[Snort-sigs] snort-rules update @ Thu Dec 16 10:43:49 2004

bmc at ...95... bmc at ...95...
Thu Dec 16 07:44:13 EST 2004


New rules:
3018 - NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3019 - NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3020 - NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3021 - NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3022 - NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3023 - NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3024 - NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3025 - NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, requires 2.1 or later)
3026 - NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (netbios.rules, requires 2.1 or later)
3027 - NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, requires 2.1 or later)
3028 - NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules, requires 2.1 or later)
3029 - NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, requires 2.1 or later)
3030 - NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (netbios.rules, requires 2.1 or later)
3031 - NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, requires 2.1 or later)
3032 - NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules, requires 2.1 or later)
3033 - NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, requires 2.1 or later)
3034 - NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (netbios.rules, requires 2.1 or later)
3035 - NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, requires 2.1 or later)
3036 - NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules, requires 2.1 or later)
3037 - NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules, requires 2.1 or later)
3038 - NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (netbios.rules, requires 2.1 or later)
3039 - NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, requires 2.1 or later)
3040 - NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules, requires 2.1 or later)
3041 - NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules, requires 2.1 or later)
3042 - NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3043 - NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3044 - NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3045 - NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3046 - NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3047 - NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3048 - NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3049 - NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3050 - NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3051 - NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3052 - NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3053 - NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3054 - NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3055 - NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3056 - NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)
3057 - NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules, requires 2.1 or later)

Updated rules:
 532 - NETBIOS SMB ADMIN$ share access (netbios.rules, requires 2.1 or later)
 533 - NETBIOS SMB C$ share access (netbios.rules, requires 2.1 or later)
 536 - NETBIOS SMB D$ share access (netbios.rules, requires 2.1 or later)
 537 - NETBIOS SMB IPC$ share access (netbios.rules, requires 2.2 or later)
 538 - NETBIOS SMB IPC$ unicode share access (netbios.rules, requires 2.2 or later)
1777 - FTP EXPLOIT STAT * dos attempt (ftp.rules, requires 2.1 or later)
1778 - FTP EXPLOIT STAT ? dos attempt (ftp.rules, requires 2.1 or later)
2174 - NETBIOS SMB winreg create tree attempt (netbios.rules, requires 2.2 or later)
2175 - NETBIOS SMB winreg unicode create tree attempt (netbios.rules, requires 2.2 or later)
2382 - NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules, requires 2.2 or later)
2383 - NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules, requires 2.2 or later)
2424 - NNTP sendsys overflow attempt (nntp.rules, requires 2.1 or later)
2425 - NNTP senduuname overflow attempt (nntp.rules, requires 2.1 or later)
2426 - NNTP version overflow attempt (nntp.rules, requires 2.1 or later)
2427 - NNTP checkgroups overflow attempt (nntp.rules, requires 2.1 or later)
2428 - NNTP ihave overflow attempt (nntp.rules, requires 2.1 or later)
2429 - NNTP sendme overflow attempt (nntp.rules, requires 2.1 or later)
2430 - NNTP newgroup overflow attempt (nntp.rules, requires 2.1 or later)
2431 - NNTP rmgroup overflow attempt (nntp.rules, requires 2.1 or later)
2465 - NETBIOS SMB-DS IPC$ share access (netbios.rules, requires 2.2 or later)
2466 - NETBIOS SMB-DS IPC$ unicode share access (netbios.rules, requires 2.2 or later)
2467 - NETBIOS SMB D$ unicode share access (netbios.rules, requires 2.1 or later)
2468 - NETBIOS SMB-DS D$ share access (netbios.rules, requires 2.1 or later)
2469 - NETBIOS SMB-DS D$ unicode share access (netbios.rules, requires 2.1 or later)
2470 - NETBIOS SMB C$ unicode share access (netbios.rules, requires 2.1 or later)
2471 - NETBIOS SMB-DS C$ share access (netbios.rules, requires 2.1 or later)
2472 - NETBIOS SMB-DS C$ unicode share access (netbios.rules, requires 2.1 or later)
2473 - NETBIOS SMB ADMIN$ unicode share access (netbios.rules, requires 2.1 or later)
2474 - NETBIOS SMB-DS ADMIN$ share access (netbios.rules, requires 2.1 or later)
2475 - NETBIOS SMB-DS ADMIN$ unicode share access (netbios.rules, requires 2.1 or later)
2476 - NETBIOS SMB-DS winreg create tree attempt (netbios.rules, requires 2.2 or later)
2477 - NETBIOS SMB-DS winreg unicode create tree attempt (netbios.rules, requires 2.2 or later)
2478 - NETBIOS SMB-DS winreg bind attempt (netbios.rules, requires 2.2 or later)
2479 - NETBIOS SMB-DS winreg unicode bind attempt (netbios.rules, requires 2.2 or later)
2480 - NETBIOS SMB-DS InitiateSystemShutdown unicode attempt (netbios.rules, requires 2.2 or later)
2481 - NETBIOS SMB-DS InitiateSystemShutdown unicode little endian attempt (netbios.rules, requires 2.2 or later)
2482 - NETBIOS SMB-DS InitiateSystemShutdown attempt (netbios.rules, requires 2.2 or later)
2483 - NETBIOS SMB-DS InitiateSystemShutdown little endian attempt (netbios.rules, requires 2.2 or later)
2928 - NETBIOS SMB nddeapi create tree attempt (netbios.rules, requires 2.2 or later)
2929 - NETBIOS SMB nddeapi unicode create tree attempt (netbios.rules, requires 2.2 or later)
2930 - NETBIOS SMB-DS nddeapi create tree attempt (netbios.rules, requires 2.2 or later)
2931 - NETBIOS SMB-DS nddeapi unicode create tree attempt (netbios.rules, requires 2.2 or later)
2932 - NETBIOS SMB nddeapi bind attempt (netbios.rules, requires 2.2 or later)
2933 - NETBIOS SMB nddeapi unicode bind attempt (netbios.rules, requires 2.2 or later)
2934 - NETBIOS SMB-DS nddeapi bind attempt (netbios.rules, requires 2.2 or later)
2935 - NETBIOS SMB-DS nddeapi unicode bind attempt (netbios.rules, requires 2.2 or later)
2936 - NETBIOS SMB NDdeSetTrustedShareW overflow attempt (netbios.rules, requires 2.2 or later)
2937 - NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt (netbios.rules, requires 2.2 or later)
2938 - NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt (netbios.rules, requires 2.2 or later)
2939 - NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt (netbios.rules, requires 2.2 or later)
2940 - NETBIOS SMB winreg bind attempt (netbios.rules, requires 2.2 or later)
2941 - NETBIOS SMB winreg unicode bind attempt (netbios.rules, requires 2.2 or later)
2942 - NETBIOS SMB InitiateSystemShutdown attempt (netbios.rules, requires 2.2 or later)
2943 - NETBIOS SMB InitiateSystemShutdown little endian attempt (netbios.rules, requires 2.2 or later)
2944 - NETBIOS SMB InitiateSystemShutdown unicode attempt (netbios.rules, requires 2.2 or later)
2945 - NETBIOS SMB InitiateSystemShutdown unicode little endian attempt (netbios.rules, requires 2.2 or later)
2946 - NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt (netbios.rules, requires 2.2 or later)
2947 - NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt (netbios.rules, requires 2.2 or later)
2948 - NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt (netbios.rules, requires 2.2 or later)
2949 - NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt (netbios.rules, requires 2.2 or later)
2952 - NETBIOS SMB IPC$ andx share access (netbios.rules, requires 2.2 or later)
2953 - NETBIOS SMB IPC$ unicode andx share access (netbios.rules, requires 2.2 or later)
2954 - NETBIOS SMB-DS IPC$ andx share access (netbios.rules, requires 2.2 or later)
2955 - NETBIOS SMB-DS IPC$ unicode andx share access (netbios.rules, requires 2.2 or later)
2956 - NETBIOS SMB nddeapi andx create tree attempt (netbios.rules, requires 2.2 or later)
2957 - NETBIOS SMB nddeapi unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
2958 - NETBIOS SMB-DS nddeapi andx create tree attempt (netbios.rules, requires 2.2 or later)
2959 - NETBIOS SMB-DS nddeapi unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
2960 - NETBIOS SMB nddeapi andx bind attempt (netbios.rules, requires 2.2 or later)
2961 - NETBIOS SMB nddeapi unicode andx bind attempt (netbios.rules, requires 2.2 or later)
2962 - NETBIOS SMB-DS nddeapi andx bind attempt (netbios.rules, requires 2.2 or later)
2963 - NETBIOS SMB-DS nddeapi unicode andx bind attempt (netbios.rules, requires 2.2 or later)
2964 - NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt (netbios.rules, requires 2.2 or later)
2965 - NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
2966 - NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt (netbios.rules, requires 2.2 or later)
2967 - NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
2968 - NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt (netbios.rules, requires 2.2 or later)
2969 - NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
2970 - NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt (netbios.rules, requires 2.2 or later)
2971 - NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
2972 - NETBIOS SMB D$ andx share access (netbios.rules, requires 2.1 or later)
2973 - NETBIOS SMB D$ unicode andx share access (netbios.rules, requires 2.1 or later)
2974 - NETBIOS SMB-DS D$ andx share access (netbios.rules, requires 2.1 or later)
2975 - NETBIOS SMB-DS D$ unicode andx share access (netbios.rules, requires 2.1 or later)
2976 - NETBIOS SMB C$ andx share access (netbios.rules, requires 2.1 or later)
2977 - NETBIOS SMB C$ unicode andx share access (netbios.rules, requires 2.1 or later)
2978 - NETBIOS SMB-DS C$ andx share access (netbios.rules, requires 2.1 or later)
2979 - NETBIOS SMB-DS C$ unicode andx share access (netbios.rules, requires 2.1 or later)
2980 - NETBIOS SMB ADMIN$ andx share access (netbios.rules, requires 2.1 or later)
2981 - NETBIOS SMB ADMIN$ unicode andx share access (netbios.rules, requires 2.1 or later)
2982 - NETBIOS SMB-DS ADMIN$ andx share access (netbios.rules, requires 2.1 or later)
2983 - NETBIOS SMB-DS ADMIN$ unicode andx share access (netbios.rules, requires 2.1 or later)
2984 - NETBIOS SMB winreg andx create tree attempt (netbios.rules, requires 2.2 or later)
2985 - NETBIOS SMB winreg unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
2986 - NETBIOS SMB-DS winreg andx create tree attempt (netbios.rules, requires 2.2 or later)
2987 - NETBIOS SMB-DS winreg unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
2988 - NETBIOS SMB winreg andx bind attempt (netbios.rules, requires 2.2 or later)
2989 - NETBIOS SMB winreg unicode andx bind attempt (netbios.rules, requires 2.2 or later)
2990 - NETBIOS SMB-DS winreg andx bind attempt (netbios.rules, requires 2.2 or later)
2991 - NETBIOS SMB-DS winreg unicode andx bind attempt (netbios.rules, requires 2.2 or later)
2992 - NETBIOS SMB InitiateSystemShutdown andx attempt (netbios.rules, requires 2.2 or later)
2993 - NETBIOS SMB InitiateSystemShutdown little endian andx attempt (netbios.rules, requires 2.2 or later)
2994 - NETBIOS SMB InitiateSystemShutdown unicode andx attempt (netbios.rules, requires 2.2 or later)
2995 - NETBIOS SMB InitiateSystemShutdown unicode little endian andx attempt (netbios.rules, requires 2.2 or later)
2996 - NETBIOS SMB-DS InitiateSystemShutdown andx attempt (netbios.rules, requires 2.2 or later)
2997 - NETBIOS SMB-DS InitiateSystemShutdown little endian andx attempt (netbios.rules, requires 2.2 or later)
2998 - NETBIOS SMB-DS InitiateSystemShutdown unicode andx attempt (netbios.rules, requires 2.2 or later)
2999 - NETBIOS SMB-DS InitiateSystemShutdown unicode little endian andx attempt (netbios.rules, requires 2.2 or later)
3000 - NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules, requires 2.2 or later)
3001 - NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules, requires 2.2 or later)
3002 - NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules, requires 2.2 or later)
3003 - NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules, requires 2.2 or later)
3004 - NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules, requires 2.2 or later)
3005 - NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules, requires 2.2 or later)

More information about the Snort-sigs mailing list