Talos has added and modified multiple rules in the browser-ie, browser-webkit, exploit-kit, file-flash, file-java, file-multimedia, file-office, indicator-scan, netbios, os-windows, protocol-dns, protocol-icmp, protocol-nntp, protocol-rpc, protocol-tftp, server-iis, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45592 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200 and r201 configuration file download attempt (server-webapp.rules)
* 1:38769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules) * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules) * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules) * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:33555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 1:38770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:39227 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WPAD spoofing attempt (os-windows.rules) * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules) * 1:40360 <-> ENABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules) * 1:40843 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 warning denial of service attempt (server-other.rules) * 1:41367 <-> ENABLED <-> SERVER-OTHER NTPD zero origin timestamp denial of service attempt (server-other.rules) * 1:43188 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43189 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:33554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45592 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200 and r201 configuration file download attempt (server-webapp.rules)
* 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:38771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:33554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules) * 1:33555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:43189 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43188 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:41367 <-> ENABLED <-> SERVER-OTHER NTPD zero origin timestamp denial of service attempt (server-other.rules) * 1:40843 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 warning denial of service attempt (server-other.rules) * 1:40360 <-> ENABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules) * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules) * 1:39227 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WPAD spoofing attempt (os-windows.rules) * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules) * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45592 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200 and r201 configuration file download attempt (server-webapp.rules)
* 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:33554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules) * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:38768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules) * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:43189 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43188 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:41367 <-> ENABLED <-> SERVER-OTHER NTPD zero origin timestamp denial of service attempt (server-other.rules) * 1:40843 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 warning denial of service attempt (server-other.rules) * 1:40360 <-> ENABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules) * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules) * 1:39227 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WPAD spoofing attempt (os-windows.rules) * 1:38771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45592 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200 and r201 configuration file download attempt (server-webapp.rules)
* 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules) * 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules) * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules) * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:33554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:43189 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43188 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:41367 <-> ENABLED <-> SERVER-OTHER NTPD zero origin timestamp denial of service attempt (server-other.rules) * 1:40843 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 warning denial of service attempt (server-other.rules) * 1:40360 <-> ENABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules) * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules) * 1:39227 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WPAD spoofing attempt (os-windows.rules) * 1:38771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
