[Snort-sigs] snort-rules update @ Tue Aug 10 10:39:14 2004

Brian bmc at ...95...
Tue Aug 10 08:24:06 EDT 2004


As you can see, I've switched the "new rules" email format to
something that won't cause mailman to barf every time we do a rules
update.

-b

On Tue, Aug 10, 2004 at 10:39:14AM -0400, bmc at ...95... wrote:
> New rules:
> 2598 - WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules, requires 3.1 or later)
> 2599 - ORACLE add_grouped_column named sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2600 - ORACLE add_grouped_column ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2601 - ORACLE drop_master_repgroup named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2602 - ORACLE drop_master_repgroup ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2603 - ORACLE create_mview_repgroup named fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2604 - ORACLE create_mview_repgroup ordered fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2605 - ORACLE compare_old_values ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2606 - ORACLE comment_on_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2607 - ORACLE comment_on_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2608 - ORACLE check_ddl_text ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2609 - ORACLE cancel_statistics named sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2610 - ORACLE cancel_statistics ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2611 - ORACLE LINK metadata buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2612 - ORACLE revoke_surrogate_repcat named userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2613 - ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2614 - ORACLE time_zone buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2615 - ORACLE grant_surrogate_repcat named userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2616 - ORACLE grant_surrogate_repcat ordered userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2617 - ORACLE alter_mview_propagation named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2618 - ORACLE alter_mview_propagation ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2619 - ORACLE alter_master_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2620 - ORACLE alter_master_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2621 - ORACLE utl.register_flavor_change ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2622 - ORACLE utl.drop_an_object ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2623 - ORACLE utl.create_snapshot_repgroup ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2624 - ORACLE unregister_user_repgroup named privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2625 - ORACLE unregister_user_repgroup ordered privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2626 - ORACLE send_old_values ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2627 - ORACLE repcat_import_check named gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2628 - ORACLE repcat_import_check ordered gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2629 - ORACLE register_user_repgroup named privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2630 - ORACLE register_user_repgroup ordered privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2631 - ORACLE refresh_mview_repgroup named gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2632 - ORACLE refresh_mview_repgroup ordered gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2633 - ORACLE rectifier_diff named sname1 attempt (oracle.rules, requires 3.1 or later)
> 2634 - ORACLE rectifier_diff ordered sname1 buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2635 - ORACLE snapshot.end_load named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2636 - ORACLE snapshot.end_load ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2637 - ORACLE drop_master_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2638 - ORACLE drop_master_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2639 - ORACLE drop_mview_repgroup named gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2640 - ORACLE drop_mview_repgroup ordered gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2641 - ORACLE drop_site_instantiate named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2642 - ORACLE drop_site_instantiate ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2643 - ORACLE ensure_not_published ordered fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2644 - ORACLE from_tz buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2645 - ORACLE instantiate_offline named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2646 - ORACLE instantiate_offline ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2647 - ORACLE instantiate_online named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2648 - ORACLE instantiate_online ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2649 - ORACLE service_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2650 - ORACLE user name buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2651 - ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2652 - ORACLE og.begin_load named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2653 - ORACLE og.begin_load ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2654 - WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt (web-php.rules, requires 3.1 or later)
> 2655 - MISC HP Web JetAdmin ExecuteFile admin access (misc.rules)
> 
> Updated rules:
>  255 - DNS zone transfer TCP (dns.rules)
>  509 - WEB-MISC PCCS mysql database admin tool access (web-misc.rules)
>  674 - MS-SQL xp_displayparamstmt possible buffer overflow (sql.rules)
>  675 - MS-SQL xp_setsqlsecurity possible buffer overflow (sql.rules)
>  680 - MS-SQL/SMB sa login failed (sql.rules)
>  682 - MS-SQL xp_enumresultset possible buffer overflow (sql.rules)
>  688 - MS-SQL sa login failed (sql.rules)
>  690 - MS-SQL/SMB xp_printstatements possible buffer overflow (sql.rules)
>  695 - MS-SQL/SMB xp_sprintf possible buffer overflow (sql.rules)
>  696 - MS-SQL/SMB xp_showcolv possible buffer overflow (sql.rules)
>  697 - MS-SQL/SMB xp_peekqueue possible buffer overflow (sql.rules)
>  698 - MS-SQL/SMB xp_proxiedmetadata possible buffer overflow (sql.rules)
>  699 - MS-SQL xp_printstatements possible buffer overflow (sql.rules)
>  700 - MS-SQL/SMB xp_updatecolvbm possible buffer overflow (sql.rules)
>  701 - MS-SQL xp_updatecolvbm possible buffer overflow (sql.rules)
>  702 - MS-SQL/SMB xp_displayparamstmt possible buffer overflow (sql.rules)
>  703 - MS-SQL/SMB xp_setsqlsecurity possible buffer overflow (sql.rules)
>  704 - MS-SQL xp_sprintf possible buffer overflow (sql.rules)
>  705 - MS-SQL xp_showcolv possible buffer overflow (sql.rules)
>  706 - MS-SQL xp_peekqueue possible buffer overflow (sql.rules)
>  707 - MS-SQL xp_proxiedmetadata possible buffer overflow (sql.rules)
>  708 - MS-SQL/SMB xp_enumresultset possible buffer overflow (sql.rules)
>  824 - WEB-CGI php.cgi access (web-cgi.rules)
>  825 - WEB-CGI glimpse access (web-cgi.rules)
>  847 - WEB-CGI campas access (web-cgi.rules)
>  889 - WEB-CGI ppdscgi.exe access (web-cgi.rules)
>  892 - WEB-CGI AnyForm2 access (web-cgi.rules)
>  937 - WEB-FRONTPAGE _vti_rpc access (web-frontpage.rules)
>  940 - WEB-FRONTPAGE shtml.dll access (web-frontpage.rules)
>  962 - WEB-FRONTPAGE shtml.exe access (web-frontpage.rules)
>  966 - WEB-FRONTPAGE .... request (web-frontpage.rules)
>  970 - WEB-IIS multiple decode attempt (deleted.rules)
>  971 - WEB-IIS ISAPI .printer access (web-iis.rules)
>  981 - WEB-IIS unicode directory traversal attempt (deleted.rules)
>  982 - WEB-IIS unicode directory traversal attempt (deleted.rules)
>  983 - WEB-IIS unicode directory traversal attempt (deleted.rules)
>  984 - WEB-IIS JET VBA access (web-iis.rules)
>  987 - WEB-IIS .htr access (web-iis.rules)
> 1020 - WEB-IIS isc$data attempt (web-iis.rules)
> 1021 - WEB-IIS ism.dll attempt (web-iis.rules)
> 1023 - WEB-IIS msadcs.dll access (web-iis.rules)
> 1103 - WEB-MISC Netscape admin passwd (web-misc.rules)
> 1110 - WEB-MISC apache source.asp file access (web-misc.rules)
> 1167 - WEB-MISC rpm_query access (web-misc.rules)
> 1173 - WEB-MISC architext_query.pl access (web-misc.rules)
> 1174 - WEB-CGI /cgi-bin/jj access (web-cgi.rules)
> 1176 - WEB-MISC order.log access (deleted.rules)
> 1181 - WEB-MISC Annex Terminal DOS attempt (web-misc.rules)
> 1217 - WEB-MISC plusmail access (web-misc.rules)
> 1379 - FTP STAT overflow attempt (ftp.rules, requires 3.1 or later)
> 1386 - MS-SQL/SMB raiserror possible buffer overflow (sql.rules)
> 1387 - MS-SQL raiserror possible buffer overflow (sql.rules)
> 1408 - DOS MSDTC attempt (dos.rules)
> 1423 - WEB-PHP content-disposition memchr overflow (web-php.rules)
> 1425 - WEB-PHP content-disposition (web-php.rules)
> 1436 - MULTIMEDIA Quicktime User Agent access (multimedia.rules)
> 1471 - WEB-CGI mailnews.cgi access (web-cgi.rules)
> 1475 - WEB-CGI mailit.pl access (web-cgi.rules)
> 1492 - WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules)
> 1493 - WEB-MISC RBS ISP /newuser access (web-misc.rules)
> 1500 - WEB-MISC ExAir access (web-misc.rules)
> 1567 - WEB-IIS /exchange/root.asp attempt (web-iis.rules)
> 1568 - WEB-IIS /exchange/root.asp access (web-iis.rules)
> 1636 - MISC Xtramail Username overflow attempt (misc.rules, requires 3.1 or later)
> 1652 - WEB-CGI campus attempt (web-cgi.rules)
> 1653 - WEB-CGI campus access (web-cgi.rules)
> 1725 - WEB-IIS +.htr code fragment attempt (web-iis.rules)
> 1734 - FTP USER overflow attempt (ftp.rules, requires 3.1 or later)
> 1751 - EXPLOIT cachefsd buffer overflow attempt (exploit.rules)
> 1777 - FTP EXPLOIT STAT * dos attempt (ftp.rules)
> 1778 - FTP EXPLOIT STAT ? dos attempt (ftp.rules)
> 1943 - WEB-MISC /Carello/add.exe access (web-misc.rules)
> 1945 - WEB-IIS unicode directory traversal attempt (deleted.rules)
> 1948 - DNS zone transfer UDP (dns.rules)
> 1972 - FTP PASS overflow attempt (ftp.rules, requires 3.1 or later)
> 1973 - FTP MKD overflow attempt (ftp.rules, requires 3.1 or later)
> 2000 - WEB-PHP readmsg.php access (web-php.rules)
> 2003 - MS-SQL Worm propagation attempt (sql.rules)
> 2004 - MS-SQL Worm propagation attempt OUTBOUND (sql.rules)
> 2039 - MISC bootp hostname format string attempt (misc.rules)
> 2048 - MISC rsyncd overflow attempt (misc.rules)
> 2090 - WEB-IIS WEBDAV exploit attempt (web-iis.rules)
> 2101 - NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt (netbios.rules)
> 2102 - NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt (deleted.rules)
> 2129 - WEB-IIS nsiislog.dll access (web-iis.rules)
> 2178 - FTP USER format string attempt (ftp.rules, requires 3.1 or later)
> 2192 - NETBIOS DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
> 2193 - NETBIOS SMB-DS DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
> 2222 - WEB-CGI nph-exploitscanget.cgi access (web-cgi.rules)
> 2246 - WEB-MISC webadmin.dll access (web-misc.rules)
> 2251 - NETBIOS DCERPC Remote Activation bind attempt (netbios.rules)
> 2252 - NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules)
> 2253 - SMTP XEXCH50 overflow attempt (smtp.rules, requires 3.1 or later)
> 2257 - NETBIOS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
> 2258 - NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
> 2350 - NETBIOS DCERPC ISystemActivator bind accept (netbios.rules, requires 3.2 or later)
> 2351 - NETBIOS DCERPC ISystemActivator path overflow attempt little endian (netbios.rules, requires 3.2 or later)
> 2352 - NETBIOS DCERPC ISystemActivator path overflow attempt big endian (netbios.rules, requires 3.2 or later)
> 2381 - WEB-MISC schema overflow attempt (web-misc.rules, requires 3.1 or later)
> 2382 - NETBIOS SMB DCERPC NTLMSSP asn1 overflow attempt (netbios.rules, requires 3.2 or later)
> 2383 - NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt (netbios.rules, requires 3.2 or later)
> 2384 - NETBIOS SMB NTLMSSP invalid mechlistMIC attempt (deleted.rules)
> 2385 - NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt (deleted.rules)
> 2386 - WEB-IIS NTLM ASN.1 vulnerability scan attempt (web-iis.rules)
> 2391 - FTP APPE overflow attempt (ftp.rules, requires 3.1 or later)
> 2419 - MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules, requires 3.2 or later)
> 2420 - MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules, requires 3.2 or later)
> 2421 - MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules, requires 3.2 or later)
> 2422 - MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules, requires 3.2 or later)
> 2423 - MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules, requires 3.2 or later)
> 2491 - NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt (netbios.rules, requires 3.2 or later)
> 2492 - NETBIOS SMB DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
> 2493 - NETBIOS SMB DCERPC ISystemActivator unicode bind attempt (netbios.rules, requires 3.2 or later)
> 2494 - NETBIOS DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
> 2495 - NETBIOS SMB DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
> 2496 - NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
> 2497 - IMAP SSLv3 invalid data version attempt (imap.rules)
> 2498 - IMAP SSLv3 invalid timestamp attempt (deleted.rules)
> 2499 - MISC LDAP SSLv3 invalid timestamp attempt (deleted.rules)
> 2501 - POP3 SSLv3 invalid timestamp attempt (pop3.rules)
> 2502 - POP3 SSLv3 invalid data version attempt (pop3.rules)
> 2503 - SMTP SSLv3 invalid timestamp attempt (deleted.rules)
> 2504 - SMTP SSLv3 invalid data version attempt (smtp.rules)
> 2505 - WEB-MISC SSLv3 invalid data version attempt (web-misc.rules)
> 2506 - WEB-MISC SSLv3 invalid timestamp attempt (deleted.rules)
> 2520 - WEB-MISC SSLv3 Client_Hello request (web-misc.rules, requires 3.2 or later)
> 2521 - WEB-MISC SSLv3 Server_Hello request (web-misc.rules, requires 3.2 or later)
> 2522 - WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules, requires 3.2 or later)
> 2529 - IMAP SSLv3 Client_Hello request (imap.rules, requires 3.2 or later)
> 2530 - IMAP SSLv3 Server_Hello request (imap.rules, requires 3.2 or later)
> 2531 - IMAP SSLv3 invalid Client_Hello attempt (imap.rules, requires 3.2 or later)
> 2532 - MISC LDAP SSLv3 Client_Hello request (misc.rules, requires 3.2 or later)
> 2533 - MISC LDAP SSLv3 Server_Hello request (misc.rules, requires 3.2 or later)
> 2534 - MISC LDAP SSLv3 invalid Client_Hello attempt (misc.rules, requires 3.2 or later)
> 2535 - POP3 SSLv3 Client_Hello request (pop3.rules, requires 3.2 or later)
> 2536 - POP3 SSLv3 Server_Hello request (pop3.rules, requires 3.2 or later)
> 2537 - POP3 SSLv3 invalid Client_Hello attempt (pop3.rules, requires 3.2 or later)
> 2538 - SMTP SSLv3 Client_Hello request (smtp.rules, requires 3.2 or later)
> 2539 - SMTP SSLv3 Server_Hello request (smtp.rules, requires 3.2 or later)
> 2540 - SMTP SSLv3 invalid Client_Hello attempt (smtp.rules, requires 3.2 or later)
> 2541 - SMTP TLS SSLv3 invalid data version attempt (smtp.rules, requires 3.2 or later)
> 2542 - SMTP TLS SSLv3 Client_Hello request (smtp.rules, requires 3.2 or later)
> 2543 - SMTP TLS SSLv3 Server_Hello request (smtp.rules, requires 3.2 or later)
> 2544 - SMTP TLS SSLv3 invalid Client_Hello attempt (smtp.rules, requires 3.2 or later)
> 2551 - EXPLOIT Oracle Web Cache GET overflow attempt (exploit.rules, requires 3.1 or later)
> 2552 - EXPLOIT Oracle Web Cache HEAD overflow attempt (exploit.rules, requires 3.1 or later)
> 2553 - EXPLOIT Oracle Web Cache PUT overflow attempt (exploit.rules, requires 3.1 or later)
> 2554 - EXPLOIT Oracle Web Cache POST overflow attempt (exploit.rules, requires 3.1 or later)
> 2555 - EXPLOIT Oracle Web Cache TRACE overflow attempt (exploit.rules, requires 3.1 or later)
> 2556 - EXPLOIT Oracle Web Cache DELETE overflow attempt (exploit.rules, requires 3.1 or later)
> 2557 - EXPLOIT Oracle Web Cache LOCK overflow attempt (exploit.rules, requires 3.1 or later)
> 2558 - EXPLOIT Oracle Web Cache MKCOL overflow attempt (exploit.rules, requires 3.1 or later)
> 2559 - EXPLOIT Oracle Web Cache COPY overflow attempt (exploit.rules, requires 3.1 or later)
> 2560 - EXPLOIT Oracle Web Cache MOVE overflow attempt (exploit.rules, requires 3.1 or later)
> 2561 - MISC rsync backup-dir directory traversal attempt (misc.rules, requires 3.1 or later)
> 2566 - WEB-PHP PHPBB viewforum.php access (web-php.rules)
> 2567 - WEB-CGI Emumail init.emu access (web-cgi.rules)
> 2568 - WEB-CGI Emumail emumail.fcgi access (web-cgi.rules)
> 2576 - ORACLE generate_replication_support prefix buffer overflow attempt (oracle.rules, requires 3.1 or later)
> 2584 - EXPLOIT eMule buffer overflow attempt (exploit.rules, requires 3.1 or later)
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 




More information about the Snort-sigs mailing list