian andx alter context attempt (rpc.rules)
10259 <-> NETBIOS SMB svcctl unicode little endian andx alter context attempt (rpc.rules)
10260 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx alter context attempt (rpc.rules)
10261 <-> NETBIOS SMB-DS svcctl little endian andx alter context attempt (rpc.rules)
10262 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx alter context attempt (rpc.rules)
10263 <-> NETBIOS SMB-DS svcctl unicode little endian andx alter context attempt (rpc.rules)
10264 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx alter context attempt (rpc.rules)
10265 <-> NETBIOS SMB svcctl andx bind attempt (rpc.rules)
10266 <-> NETBIOS SMB svcctl unicode andx bind attempt (rpc.rules)
10267 <-> NETBIOS SMB svcctl WriteAndX andx bind attempt (rpc.rules)
10268 <-> NETBIOS SMB svcctl WriteAndX unicode andx bind attempt (rpc.rules)
10269 <-> NETBIOS SMB-DS svcctl andx bind attempt (rpc.rules)
10270 <-> NETBIOS SMB-DS svcctl WriteAndX andx bind attempt (rpc.rules)
10271 <-> NETBIOS SMB-DS svcctl unicode andx bind attempt (rpc.rules)
10272 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx bind attempt (rpc.rules)
10273 <-> NETBIOS SMB svcctl little endian andx bind attempt (rpc.rules)
10274 <-> NETBIOS SMB svcctl WriteAndX little endian andx bind attempt (rpc.rules)
10275 <-> NETBIOS SMB svcctl unicode little endian andx bind attempt (rpc.rules)
10276 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx bind attempt (rpc.rules)
10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (rpc.rules)
10278 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx bind attempt (rpc.rules)
10279 <-> NETBIOS SMB-DS svcctl unicode little endian andx bind attempt (rpc.rules)
10280 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx bind attempt (rpc.rules)
10281 <-> NETBIOS DCERPC DIRECT svcctl little endian alter context attempt (rpc.rules)
10282 <-> NETBIOS DCERPC DIRECT svcctl alter context attempt (rpc.rules)
10283 <-> NETBIOS DCERPC DIRECT svcctl little endian bind attempt (rpc.rules)
10284 <-> NETBIOS DCERPC DIRECT svcctl bind attempt (rpc.rules)
10285 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode attempt (rpc.rules)
10286 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules)
10287 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules)
10288 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10289 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules)
10290 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules)
10291 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10292 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules)
10293 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules)
10294 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A attempt (rpc.rules)
10295 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules)
10296 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10297 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10298 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules)
10299 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules)
10300 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules)
10301 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules)
10302 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules)
10303 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian attempt (rpc.rules)
10304 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (rpc.rules)
10305 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules)
10306 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (rpc.rules)
10307 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules)
10308 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (rpc.rules)
10309 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A attempt (rpc.rules)
10310 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode attempt (rpc.rules)
10311 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules)
10312 <-> NETBIOS SMB svcctl ChangeServiceConfig2A attempt (rpc.rules)
10313 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX attempt (rpc.rules)
10314 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (rpc.rules)
10315 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX object call attempt (rpc.rules)
10316 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules)
10317 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules)
10318 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (rpc.rules)
10319 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian object call attempt (rpc.rules)
10320 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (rpc.rules)
10321 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (rpc.rules)
10322 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A object call attempt (rpc.rules)
10323 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode object call attempt (rpc.rules)
10324 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (rpc.rules)
10325 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (rpc.rules)
10326 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX object call attempt (rpc.rules)
10327 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode object call attempt (rpc.rules)
10328 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (rpc.rules)
10329 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (rpc.rules)
10330 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode attempt (rpc.rules)
10331 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode attempt (rpc.rules)
10332 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian attempt (rpc.rules)
10333 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules)
10334 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules)
10335 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules)
10336 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules)
10337 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules)
10338 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules)
10339 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules)
10340 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules)
10341 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules)
10342 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A andx attempt (rpc.rules)
10343 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules)
10344 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules)
10345 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx attempt (rpc.rules)
10346 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules)
10347 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules)
10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules)
10349 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules)
10350 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules)
10351 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (rpc.rules)
10352 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A andx attempt (rpc.rules)
10353 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules)
10354 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules)
10355 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules)
10356 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (rpc.rules)
10357 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx attempt (rpc.rules)
10358 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules)
10359 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules)
10360 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx attempt (rpc.rules)
10361 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (rpc.rules)
10362 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (rpc.rules)
10363 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (rpc.rules)
10364 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx object call attempt (rpc.rules)
10365 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx object call attempt (rpc.rules)
10366 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (rpc.rules)
10367 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (rpc.rules)
10368 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (rpc.rules)
10369 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (rpc.rules)
10370 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx object call attempt (rpc.rules)
10371 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx object call attempt (rpc.rules)
10372 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (rpc.rules)
10373 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx object call attempt (rpc.rules)
10374 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (rpc.rules)
10375 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx object call attempt (rpc.rules)
10376 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (rpc.rules)
10377 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (rpc.rules)
10378 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx attempt (rpc.rules)
10379 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (rpc.rules)
10380 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (rpc.rules)
10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (rpc.rules)
10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (rpc.rules)
10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (rpc.rules)
10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (rpc.rules)
10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (rpc.rules)
10387 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid access (web-client.rules)
10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules)
10389 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX function call access (web-client.rules)
10390 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid access (web-client.rules)
10391 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid unicode access (web-client.rules)
10392 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX function call access (web-client.rules)
10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules)
10394 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid unicode access (web-client.rules)
10395 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX function call access (web-client.rules)

Updated rules:
1941 <-> TFTP GET filename overflow attempt (tftp.rules)
2337 <-> TFTP PUT filename overflow attempt (tftp.rules)
10173 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid access (web-client.rules)
10174 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid unicode access (web-client.rules)
10175 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX function call access (web-client.rules)
10195 <-> WEB-MISC Possible Content-Length buffer overflow attempt (web-misc.rules)
10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules)
10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules)
10208 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
10209 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
10210 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection little endian attempt (netbios.rules)
10211 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect COMN_NetTestConnection little endian attempt (netbios.rules)
10212 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection object call attempt (netbios.rules)
10213 <-> NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection little endian object call attempt (netbios.rules)