Sourcefire VRT Update

Date: 2007-04-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
10396 <-> WEB-IIS Internet Data Query query.idq directory traversal attempt (web-iis.rules)
10397 <-> WEB-IIS Internet Data Query exair query.idq directory traversal attempt (web-iis.rules)
10398 <-> WEB-IIS Internet Data Query exair search.idq directory traversal attempt (web-iis.rules)
10399 <-> WEB-IIS Internet Data Query iissamples fastq.idq directory traversal attempt (web-iis.rules)
10400 <-> WEB-IIS Internet Data Query iissamples query.idq directory traversal attempt (web-iis.rules)
10401 <-> WEB-IIS Internet Data Query prxdocs prxrch.idq directory traversal attempt (web-iis.rules)
10402 <-> SPECIFIC-THREATS Trojan.Duntek Data Report POST (specific-threats.rules)
10403 <-> SPECIFIC-THREATS Trojan.Duntek Checkin GET Request (specific-threats.rules)
10404 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid access (web-client.rules)
10405 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid unicode access (web-client.rules)
10406 <-> WEB-CLIENT SignKorea SKCommAX ActiveX function call access (web-client.rules)
10407 <-> EXPLOIT Helix Server LoadTestPassword buffer overflow attempt (exploit.rules)
10408 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
10409 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
10410 <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
10411 <-> RPC portmap HP-UX Single Logical Screen SLSD udp request (rpc.rules)
10412 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid access (web-client.rules)
10413 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid unicode access (web-client.rules)
10414 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access (web-client.rules)
10415 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid access (web-client.rules)
10416 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid unicode access (web-client.rules)
10417 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX function call access (web-client.rules)
10418 <-> EXPLOIT lpd Solaris unlink file attempt (exploit.rules)

Updated rules:
2392 <-> FTP RETR overflow attempt (ftp.rules)
3074 <-> IMAP subscribe overflow attempt (imap.rules)
3079 <-> WEB-CLIENT Microsoft ANI file parsing overflow (web-client.rules)
4143 <-> EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules)
4144 <-> EXPLOIT lpd Solaris control file upload attempt (exploit.rules)
7978 <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID access (web-client.rules)
7979 <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash ActiveX CLSID unicode access (web-client.rules)
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules)
9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules)
9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules)
9801 <-> WEB-CLIENT Windows Media Player or Explorer Malformed RIFF File denial of service attempt (web-client.rules)
9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules)
9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules)
10217 <-> NETBIOS SMB svcctl alter context attempt (netbios.rules)
10218 <-> NETBIOS SMB svcctl unicode alter context attempt (netbios.rules)
10219 <-> NETBIOS SMB svcctl WriteAndX alter context attempt (netbios.rules)
10220 <-> NETBIOS SMB svcctl WriteAndX unicode alter context attempt (netbios.rules)
10221 <-> NETBIOS SMB-DS svcctl alter context attempt (netbios.rules)
10222 <-> NETBIOS SMB-DS svcctl WriteAndX alter context attempt (netbios.rules)
10223 <-> NETBIOS SMB-DS svcctl unicode alter context attempt (netbios.rules)
10224 <-> NETBIOS SMB-DS svcctl WriteAndX unicode alter context attempt (netbios.rules)
10225 <-> NETBIOS SMB svcctl little endian alter context attempt (netbios.rules)
10226 <-> NETBIOS SMB svcctl WriteAndX little endian alter context attempt (netbios.rules)
10227 <-> NETBIOS SMB svcctl unicode little endian alter context attempt (netbios.rules)
10228 <-> NETBIOS SMB svcctl WriteAndX unicode little endian alter context attempt (netbios.rules)
10229 <-> NETBIOS SMB-DS svcctl little endian alter context attempt (netbios.rules)
10230 <-> NETBIOS SMB-DS svcctl WriteAndX little endian alter context attempt (netbios.rules)
10231 <-> NETBIOS SMB-DS svcctl unicode little endian alter context attempt (netbios.rules)
10232 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian alter context attempt (netbios.rules)
10233 <-> NETBIOS SMB svcctl bind attempt (netbios.rules)
10234 <-> NETBIOS SMB svcctl unicode bind attempt (netbios.rules)
10235 <-> NETBIOS SMB svcctl WriteAndX bind attempt (netbios.rules)
10236 <-> NETBIOS SMB svcctl WriteAndX unicode bind attempt (netbios.rules)
10237 <-> NETBIOS SMB-DS svcctl bind attempt (netbios.rules)
10238 <-> NETBIOS SMB-DS svcctl WriteAndX bind attempt (netbios.rules)
10239 <-> NETBIOS SMB-DS svcctl unicode bind attempt (netbios.rules)
10240 <-> NETBIOS SMB-DS svcctl WriteAndX unicode bind attempt (netbios.rules)
10241 <-> NETBIOS SMB svcctl little endian bind attempt (netbios.rules)
10242 <-> NETBIOS SMB svcctl WriteAndX little endian bind attempt (netbios.rules)
10243 <-> NETBIOS SMB svcctl unicode little endian bind attempt (netbios.rules)
10244 <-> NETBIOS SMB svcctl WriteAndX unicode little endian bind attempt (netbios.rules)
10245 <-> NETBIOS SMB-DS svcctl little endian bind attempt (netbios.rules)
10246 <-> NETBIOS SMB-DS svcctl WriteAndX little endian bind attempt (netbios.rules)
10247 <-> NETBIOS SMB-DS svcctl unicode little endian bind attempt (netbios.rules)
10248 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian bind attempt (netbios.rules)
10249 <-> NETBIOS SMB svcctl andx alter context attempt (netbios.rules)
10250 <-> NETBIOS SMB svcctl unicode andx alter context attempt (netbios.rules)
10251 <-> NETBIOS SMB svcctl WriteAndX andx alter context attempt (netbios.rules)
10252 <-> NETBIOS SMB svcctl WriteAndX unicode andx alter context attempt (netbios.rules)
10253 <-> NETBIOS SMB-DS svcctl andx alter context attempt (netbios.rules)
10254 <-> NETBIOS SMB-DS svcctl WriteAndX andx alter context attempt (netbios.rules)
10255 <-> NETBIOS SMB-DS svcctl unicode andx alter context attempt (netbios.rules)
10256 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx alter context attempt (netbios.rules)
10257 <-> NETBIOS SMB svcctl little endian andx alter context attempt (netbios.rules)
10258 <-> NETBIOS SMB svcctl WriteAndX little endian andx alter context attempt (netbios.rules)
10259 <-> NETBIOS SMB svcctl unicode little endian andx alter context attempt (netbios.rules)
10260 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx alter context attempt (netbios.rules)
10261 <-> NETBIOS SMB-DS svcctl little endian andx alter context attempt (netbios.rules)
10262 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx alter context attempt (netbios.rules)
10263 <-> NETBIOS SMB-DS svcctl unicode little endian andx alter context attempt (netbios.rules)
10264 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx alter context attempt (netbios.rules)
10265 <-> NETBIOS SMB svcctl andx bind attempt (netbios.rules)
10266 <-> NETBIOS SMB svcctl unicode andx bind attempt (netbios.rules)
10267 <-> NETBIOS SMB svcctl WriteAndX andx bind attempt (netbios.rules)
10268 <-> NETBIOS SMB svcctl WriteAndX unicode andx bind attempt (netbios.rules)
10269 <-> NETBIOS SMB-DS svcctl andx bind attempt (netbios.rules)
10270 <-> NETBIOS SMB-DS svcctl WriteAndX andx bind attempt (netbios.rules)
10271 <-> NETBIOS SMB-DS svcctl unicode andx bind attempt (netbios.rules)
10272 <-> NETBIOS SMB-DS svcctl WriteAndX unicode andx bind attempt (netbios.rules)
10273 <-> NETBIOS SMB svcctl little endian andx bind attempt (netbios.rules)
10274 <-> NETBIOS SMB svcctl WriteAndX little endian andx bind attempt (netbios.rules)
10275 <-> NETBIOS SMB svcctl unicode little endian andx bind attempt (netbios.rules)
10276 <-> NETBIOS SMB svcctl WriteAndX unicode little endian andx bind attempt (netbios.rules)
10277 <-> NETBIOS SMB-DS svcctl little endian andx bind attempt (netbios.rules)
10278 <-> NETBIOS SMB-DS svcctl WriteAndX little endian andx bind attempt (netbios.rules)
10279 <-> NETBIOS SMB-DS svcctl unicode little endian andx bind attempt (netbios.rules)
10280 <-> NETBIOS SMB-DS svcctl WriteAndX unicode little endian andx bind attempt (netbios.rules)
10281 <-> NETBIOS DCERPC DIRECT svcctl little endian alter context attempt (netbios.rules)
10282 <-> NETBIOS DCERPC DIRECT svcctl alter context attempt (netbios.rules)
10283 <-> NETBIOS DCERPC DIRECT svcctl little endian bind attempt (netbios.rules)
10284 <-> NETBIOS DCERPC DIRECT svcctl bind attempt (netbios.rules)
10285 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules)
10286 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules)
10287 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules)
10288 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10289 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A attempt (netbios.rules)
10290 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules)
10291 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules)
10292 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules)
10293 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode attempt (netbios.rules)
10294 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules)
10295 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules)
10296 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A attempt (netbios.rules)
10297 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules)
10298 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules)
10299 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules)
10300 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10301 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules)
10302 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules)
10303 <-> NETBIOS SMB svcctl ChangeServiceConfig2A attempt (netbios.rules)
10304 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules)
10305 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules)
10306 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10307 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode attempt (netbios.rules)
10308 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules)
10309 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode attempt (netbios.rules)
10310 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A attempt (netbios.rules)
10311 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX attempt (netbios.rules)
10312 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode attempt (netbios.rules)
10313 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10314 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian attempt (netbios.rules)
10315 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian attempt (netbios.rules)
10316 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian attempt (netbios.rules)
10317 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules)
10318 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX object call attempt (netbios.rules)
10319 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (netbios.rules)
10320 <-> NETBIOS SMB svcctl ChangeServiceConfig2A object call attempt (netbios.rules)
10321 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (netbios.rules)
10322 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules)
10323 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode object call attempt (netbios.rules)
10324 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (netbios.rules)
10325 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode object call attempt (netbios.rules)
10326 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A object call attempt (netbios.rules)
10327 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX object call attempt (netbios.rules)
10328 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode object call attempt (netbios.rules)
10329 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules)
10330 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian object call attempt (netbios.rules)
10331 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian object call attempt (netbios.rules)
10332 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian object call attempt (netbios.rules)
10333 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10334 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules)
10335 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules)
10336 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules)
10337 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A andx attempt (netbios.rules)
10338 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10339 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules)
10340 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules)
10341 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules)
10342 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules)
10343 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10344 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A andx attempt (netbios.rules)
10345 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules)
10346 <-> NETBIOS SMB-DS v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules)
10347 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules)
10348 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules)
10349 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules)
10350 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules)
10351 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx attempt (netbios.rules)
10352 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules)
10353 <-> NETBIOS SMB v4 svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules)
10354 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules)
10355 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules)
10356 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules)
10357 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx attempt (netbios.rules)
10358 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx attempt (netbios.rules)
10359 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx attempt (netbios.rules)
10360 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx attempt (netbios.rules)
10361 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx attempt (netbios.rules)
10362 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx attempt (netbios.rules)
10363 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx attempt (netbios.rules)
10364 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx attempt (netbios.rules)
10365 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (netbios.rules)
10366 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (netbios.rules)
10367 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (netbios.rules)
10368 <-> NETBIOS SMB svcctl ChangeServiceConfig2A andx object call attempt (netbios.rules)
10369 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (netbios.rules)
10370 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A little endian andx object call attempt (netbios.rules)
10371 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A unicode andx object call attempt (netbios.rules)
10372 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (netbios.rules)
10373 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode andx object call attempt (netbios.rules)
10374 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A andx object call attempt (netbios.rules)
10375 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX andx object call attempt (netbios.rules)
10376 <-> NETBIOS SMB-DS svcctl ChangeServiceConfig2A WriteAndX unicode andx object call attempt (netbios.rules)
10377 <-> NETBIOS SMB svcctl ChangeServiceConfig2A little endian andx object call attempt (netbios.rules)
10378 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX unicode little endian andx object call attempt (netbios.rules)
10379 <-> NETBIOS SMB svcctl ChangeServiceConfig2A unicode little endian andx object call attempt (netbios.rules)
10380 <-> NETBIOS SMB svcctl ChangeServiceConfig2A WriteAndX little endian andx object call attempt (netbios.rules)
10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (netbios.rules)
10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (netbios.rules)
10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (netbios.rules)
10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules)