Sourcefire VRT Update

Date: 2007-05-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
11290 <-> WEB-CLIENT Excel malformed named graph information ascii overflow (web-client.rules)
11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules)
11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules)
11293 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid access (web-client.rules)
11294 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid unicode access (web-client.rules)
11295 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call access (web-client.rules)
11296 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call unicode access (web-client.rules)
11297 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid access (web-client.rules)
11298 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid unicode access (web-client.rules)
11299 <-> WEB-CLIENT Clever Database Comparer ActiveX function call access (web-client.rules)
11300 <-> WEB-CLIENT Clever Database Comparer ActiveX function call unicode access (web-client.rules)
11301 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid access (web-client.rules)
11302 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid unicode access (web-client.rules)
11303 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call access (web-client.rules)
11304 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call unicode access (web-client.rules)
11305 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - send log through smtp (spyware-put.rules)
11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules)
11307 <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules)
11308 <-> SPYWARE-PUT Other-Technologies spydawn runtime detection - update checking (spyware-put.rules)
11309 <-> SPYWARE-PUT Keylogger sskc v2.0 runtime detection (spyware-put.rules)
11310 <-> SPYWARE-PUT Trickler iowa webdownloader - icq notification (spyware-put.rules)
11311 <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules)
11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules)
11313 <-> SPYWARE-PUT Other-Technologies spywarelocker 3.3 runtime detection - update checking (spyware-put.rules)
11314 <-> BACKDOOR shadownet remote spy 2.0 runtime detection (backdoor.rules)
11315 <-> BACKDOOR ykw v375 runtime detection (backdoor.rules)
11316 <-> BACKDOOR lurker 1.1 runtime detection - init connection (backdoor.rules)
11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules)
11318 <-> BACKDOOR boer runtime detection - init connection (backdoor.rules)
11319 <-> BACKDOOR netwindow runtime detection - init connection request (backdoor.rules)
11320 <-> BACKDOOR netwindow runtime detection - reverse mode init connection request (backdoor.rules)
11321 <-> BACKDOOR netwindow runtime detection - udp broadcast (backdoor.rules)
11322 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
11323 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules)
11324 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call access (web-client.rules)
11325 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call unicode access (web-client.rules)
11326 <-> NETBIOS SMB lsarpc alter context attempt (netbios.rules)
11327 <-> NETBIOS SMB-DS lsarpc WriteAndX alter context attempt (netbios.rules)
11328 <-> NETBIOS SMB-DS lsarpc unicode alter context attempt (netbios.rules)
11329 <-> NETBIOS SMB lsarpc WriteAndX alter context attempt (netbios.rules)
11330 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode alter context attempt (netbios.rules)
11331 <-> NETBIOS-DG SMB lsarpc alter context attempt (netbios.rules)
11332 <-> NETBIOS-DG SMB lsarpc WriteAndX alter context attempt (netbios.rules)
11333 <-> NETBIOS-DG SMB lsarpc unicode alter context attempt (netbios.rules)
11334 <-> NETBIOS SMB lsarpc unicode alter context attempt (netbios.rules)
11335 <-> NETBIOS SMB lsarpc WriteAndX unicode alter context attempt (netbios.rules)
11336 <-> NETBIOS SMB-DS lsarpc alter context attempt (netbios.rules)
11337 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode alter context attempt (netbios.rules)
11338 <-> NETBIOS SMB lsarpc little endian alter context attempt (netbios.rules)
11339 <-> NETBIOS SMB lsarpc WriteAndX little endian alter context attempt (netbios.rules)
11340 <-> NETBIOS SMB lsarpc unicode little endian alter context attempt (netbios.rules)
11341 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules)
11342 <-> NETBIOS SMB-DS lsarpc little endian alter context attempt (netbios.rules)
11343 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian alter context attempt (netbios.rules)
11344 <-> NETBIOS SMB-DS lsarpc unicode little endian alter context attempt (netbios.rules)
11345 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules)
11346 <-> NETBIOS-DG SMB lsarpc little endian alter context attempt (netbios.rules)
11347 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian alter context attempt (netbios.rules)
11348 <-> NETBIOS-DG SMB lsarpc unicode little endian alter context attempt (netbios.rules)
11349 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian alter context attempt (netbios.rules)
11350 <-> NETBIOS SMB lsarpc bind attempt (netbios.rules)
11351 <-> NETBIOS SMB lsarpc WriteAndX bind attempt (netbios.rules)
11352 <-> NETBIOS SMB lsarpc unicode bind attempt (netbios.rules)
11353 <-> NETBIOS SMB lsarpc WriteAndX unicode bind attempt (netbios.rules)
11354 <-> NETBIOS SMB-DS lsarpc bind attempt (netbios.rules)
11355 <-> NETBIOS SMB-DS lsarpc WriteAndX bind attempt (netbios.rules)
11356 <-> NETBIOS SMB-DS lsarpc unicode bind attempt (netbios.rules)
11357 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode bind attempt (netbios.rules)
11358 <-> NETBIOS-DG SMB lsarpc bind attempt (netbios.rules)
11359 <-> NETBIOS-DG SMB lsarpc WriteAndX bind attempt (netbios.rules)
11360 <-> NETBIOS-DG SMB lsarpc unicode bind attempt (netbios.rules)
11361 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode bind attempt (netbios.rules)
11362 <-> NETBIOS SMB lsarpc little endian bind attempt (netbios.rules)
11363 <-> NETBIOS SMB lsarpc WriteAndX little endian bind attempt (netbios.rules)
11364 <-> NETBIOS SMB lsarpc unicode little endian bind attempt (netbios.rules)
11365 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian bind attempt (netbios.rules)
11366 <-> NETBIOS SMB-DS lsarpc little endian bind attempt (netbios.rules)
11367 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian bind attempt (netbios.rules)
11368 <-> NETBIOS SMB-DS lsarpc unicode little endian bind attempt (netbios.rules)
11369 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian bind attempt (netbios.rules)
11370 <-> NETBIOS-DG SMB lsarpc little endian bind attempt (netbios.rules)
11371 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian bind attempt (netbios.rules)
11372 <-> NETBIOS-DG SMB lsarpc unicode little endian bind attempt (netbios.rules)
11373 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian bind attempt (netbios.rules)
11374 <-> NETBIOS SMB lsarpc andx alter context attempt (netbios.rules)
11375 <-> NETBIOS SMB-DS lsarpc WriteAndX andx alter context attempt (netbios.rules)
11376 <-> NETBIOS SMB-DS lsarpc unicode andx alter context attempt (netbios.rules)
11377 <-> NETBIOS SMB lsarpc WriteAndX andx alter context attempt (netbios.rules)
11378 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode andx alter context attempt (netbios.rules)
11379 <-> NETBIOS-DG SMB lsarpc andx alter context attempt (netbios.rules)
11380 <-> NETBIOS-DG SMB lsarpc WriteAndX andx alter context attempt (netbios.rules)
11381 <-> NETBIOS-DG SMB lsarpc unicode andx alter context attempt (netbios.rules)
11382 <-> NETBIOS SMB lsarpc unicode andx alter context attempt (netbios.rules)
11383 <-> NETBIOS SMB lsarpc WriteAndX unicode andx alter context attempt (netbios.rules)
11384 <-> NETBIOS SMB-DS lsarpc andx alter context attempt (netbios.rules)
11385 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode andx alter context attempt (netbios.rules)
11386 <-> NETBIOS SMB lsarpc little endian andx alter context attempt (netbios.rules)
11387 <-> NETBIOS SMB lsarpc WriteAndX little endian andx alter context attempt (netbios.rules)
11388 <-> NETBIOS SMB lsarpc unicode little endian andx alter context attempt (netbios.rules)
11389 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11390 <-> NETBIOS SMB-DS lsarpc little endian andx alter context attempt (netbios.rules)
11391 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian andx alter context attempt (netbios.rules)
11392 <-> NETBIOS SMB-DS lsarpc unicode little endian andx alter context attempt (netbios.rules)
11393 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11394 <-> NETBIOS-DG SMB lsarpc little endian andx alter context attempt (netbios.rules)
11395 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian andx alter context attempt (netbios.rules)
11396 <-> NETBIOS-DG SMB lsarpc unicode little endian andx alter context attempt (netbios.rules)
11397 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11398 <-> NETBIOS SMB lsarpc andx bind attempt (netbios.rules)
11399 <-> NETBIOS SMB lsarpc WriteAndX andx bind attempt (netbios.rules)
11400 <-> NETBIOS SMB lsarpc unicode andx bind attempt (netbios.rules)
11401 <-> NETBIOS SMB lsarpc WriteAndX unicode andx bind attempt (netbios.rules)
11402 <-> NETBIOS SMB-DS lsarpc andx bind attempt (netbios.rules)
11403 <-> NETBIOS SMB-DS lsarpc WriteAndX andx bind attempt (netbios.rules)
11404 <-> NETBIOS SMB-DS lsarpc unicode andx bind attempt (netbios.rules)
11405 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode andx bind attempt (netbios.rules)
11406 <-> NETBIOS-DG SMB lsarpc andx bind attempt (netbios.rules)
11407 <-> NETBIOS-DG SMB lsarpc WriteAndX andx bind attempt (netbios.rules)
11408 <-> NETBIOS-DG SMB lsarpc unicode andx bind attempt (netbios.rules)
11409 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode andx bind attempt (netbios.rules)
11410 <-> NETBIOS SMB lsarpc little endian andx bind attempt (netbios.rules)
11411 <-> NETBIOS SMB lsarpc WriteAndX little endian andx bind attempt (netbios.rules)
11412 <-> NETBIOS SMB lsarpc unicode little endian andx bind attempt (netbios.rules)
11413 <-> NETBIOS SMB lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules)
11414 <-> NETBIOS SMB-DS lsarpc little endian andx bind attempt (netbios.rules)
11415 <-> NETBIOS SMB-DS lsarpc WriteAndX little endian andx bind attempt (netbios.rules)
11416 <-> NETBIOS SMB-DS lsarpc unicode little endian andx bind attempt (netbios.rules)
11417 <-> NETBIOS SMB-DS lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules)
11418 <-> NETBIOS-DG SMB lsarpc little endian andx bind attempt (netbios.rules)
11419 <-> NETBIOS-DG SMB lsarpc WriteAndX little endian andx bind attempt (netbios.rules)
11420 <-> NETBIOS-DG SMB lsarpc unicode little endian andx bind attempt (netbios.rules)
11421 <-> NETBIOS-DG SMB lsarpc WriteAndX unicode little endian andx bind attempt (netbios.rules)
11422 <-> NETBIOS DCERPC DIRECT lsarpc little endian alter context attempt (netbios.rules)
11423 <-> NETBIOS DCERPC DIRECT-UDP lsarpc little endian alter context attempt (netbios.rules)
11424 <-> NETBIOS DCERPC DIRECT-UDP lsarpc alter context attempt (netbios.rules)
11425 <-> NETBIOS DCERPC NCACN-HTTP lsarpc alter context attempt (netbios.rules)
11426 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc alter context attempt (netbios.rules)
11427 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc alter context attempt (netbios.rules)
11428 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian alter context attempt (netbios.rules)
11429 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc little endian alter context attempt (netbios.rules)
11430 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc little endian alter context attempt (netbios.rules)
11431 <-> NETBIOS DCERPC DIRECT lsarpc alter context attempt (netbios.rules)
11432 <-> NETBIOS DCERPC DIRECT lsarpc little endian bind attempt (netbios.rules)
11433 <-> NETBIOS DCERPC DIRECT-UDP lsarpc little endian bind attempt (netbios.rules)
11434 <-> NETBIOS DCERPC DIRECT-UDP lsarpc bind attempt (netbios.rules)
11435 <-> NETBIOS DCERPC NCACN-HTTP lsarpc bind attempt (netbios.rules)
11436 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc bind attempt (netbios.rules)
11437 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc bind attempt (netbios.rules)
11438 <-> NETBIOS DCERPC NCACN-HTTP lsarpc little endian bind attempt (netbios.rules)
11439 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc little endian bind attempt (netbios.rules)
11440 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc little endian bind attempt (netbios.rules)
11441 <-> NETBIOS DCERPC DIRECT lsarpc bind attempt (netbios.rules)
11442 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11443 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11444 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11445 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11446 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11447 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11448 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11449 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11450 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11451 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11452 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11453 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11454 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11455 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11456 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11457 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11458 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11459 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11460 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11461 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11462 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11463 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11464 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11465 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11466 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11467 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11468 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11469 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11470 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11471 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11472 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11473 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11474 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11475 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode overflow attempt (netbios.rules)
11476 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX overflow attempt (netbios.rules)
11477 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode overflow attempt (netbios.rules)
11478 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11479 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11480 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11481 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11482 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11483 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11484 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11485 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11486 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian overflow attempt (netbios.rules)
11487 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian overflow attempt (netbios.rules)
11488 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian overflow attempt (netbios.rules)
11489 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules)
11490 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11491 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules)
11492 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules)
11493 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules)
11494 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules)
11495 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11496 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11497 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules)
11498 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode object call overflow attempt (netbios.rules)
11499 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX object call overflow attempt (netbios.rules)
11500 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode object call overflow attempt (netbios.rules)
11501 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11502 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules)
11503 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules)
11504 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules)
11505 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules)
11506 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules)
11507 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11508 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules)
11509 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian object call overflow attempt (netbios.rules)
11510 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian object call overflow attempt (netbios.rules)
11511 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian object call overflow attempt (netbios.rules)
11512 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11513 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11514 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11515 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11516 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11517 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11518 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11519 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11520 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11521 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11522 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11523 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11524 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11525 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11526 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11527 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11528 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11529 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11530 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11531 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11532 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11533 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11534 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11535 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11536 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11537 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11538 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11539 <-> NETBIOS SMB-DS v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11540 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11541 <-> NETBIOS SMB v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11542 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11543 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11544 <-> NETBIOS-DG SMB v4 lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11545 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11546 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11547 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx overflow attempt (netbios.rules)
11548 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx overflow attempt (netbios.rules)
11549 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode andx overflow attempt (netbios.rules)
11550 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount andx overflow attempt (netbios.rules)
11551 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11552 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11553 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11554 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11555 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11556 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11557 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11558 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx overflow attempt (netbios.rules)
11559 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx overflow attempt (netbios.rules)
11560 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx overflow attempt (netbios.rules)
11561 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules)
11562 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules)
11563 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules)
11564 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules)
11565 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules)
11566 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules)
11567 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules)
11568 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules)
11569 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules)
11570 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode andx object call overflow attempt (netbios.rules)
11571 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX andx object call overflow attempt (netbios.rules)
11572 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode andx object call overflow attempt (netbios.rules)
11573 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount andx object call overflow attempt (netbios.rules)
11574 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules)
11575 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules)
11576 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
11577 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
11578 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules)
11579 <-> NETBIOS SMB lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules)
11580 <-> NETBIOS SMB-DS lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules)
11581 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
11582 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount WriteAndX little endian andx object call overflow attempt (netbios.rules)
11583 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount unicode little endian andx object call overflow attempt (netbios.rules)
11584 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian andx object call overflow attempt (netbios.rules)
11585 <-> NETBIOS-DG SMB lsarpc LsarAddPrivilegesToAccount little endian andx overflow attempt (netbios.rules)
11586 <-> NETBIOS DCERPC DIRECT-UDP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11587 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11588 <-> NETBIOS DCERPC NCADG-IP-UDP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11589 <-> NETBIOS DCERPC NCADG-IP-UDP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11590 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11591 <-> NETBIOS DCERPC DIRECT v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11592 <-> NETBIOS DCERPC NCACN-HTTP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11593 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11594 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11595 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11596 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11597 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11598 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11599 <-> NETBIOS DCERPC DIRECT-UDP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11600 <-> NETBIOS DCERPC NCACN-HTTP v4 lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11601 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11602 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount little endian overflow attempt (netbios.rules)
11603 <-> NETBIOS DCERPC DIRECT v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11604 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11605 <-> NETBIOS DCERPC NCACN-IP-TCP v4 lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
11606 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11607 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11608 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11609 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11610 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11611 <-> NETBIOS DCERPC DIRECT-UDP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11612 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11613 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11614 <-> NETBIOS DCERPC DIRECT lsarpc LsarAddPrivilegesToAccount little endian object call overflow attempt (netbios.rules)
11615 <-> NETBIOS DCERPC NCACN-HTTP lsarpc LsarAddPrivilegesToAccount object call overflow attempt (netbios.rules)
11616 <-> WEB-ATTACKS Symantec Sygate Policy Manager SQL injection (web-misc.rules)
11617 <-> EXPLOIT Zenworks password authentication buffer overflow (exploit.rules)
11618 <-> EXPLOIT Trend Micro ServerProtect EarthAgent DCE-RPC Stack Overflow (exploit.rules)

Updated rules:
1143 <-> DELETED WEB-MISC ///cgi-bin access (deleted.rules)
1144 <-> DELETED WEB-MISC /cgi-bin/// access (deleted.rules)
1388 <-> MISC UPnP Location overflow attempt (misc.rules)
4990 <-> MS-SQL Heap-Based Overflow Attempt (sql.rules)
11228 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid access (web-client.rules)
11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules)