[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Thu Dec 8 16:13:04 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of a
vulnerability in the Symantec AntiVirus Web Interface. In addition
the Sourcefire VRT has made numerous rule reference additions to
existing rules in order to provide users more context for generated
events.

Details:
A buffer overflow vulnerability exists in the Symantec AntiVirus Scan
Engine Web Service Administrative Interface. The vulnerability exists
because user supplied data is not properly checked before processing.

A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 4681.

The Sourcefire Vulnerability Research Team (VRT) has made numerous rule
reference additions to existing rules and has added a number of new
rules to provide coverage for additional attack vectors for existing
vulnerabilities.

New rules:
4681 - WEB-MISC Symantec admin interface client negative Content-Length
attempt (web-misc.rules)
4682 - NETBIOS DCERPC NCACN-IP-TCP locator alter context attempt
(netbios.rules)
4683 - NETBIOS DCERPC NCACN-IP-TCP locator bind attempt (netbios.rules)
4684 - NETBIOS DCERPC NCACN-IP-TCP locator little endian alter context
attempt (netbios.rules)
4685 - NETBIOS DCERPC NCACN-IP-TCP locator little endian bind attempt
(netbios.rules)
4686 - NETBIOS SMB locator WriteAndX alter context attempt (netbios.rules)
4687 - NETBIOS SMB locator WriteAndX andx alter context attempt
(netbios.rules)
4688 - NETBIOS SMB locator WriteAndX andx bind attempt (netbios.rules)
4689 - NETBIOS SMB locator WriteAndX bind attempt (netbios.rules)
4690 - NETBIOS SMB locator WriteAndX little endian alter context attempt
(netbios.rules)
4691 - NETBIOS SMB locator WriteAndX little endian andx alter context
attempt (netbios.rules)
4692 - NETBIOS SMB locator WriteAndX little endian andx bind attempt
(netbios.rules)
4693 - NETBIOS SMB locator WriteAndX little endian bind attempt
(netbios.rules)
4694 - NETBIOS SMB locator WriteAndX unicode alter context attempt
(netbios.rules)
4695 - NETBIOS SMB locator WriteAndX unicode andx alter context attempt
(netbios.rules)
4696 - NETBIOS SMB locator WriteAndX unicode andx bind attempt
(netbios.rules)
4697 - NETBIOS SMB locator WriteAndX unicode bind attempt (netbios.rules)
4698 - NETBIOS SMB locator WriteAndX unicode little endian alter context
attempt (netbios.rules)
4699 - NETBIOS SMB locator WriteAndX unicode little endian andx alter
context attempt (netbios.rules)
4700 - NETBIOS SMB locator WriteAndX unicode little endian andx bind
attempt (netbios.rules)
4701 - NETBIOS SMB locator WriteAndX unicode little endian bind attempt
(netbios.rules)
4702 - NETBIOS SMB locator alter context attempt (netbios.rules)
4703 - NETBIOS SMB locator andx alter context attempt (netbios.rules)
4704 - NETBIOS SMB locator andx bind attempt (netbios.rules)
4705 - NETBIOS SMB locator bind attempt (netbios.rules)
4706 - NETBIOS SMB locator little endian alter context attempt
(netbios.rules)
4707 - NETBIOS SMB locator little endian andx alter context attempt
(netbios.rules)
4708 - NETBIOS SMB locator little endian andx bind attempt (netbios.rules)
4709 - NETBIOS SMB locator little endian bind attempt (netbios.rules)
4710 - NETBIOS SMB locator unicode alter context attempt (netbios.rules)
4711 - NETBIOS SMB locator unicode andx alter context attempt
(netbios.rules)
4712 - NETBIOS SMB locator unicode andx bind attempt (netbios.rules)
4713 - NETBIOS SMB locator unicode bind attempt (netbios.rules)
4714 - NETBIOS SMB locator unicode little endian alter context attempt
(netbios.rules)
4715 - NETBIOS SMB locator unicode little endian andx alter context
attempt (netbios.rules)
4716 - NETBIOS SMB locator unicode little endian andx bind attempt
(netbios.rules)
4717 - NETBIOS SMB locator unicode little endian bind attempt
(netbios.rules)
4718 - NETBIOS SMB-DS locator WriteAndX alter context attempt
(netbios.rules)
4719 - NETBIOS SMB-DS locator WriteAndX andx alter context attempt
(netbios.rules)
4720 - NETBIOS SMB-DS locator WriteAndX andx bind attempt (netbios.rules)
4721 - NETBIOS SMB-DS locator WriteAndX bind attempt (netbios.rules)
4722 - NETBIOS SMB-DS locator WriteAndX little endian alter context
attempt (netbios.rules)
4723 - NETBIOS SMB-DS locator WriteAndX little endian andx alter context
attempt (netbios.rules)
4724 - NETBIOS SMB-DS locator WriteAndX little endian andx bind attempt
(netbios.rules)
4725 - NETBIOS SMB-DS locator WriteAndX little endian bind attempt
(netbios.rules)
4726 - NETBIOS SMB-DS locator WriteAndX unicode alter context attempt
(netbios.rules)
4727 - NETBIOS SMB-DS locator WriteAndX unicode andx alter context
attempt (netbios.rules)
4728 - NETBIOS SMB-DS locator WriteAndX unicode andx bind attempt
(netbios.rules)
4729 - NETBIOS SMB-DS locator WriteAndX unicode bind attempt (netbios.rules)
4730 - NETBIOS SMB-DS locator WriteAndX unicode little endian alter
context attempt (netbios.rules)
4731 - NETBIOS SMB-DS locator WriteAndX unicode little endian andx alter
context attempt (netbios.rules)
4732 - NETBIOS SMB-DS locator WriteAndX unicode little endian andx bind
attempt (netbios.rules)
4733 - NETBIOS SMB-DS locator WriteAndX unicode little endian bind
attempt (netbios.rules)
4734 - NETBIOS SMB-DS locator alter context attempt (netbios.rules)
4735 - NETBIOS SMB-DS locator andx alter context attempt (netbios.rules)
4736 - NETBIOS SMB-DS locator andx bind attempt (netbios.rules)
4737 - NETBIOS SMB-DS locator bind attempt (netbios.rules)
4738 - NETBIOS SMB-DS locator little endian alter context attempt
(netbios.rules)
4739 - NETBIOS SMB-DS locator little endian andx alter context attempt
(netbios.rules)
4740 - NETBIOS SMB-DS locator little endian andx bind attempt
(netbios.rules)
4741 - NETBIOS SMB-DS locator little endian bind attempt (netbios.rules)
4742 - NETBIOS SMB-DS locator unicode alter context attempt (netbios.rules)
4743 - NETBIOS SMB-DS locator unicode andx alter context attempt
(netbios.rules)
4744 - NETBIOS SMB-DS locator unicode andx bind attempt (netbios.rules)
4745 - NETBIOS SMB-DS locator unicode bind attempt (netbios.rules)
4746 - NETBIOS SMB-DS locator unicode little endian alter context
attempt (netbios.rules)
4747 - NETBIOS SMB-DS locator unicode little endian andx alter context
attempt (netbios.rules)
4748 - NETBIOS SMB-DS locator unicode little endian andx bind attempt
(netbios.rules)
4749 - NETBIOS SMB-DS locator unicode little endian bind attempt
(netbios.rules)
4750 - NETBIOS DCERPC NCADG-IP-UDP locator alter context attempt
(netbios.rules)
4751 - NETBIOS DCERPC NCADG-IP-UDP locator bind attempt (netbios.rules)
4752 - NETBIOS DCERPC NCADG-IP-UDP locator little endian alter context
attempt (netbios.rules)
4753 - NETBIOS DCERPC NCADG-IP-UDP locator little endian bind attempt
(netbios.rules)
4754 - NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin
little endian overflow attempt (netbios.rules)
4755 - NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin
overflow attempt (netbios.rules)
4756 - NETBIOS DCERPC NCACN-IP-TCP v4 locator nsi_binding_lookup_begin
little endian overflow attempt (netbios.rules)
4757 - NETBIOS DCERPC NCACN-IP-TCP v4 locator nsi_binding_lookup_begin
overflow attempt (netbios.rules)
4758 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX andx
overflow attempt (netbios.rules)
4759 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX little
endian andx overflow attempt (netbios.rules)
4760 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX little
endian overflow attempt (netbios.rules)
4761 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX overflow
attempt (netbios.rules)
4762 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode
andx overflow attempt (netbios.rules)
4763 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode
little endian andx overflow attempt (netbios.rules)
4764 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode
little endian overflow attempt (netbios.rules)
4765 - NETBIOS SMB locator nsi_binding_lookup_begin WriteAndX unicode
overflow attempt (netbios.rules)
4766 - NETBIOS SMB locator nsi_binding_lookup_begin andx overflow
attempt (netbios.rules)
4767 - NETBIOS SMB locator nsi_binding_lookup_begin little endian andx
overflow attempt (netbios.rules)
4768 - NETBIOS SMB locator nsi_binding_lookup_begin little endian
overflow attempt (netbios.rules)
4769 - NETBIOS SMB locator nsi_binding_lookup_begin overflow attempt
(netbios.rules)
4770 - NETBIOS SMB locator nsi_binding_lookup_begin unicode andx
overflow attempt (netbios.rules)
4771 - NETBIOS SMB locator nsi_binding_lookup_begin unicode little
endian andx overflow attempt (netbios.rules)
4772 - NETBIOS SMB locator nsi_binding_lookup_begin unicode little
endian overflow attempt (netbios.rules)
4773 - NETBIOS SMB locator nsi_binding_lookup_begin unicode overflow
attempt (netbios.rules)
4774 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX andx
overflow attempt (netbios.rules)
4775 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX little
endian andx overflow attempt (netbios.rules)
4776 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX little
endian overflow attempt (netbios.rules)
4777 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX
overflow attempt (netbios.rules)
4778 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode
andx overflow attempt (netbios.rules)
4779 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode
little endian andx overflow attempt (netbios.rules)
4780 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode
little endian overflow attempt (netbios.rules)
4781 - NETBIOS SMB v4 locator nsi_binding_lookup_begin WriteAndX unicode
overflow attempt (netbios.rules)
4782 - NETBIOS SMB v4 locator nsi_binding_lookup_begin andx overflow
attempt (netbios.rules)
4783 - NETBIOS SMB v4 locator nsi_binding_lookup_begin little endian
andx overflow attempt (netbios.rules)
4784 - NETBIOS SMB v4 locator nsi_binding_lookup_begin little endian
overflow attempt (netbios.rules)
4785 - NETBIOS SMB v4 locator nsi_binding_lookup_begin overflow attempt
(netbios.rules)
4786 - NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode andx
overflow attempt (netbios.rules)
4787 - NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode little
endian andx overflow attempt (netbios.rules)
4788 - NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode little
endian overflow attempt (netbios.rules)
4789 - NETBIOS SMB v4 locator nsi_binding_lookup_begin unicode overflow
attempt (netbios.rules)
4790 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX andx
overflow attempt (netbios.rules)
4791 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX little
endian andx overflow attempt (netbios.rules)
4792 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX little
endian overflow attempt (netbios.rules)
4793 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX
overflow attempt (netbios.rules)
4794 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode
andx overflow attempt (netbios.rules)
4795 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode
little endian andx overflow attempt (netbios.rules)
4796 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode
little endian overflow attempt (netbios.rules)
4797 - NETBIOS SMB-DS locator nsi_binding_lookup_begin WriteAndX unicode
overflow attempt (netbios.rules)
4798 - NETBIOS SMB-DS locator nsi_binding_lookup_begin andx overflow
attempt (netbios.rules)
4799 - NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian
andx overflow attempt (netbios.rules)
4800 - NETBIOS SMB-DS locator nsi_binding_lookup_begin little endian
overflow attempt (netbios.rules)
4801 - NETBIOS SMB-DS locator nsi_binding_lookup_begin overflow attempt
(netbios.rules)
4802 - NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode andx
overflow attempt (netbios.rules)
4803 - NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode little
endian andx overflow attempt (netbios.rules)
4804 - NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode little
endian overflow attempt (netbios.rules)
4805 - NETBIOS SMB-DS locator nsi_binding_lookup_begin unicode overflow
attempt (netbios.rules)
4806 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX andx
overflow attempt (netbios.rules)
4807 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
little endian andx overflow attempt (netbios.rules)
4808 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
little endian overflow attempt (netbios.rules)
4809 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
overflow attempt (netbios.rules)
4810 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
unicode andx overflow attempt (netbios.rules)
4811 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
unicode little endian andx overflow attempt (netbios.rules)
4812 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
unicode little endian overflow attempt (netbios.rules)
4813 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin WriteAndX
unicode overflow attempt (netbios.rules)
4814 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin andx overflow
attempt (netbios.rules)
4815 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin little endian
andx overflow attempt (netbios.rules)
4816 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin little endian
overflow attempt (netbios.rules)
4817 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin overflow
attempt (netbios.rules)
4818 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode andx
overflow attempt (netbios.rules)
4819 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode little
endian andx overflow attempt (netbios.rules)
4820 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode little
endian overflow attempt (netbios.rules)
4821 - NETBIOS SMB-DS v4 locator nsi_binding_lookup_begin unicode
overflow attempt (netbios.rules)
4822 - NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin
little endian overflow attempt (netbios.rules)
4823 - NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin
overflow attempt (netbios.rules)
4824 - NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin
little endian overflow attempt (netbios.rules)
4825 - NETBIOS DCERPC NCADG-IP-UDP v4 locator nsi_binding_lookup_begin
overflow attempt (netbios.rules)

Updated rules:
~ 230 - DDOS shaft client login to handler (ddos.rules)
~ 312 - EXPLOIT ntpdx overflow attempt (exploit.rules)
~ 360 - FTP serv-u directory transversal (ftp.rules)
~ 527 - DELETED BAD-TRAFFIC same SRC/DST (deleted.rules)
~ 569 - RPC snmpXdmi overflow attempt TCP (rpc.rules)
~ 593 - RPC portmap snmpXdmi request TCP (rpc.rules)
~ 899 - WEB-CGI Amaya templates sendtemp.pl directory traversal attempt
(web-cgi.rules)
~ 969 - WEB-IIS WebDAV file lock attempt (web-iis.rules)
1042 - WEB-IIS view source via translate header (web-iis.rules)
1048 - WEB-MISC Netscape Enterprise directory listing attempt
(web-misc.rules)
1113 - DELETED WEB-MISC http directory traversal (deleted.rules)
1248 - WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
1249 - WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules)
1250 - WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules)
1254 - WEB-PHP PHPLIB remote command attempt (web-php.rules)
1279 - RPC portmap snmpXdmi request UDP (rpc.rules)
1323 - EXPLOIT rwhoisd format string attempt (exploit.rules)
1327 - EXPLOIT ssh CRC32 overflow (exploit.rules)
1377 - FTP wu-ftp bad file completion attempt [ (ftp.rules)
1378 - FTP wu-ftp bad file completion attempt { (ftp.rules)
1384 - MISC UPnP malformed advertisement (misc.rules)
1388 - MISC UPnP Location overflow (misc.rules)
1395 - WEB-CGI zml.cgi attempt (web-cgi.rules)
1396 - WEB-CGI zml.cgi access (web-cgi.rules)
1397 - WEB-CGI wayboard attempt (web-cgi.rules)
1398 - EXPLOIT CDE dtspcd exploit attempt (exploit.rules)
1447 - MISC MS Terminal server request RDP (misc.rules)
1448 - MISC MS Terminal server request (misc.rules)
1451 - WEB-CGI NPH-publish access (web-cgi.rules)
1467 - WEB-CGI directorypro.cgi access (web-cgi.rules)
1470 - WEB-CGI listrec.pl access (web-cgi.rules)
1473 - WEB-CGI newsdesk.cgi access (web-cgi.rules)
1484 - DELETED WEB-IIS /isapi/tstisapi.dll access (deleted.rules)
1495 - WEB-CGI SIX webboard generate.cgi access (web-cgi.rules)
1505 - WEB-CGI alchemy http server PRN arbitrary command execution
attempt (web-cgi.rules)
1506 - WEB-CGI alchemy http server NUL arbitrary command execution
attempt (web-cgi.rules)
1519 - WEB-MISC apache ?M=D directory list attempt (web-misc.rules)
1562 - FTP SITE CHOWN overflow attempt (ftp.rules)
1571 - WEB-CGI dcforum.cgi directory traversal attempt (web-cgi.rules)
1574 - WEB-CGI directorypro.cgi attempt (web-cgi.rules)
1663 - WEB-MISC *%0a.pl access (web-misc.rules)
1701 - WEB-CGI calendar-admin.pl access (web-cgi.rules)
1746 - RPC portmap cachefsd request UDP (rpc.rules)
1747 - RPC portmap cachefsd request TCP (rpc.rules)
1755 - IMAP partial body buffer overflow attempt (imap.rules)
1801 - WEB-IIS .asp HTTP header buffer overflow attempt (web-iis.rules)
1802 - WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
1803 - WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
1804 - WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
1806 - WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
1807 - WEB-MISC Chunked-Encoding transfer attempt (web-misc.rules)
1809 - WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules)
1811 - ATTACK-RESPONSES successful gobbles ssh exploit uname
(attack-responses.rules)
1812 - EXPLOIT gobbles SSH exploit attempt (exploit.rules)
1815 - WEB-PHP directory.php arbitrary command attempt (web-php.rules)
1838 - EXPLOIT SSH server banner overflow (exploit.rules)
1839 - WEB-MISC mailman cross site scripting attempt (web-misc.rules)
1875 - WEB-CGI cgicso access (web-cgi.rules)
1894 - EXPLOIT kadmind buffer overflow attempt (exploit.rules)
1941 - TFTP GET filename overflow attempt (tftp.rules)
1957 - RPC sadmind UDP PING (rpc.rules)
1958 - RPC sadmind TCP PING (rpc.rules)
1969 - WEB-MISC ion-p access (web-misc.rules)
1970 - WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
1974 - FTP REST overflow attempt (ftp.rules)
1975 - FTP DELE overflow attempt (ftp.rules)
1993 - IMAP login literal buffer overflow attempt (imap.rules)
1997 - WEB-PHP read_body.php access attempt (web-php.rules)
2010 - MISC CVS double free exploit attempt response (misc.rules)
2011 - MISC CVS invalid directory response (misc.rules)
2025 - RPC yppasswd username overflow attempt UDP (rpc.rules)
2026 - RPC yppasswd username overflow attempt TCP (rpc.rules)
2033 - RPC ypserv maplist request UDP (rpc.rules)
2034 - RPC ypserv maplist request TCP (rpc.rules)
2045 - RPC snmpXdmi overflow attempt UDP (rpc.rules)
2046 - IMAP partial body.peek buffer overflow attempt (imap.rules)
2061 - WEB-MISC Tomcat null byte directory listing attempt (web-misc.rules)
2074 - WEB-PHP Mambo uploadimage.php upload php file attempt (web-php.rules)
2075 - WEB-PHP Mambo upload.php upload php file attempt (web-php.rules)
2076 - WEB-PHP Mambo uploadimage.php access (web-php.rules)
2077 - WEB-PHP Mambo upload.php access (web-php.rules)
2086 - WEB-CGI streaming server parse_xml.cgi access (web-cgi.rules)
2092 - RPC portmap proxy integer overflow attempt UDP (rpc.rules)
2093 - RPC portmap proxy integer overflow attempt TCP (rpc.rules)
2094 - RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (rpc.rules)
2095 - RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (rpc.rules)
2103 - NETBIOS SMB trans2open buffer overflow attempt (netbios.rules)
2104 - ATTACK-RESPONSES rexec username too long response
(attack-responses.rules)
2117 - WEB-IIS Battleaxe Forum login.asp access (web-iis.rules)
2121 - POP3 DELE negative argument attempt (pop3.rules)
2126 - MISC Microsoft PPTP Start Control Request buffer overflow attempt
(misc.rules)
2158 - MISC BGP invalid length (misc.rules)
2159 - MISC BGP invalid type 0 (misc.rules)
2186 - BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules)
2187 - BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules)
2188 - BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules)
2189 - BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules)
2247 - WEB-IIS UploadScript11.asp access (web-iis.rules)
2262 - SMTP SEND FROM sendmail prescan too long addresses overflow
(smtp.rules)
2264 - SMTP SAML FROM sendmail prescan too long addresses overflow
(smtp.rules)
2266 - SMTP SOML FROM sendmail prescan too long addresses overflow
(smtp.rules)
2268 - SMTP MAIL FROM sendmail prescan too long addresses overflow
(smtp.rules)
2270 - SMTP RCPT TO sendmail prescan too long addresses overflow
(smtp.rules)
2272 - FTP LIST integer overflow attempt (ftp.rules)
2317 - MISC CVS non-relative path error response (misc.rules)
2318 - MISC CVS non-relative path access attempt (misc.rules)
2329 - MS-SQL probe response overflow attempt (sql.rules)
2330 - IMAP auth overflow attempt (imap.rules)
2337 - TFTP PUT filename overflow attempt (tftp.rules)
2411 - WEB-MISC Real Server DESCRIBE buffer overflow attempt
(web-misc.rules)
2424 - NNTP sendsys overflow attempt (nntp.rules)
2425 - NNTP senduuname overflow attempt (nntp.rules)
2426 - NNTP version overflow attempt (nntp.rules)
2427 - NNTP checkgroups overflow attempt (nntp.rules)
2428 - NNTP ihave overflow attempt (nntp.rules)
2429 - NNTP sendme overflow attempt (nntp.rules)
2430 - NNTP newgroup overflow attempt (nntp.rules)
2431 - NNTP rmgroup overflow attempt (nntp.rules)
2433 - WEB-CGI MDaemon form2raw.cgi overflow attempt (web-cgi.rules)
2434 - WEB-CGI MDaemon form2raw.cgi access (web-cgi.rules)
2448 - WEB-MISC setinfo.hts access (web-misc.rules)
2449 - FTP ALLO overflow attempt (ftp.rules)
2489 - EXPLOIT esignal STREAMQUOTE buffer overflow attempt (exploit.rules)
2490 - EXPLOIT esignal SNAPQUOTE buffer overflow attempt (exploit.rules)
2515 - WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
2517 - IMAP PCT Client_Hello overflow attempt (imap.rules)
2518 - POP3 PCT Client_Hello overflow attempt (pop3.rules)
2528 - SMTP PCT Client_Hello overflow attempt (smtp.rules)
2547 - MISC HP Web JetAdmin remote file upload attempt (misc.rules)
2548 - MISC HP Web JetAdmin setinfo access (misc.rules)
2569 - WEB-MISC cPanel resetpass access (web-misc.rules)
2574 - FTP RETR format string attempt (ftp.rules)
2578 - EXPLOIT kerberos principal name overflow UDP (exploit.rules)
2579 - EXPLOIT kerberos principal name overflow TCP (exploit.rules)
2584 - EXPLOIT eMule buffer overflow attempt (exploit.rules)
2611 - ORACLE LINK metadata buffer overflow attempt (oracle.rules)
2614 - ORACLE time_zone buffer overflow attempt (oracle.rules)
2651 - ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt
(oracle.rules)
2669 - WEB-CGI ibillpm.pl access (web-cgi.rules)
3007 - IMAP delete overflow attempt (imap.rules)
3008 - IMAP delete literal overflow attempt (imap.rules)
3058 - IMAP copy literal overflow attempt (imap.rules)
3062 - WEB-CGI NetScreen SA 5000 delhomepage.cgi access (web-cgi.rules)
3065 - IMAP append literal overflow attempt (imap.rules)
3066 - IMAP append overflow attempt (imap.rules)
3067 - IMAP examine literal overflow attempt (imap.rules)
3068 - IMAP examine overflow attempt (imap.rules)
3069 - IMAP fetch literal overflow attempt (imap.rules)
3070 - IMAP fetch overflow attempt (imap.rules)
3071 - IMAP status literal overflow attempt (imap.rules)
3072 - IMAP status overflow attempt (imap.rules)
3073 - IMAP subscribe literal overflow attempt (imap.rules)
3074 - IMAP subscribe overflow attempt (imap.rules)
3075 - IMAP unsubscribe literal overflow attempt (imap.rules)
3076 - IMAP unsubscribe overflow attempt (imap.rules)
3088 - WEB-CLIENT winamp .cda file name overflow attempt (web-client.rules)
3147 - TELNET login buffer overflow attempt (telnet.rules)
3150 - WEB-IIS SQLXML content type overflow (web-iis.rules)
3192 - WEB-CLIENT Windows Media Player directory traversal via
Content-Disposition attempt (web-client.rules)
3195 - NETBIOS name query overflow attempt TCP (netbios.rules)
3196 - NETBIOS name query overflow attempt UDP (netbios.rules)
3199 - EXPLOIT WINS name query overflow attempt TCP (exploit.rules)
3200 - EXPLOIT WINS name query overflow attempt UDP (exploit.rules)
3274 - TELNET login buffer non-evasive overflow attempt (telnet.rules)
3441 - FTP PORT bounce attempt (ftp.rules)
3453 - MISC Arkeia client backup system info probe (misc.rules)
3454 - MISC Arkeia client backup generic info probe (misc.rules)
3455 - EXPLOIT Bontago Game Server Nickname Buffer Overflow (exploit.rules)
3457 - EXPLOIT Arkeia backup client type 77 overflow attempt (exploit.rules)
3458 - EXPLOIT Arkeia backup client type 84 overflow attempt (exploit.rules)
3470 - WEB-CLIENT RealPlayer VIDORV30 header length buffer overflow
(web-client.rules)
3518 - WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow
(web-misc.rules)
3519 - WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow default
port (web-misc.rules)
3534 - WEB-CLIENT Mozilla GIF heap overflow (web-client.rules)
3536 - WEB-CLIENT Mozilla GIF multipacket heap overflow (web-client.rules)
3538 - EXPLOIT RADIUS registration MSID overflow attempt (exploit.rules)
3539 - EXPLOIT RADIUS MSID overflow attempt (exploit.rules)
3540 - EXPLOIT RADIUS registration vendor ATTR_TYPE_STR overflow attempt
(exploit.rules)
3541 - EXPLOIT RADIUS ATTR_TYPE_STR overflow attempt (exploit.rules)
3549 - WEB-CLIENT HTML DOM invalid element creation attempt
(web-client.rules)
3553 - WEB-CLIENT HTML DOM null element insertion attempt (web-client.rules)
3627 - POLICY X-LINK2STATE CHUNK attempt (policy.rules)
3629 - WEB-MISC sambar /search/results.stm access (web-misc.rules)
3638 - WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules)
3651 - EXPLOIT CVS rsh annotate revision overflow attempt (exploit.rules)
3652 - EXPLOIT CVS pserver annotate revision overflow attempt
(exploit.rules)
3657 - ORACLE ctxsys.driload attempt (oracle.rules)
3658 - EXPLOIT ARCserve backup universal agent option 1000 little endian
buffer overflow attempt (exploit.rules)
3659 - EXPLOIT ARCserve backup universal agent option 1000 buffer
overflow attempt (exploit.rules)
3660 - EXPLOIT ARCserve backup universal agent option 00 little endian
buffer overflow attempt (exploit.rules)
3661 - EXPLOIT ARCserve backup universal agent option 00 buffer overflow
attempt (exploit.rules)
3662 - EXPLOIT ARCserve backup universal agent option 03 little endian
buffer overflow attempt (exploit.rules)
3663 - EXPLOIT ARCserve backup universal agent option 03 buffer overflow
attempt (exploit.rules)
3665 - MYSQL server greeting (mysql.rules)
3666 - MYSQL server greeting finished (mysql.rules)
3667 - MYSQL protocol 41 client authentication bypass attempt (mysql.rules)
3668 - MYSQL client authentication bypass attempt (mysql.rules)
3669 - MYSQL protocol 41 secure client overflow attempt (mysql.rules)
3670 - MYSQL secure client overflow attempt (mysql.rules)
3671 - MYSQL protocol 41 client overflow attempt (mysql.rules)
3672 - MYSQL client overflow attempt (mysql.rules)
3677 - EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules)
3678 - EXPLOIT Ethereal SIP UDP CSeq overflow attempt (exploit.rules)
3679 - WEB-CLIENT Firefox IFRAME src javascript code execution
(web-client.rules)
3686 - WEB-CLIENT Internet Explorer Content Advisor attempted overflow
(web-client.rules)
3689 - WEB-CLIENT Internet Explorer tRNS overflow attempt (web-client.rules)
3690 - WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules)
3697 - NETBIOS DCERPC DIRECT veritas alter context attempt (netbios.rules)
3698 - NETBIOS DCERPC DIRECT veritas little endian alter context attempt
(netbios.rules)
3699 - NETBIOS DCERPC DIRECT veritas bind attempt (netbios.rules)
3700 - NETBIOS DCERPC DIRECT veritas little endian bind attempt
(netbios.rules)
3701 - DELETED NETBIOS DCERPC NCACN-IP-TCP veritas alter context attempt
(deleted.rules)
3702 - DELETED NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt
(deleted.rules)
3703 - DELETED NETBIOS DCERPC NCACN-IP-TCP veritas little endian alter
context attempt (deleted.rules)
3704 - DELETED NETBIOS DCERPC NCACN-IP-TCP veritas little endian bind
attempt (deleted.rules)
3705 - DELETED NETBIOS SMB veritas WriteAndX alter context attempt
(deleted.rules)
3706 - DELETED NETBIOS SMB veritas WriteAndX andx alter context attempt
(deleted.rules)
3707 - DELETED NETBIOS SMB veritas WriteAndX andx bind attempt
(deleted.rules)
3708 - DELETED NETBIOS SMB veritas WriteAndX bind attempt (deleted.rules)
3709 - DELETED NETBIOS SMB veritas WriteAndX little endian alter context
attempt (deleted.rules)
3710 - DELETED NETBIOS SMB veritas WriteAndX little endian andx alter
context attempt (deleted.rules)
3711 - DELETED NETBIOS SMB veritas WriteAndX little endian andx bind
attempt (deleted.rules)
3712 - DELETED NETBIOS SMB veritas WriteAndX little endian bind attempt
(deleted.rules)
3713 - DELETED NETBIOS SMB veritas WriteAndX unicode alter context
attempt (deleted.rules)
3714 - DELETED NETBIOS SMB veritas WriteAndX unicode andx alter context
attempt (deleted.rules)
3715 - DELETED NETBIOS SMB veritas WriteAndX unicode andx bind attempt
(deleted.rules)
3716 - DELETED NETBIOS SMB veritas WriteAndX unicode bind attempt
(deleted.rules)
3717 - DELETED NETBIOS SMB veritas WriteAndX unicode little endian alter
context attempt (deleted.rules)
3718 - DELETED NETBIOS SMB veritas WriteAndX unicode little endian andx
alter context attempt (deleted.rules)
3719 - DELETED NETBIOS SMB veritas WriteAndX unicode little endian andx
bind attempt (deleted.rules)
3720 - DELETED NETBIOS SMB veritas WriteAndX unicode little endian bind
attempt (deleted.rules)
3721 - DELETED NETBIOS SMB veritas alter context attempt (deleted.rules)
3722 - DELETED NETBIOS SMB veritas andx alter context attempt
(deleted.rules)
3723 - DELETED NETBIOS SMB veritas andx bind attempt (deleted.rules)
3724 - DELETED NETBIOS SMB veritas bind attempt (deleted.rules)
3725 - DELETED NETBIOS SMB veritas little endian alter context attempt
(deleted.rules)
3726 - DELETED NETBIOS SMB veritas little endian andx alter context
attempt (deleted.rules)
3727 - DELETED NETBIOS SMB veritas little endian andx bind attempt
(deleted.rules)
3728 - DELETED NETBIOS SMB veritas little endian bind attempt
(deleted.rules)
3729 - DELETED NETBIOS SMB veritas unicode alter context attempt
(deleted.rules)
3730 - DELETED NETBIOS SMB veritas unicode andx alter context attempt
(deleted.rules)
3731 - DELETED NETBIOS SMB veritas unicode andx bind attempt (deleted.rules)
3732 - DELETED NETBIOS SMB veritas unicode bind attempt (deleted.rules)
3733 - DELETED NETBIOS SMB veritas unicode little endian alter context
attempt (deleted.rules)
3734 - DELETED NETBIOS SMB veritas unicode little endian andx alter
context attempt (deleted.rules)
3735 - DELETED NETBIOS SMB veritas unicode little endian andx bind
attempt (deleted.rules)
3736 - DELETED NETBIOS SMB veritas unicode little endian bind attempt
(deleted.rules)
3737 - DELETED NETBIOS SMB-DS veritas WriteAndX alter context attempt
(deleted.rules)
3738 - DELETED NETBIOS SMB-DS veritas WriteAndX andx alter context
attempt (deleted.rules)
3739 - DELETED NETBIOS SMB-DS veritas WriteAndX andx bind attempt
(deleted.rules)
3740 - DELETED NETBIOS SMB-DS veritas WriteAndX bind attempt (deleted.rules)
3741 - DELETED NETBIOS SMB-DS veritas WriteAndX little endian alter
context attempt (deleted.rules)
3742 - DELETED NETBIOS SMB-DS veritas WriteAndX little endian andx alter
context attempt (deleted.rules)
3743 - DELETED NETBIOS SMB-DS veritas WriteAndX little endian andx bind
attempt (deleted.rules)
3744 - DELETED NETBIOS SMB-DS veritas WriteAndX little endian bind
attempt (deleted.rules)
3745 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode alter context
attempt (deleted.rules)
3746 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode andx alter
context attempt (deleted.rules)
3747 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode andx bind
attempt (deleted.rules)
3748 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode bind attempt
(deleted.rules)
3749 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode little endian
alter context attempt (deleted.rules)
3750 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode little endian
andx alter context attempt (deleted.rules)
3751 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode little endian
andx bind attempt (deleted.rules)
3752 - DELETED NETBIOS SMB-DS veritas WriteAndX unicode little endian
bind attempt (deleted.rules)
3753 - DELETED NETBIOS SMB-DS veritas alter context attempt (deleted.rules)
3754 - DELETED NETBIOS SMB-DS veritas andx alter context attempt
(deleted.rules)
3755 - DELETED NETBIOS SMB-DS veritas andx bind attempt (deleted.rules)
3756 - DELETED NETBIOS SMB-DS veritas bind attempt (deleted.rules)
3757 - DELETED NETBIOS SMB-DS veritas little endian alter context
attempt (deleted.rules)
3758 - DELETED NETBIOS SMB-DS veritas little endian andx alter context
attempt (deleted.rules)
3759 - DELETED NETBIOS SMB-DS veritas little endian andx bind attempt
(deleted.rules)
3760 - DELETED NETBIOS SMB-DS veritas little endian bind attempt
(deleted.rules)
3761 - DELETED NETBIOS SMB-DS veritas unicode alter context attempt
(deleted.rules)
3762 - DELETED NETBIOS SMB-DS veritas unicode andx alter context attempt
(deleted.rules)
3763 - DELETED NETBIOS SMB-DS veritas unicode andx bind attempt
(deleted.rules)
3764 - DELETED NETBIOS SMB-DS veritas unicode bind attempt (deleted.rules)
3765 - DELETED NETBIOS SMB-DS veritas unicode little endian alter
context attempt (deleted.rules)
3766 - DELETED NETBIOS SMB-DS veritas unicode little endian andx alter
context attempt (deleted.rules)
3767 - DELETED NETBIOS SMB-DS veritas unicode little endian andx bind
attempt (deleted.rules)
3768 - DELETED NETBIOS SMB-DS veritas unicode little endian bind attempt
(deleted.rules)
3769 - DELETED NETBIOS DCERPC NCACN-HTTP veritas alter context attempt
(deleted.rules)
3770 - DELETED NETBIOS DCERPC NCACN-HTTP veritas bind attempt
(deleted.rules)
3771 - DELETED NETBIOS DCERPC NCACN-HTTP veritas little endian alter
context attempt (deleted.rules)
3772 - DELETED NETBIOS DCERPC NCACN-HTTP veritas little endian bind
attempt (deleted.rules)
3773 - DELETED NETBIOS DCERPC DIRECT-UDP veritas alter context attempt
(deleted.rules)
3774 - DELETED NETBIOS DCERPC DIRECT-UDP veritas bind attempt
(deleted.rules)
3775 - DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian alter
context attempt (deleted.rules)
3776 - DELETED NETBIOS DCERPC DIRECT-UDP veritas little endian bind
attempt (deleted.rules)
3777 - DELETED NETBIOS DCERPC NCADG-IP-UDP veritas alter context attempt
(deleted.rules)
3778 - DELETED NETBIOS DCERPC NCADG-IP-UDP veritas bind attempt
(deleted.rules)
3779 - DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian alter
context attempt (deleted.rules)
3780 - DELETED NETBIOS DCERPC NCADG-IP-UDP veritas little endian bind
attempt (deleted.rules)
3781 - DELETED NETBIOS-DG SMB veritas WriteAndX alter context attempt
(deleted.rules)
3782 - DELETED NETBIOS-DG SMB veritas WriteAndX andx alter context
attempt (deleted.rules)
3783 - DELETED NETBIOS-DG SMB veritas WriteAndX andx bind attempt
(deleted.rules)
3784 - DELETED NETBIOS-DG SMB veritas WriteAndX bind attempt (deleted.rules)
3785 - DELETED NETBIOS-DG SMB veritas WriteAndX little endian alter
context attempt (deleted.rules)
3786 - DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx alter
context attempt (deleted.rules)
3787 - DELETED NETBIOS-DG SMB veritas WriteAndX little endian andx bind
attempt (deleted.rules)
3788 - DELETED NETBIOS-DG SMB veritas WriteAndX little endian bind
attempt (deleted.rules)
3789 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode alter context
attempt (deleted.rules)
3790 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx alter
context attempt (deleted.rules)
3791 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode andx bind
attempt (deleted.rules)
3792 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode bind attempt
(deleted.rules)
3793 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian
alter context attempt (deleted.rules)
3794 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian
andx alter context attempt (deleted.rules)
3795 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian
andx bind attempt (deleted.rules)
3796 - DELETED NETBIOS-DG SMB veritas WriteAndX unicode little endian
bind attempt (deleted.rules)
3797 - DELETED NETBIOS-DG SMB veritas alter context attempt (deleted.rules)
3798 - DELETED NETBIOS-DG SMB veritas andx alter context attempt
(deleted.rules)
3799 - DELETED NETBIOS-DG SMB veritas andx bind attempt (deleted.rules)
3800 - DELETED NETBIOS-DG SMB veritas bind attempt (deleted.rules)
3801 - DELETED NETBIOS-DG SMB veritas little endian alter context
attempt (deleted.rules)
3802 - DELETED NETBIOS-DG SMB veritas little endian andx alter context
attempt (deleted.rules)
3803 - DELETED NETBIOS-DG SMB veritas little endian andx bind attempt
(deleted.rules)
3804 - DELETED NETBIOS-DG SMB veritas little endian bind attempt
(deleted.rules)
3805 - DELETED NETBIOS-DG SMB veritas unicode alter context attempt
(deleted.rules)
3806 - DELETED NETBIOS-DG SMB veritas unicode andx alter context attempt
(deleted.rules)
3807 - DELETED NETBIOS-DG SMB veritas unicode andx bind attempt
(deleted.rules)
3808 - DELETED NETBIOS-DG SMB veritas unicode bind attempt (deleted.rules)
3809 - DELETED NETBIOS-DG SMB veritas unicode little endian alter
context attempt (deleted.rules)
3810 - DELETED NETBIOS-DG SMB veritas unicode little endian andx alter
context attempt (deleted.rules)
3811 - DELETED NETBIOS-DG SMB veritas unicode little endian andx bind
attempt (deleted.rules)
3812 - DELETED NETBIOS-DG SMB veritas unicode little endian bind attempt
(deleted.rules)
3814 - WEB-CLIENT IE javaprxy.dll COM access (web-client.rules)
3820 - WEB-CLIENT multipacket CHM file transfer attempt (web-client.rules)
3821 - WEB-CLIENT CHM file transfer attempt (web-client.rules)
3823 - WEB-MISC Real Player realtext file bad version buffer overflow
attempt (web-misc.rules)
4060 - NEW POLICY RDP attempted Administrator connection request
(policy.rules)
4642 - ORACLE sys.pbsde.init buffer overflow attempt (oracle.rules)
4647 - WEB-CLIENT internet explorer javascript onload denial of service
attempt (web-client.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDmMwAMpm0ve0NhMcRAsdYAJ0f+sBH0E+AYgceDfpZAFYRxhz9lACdFleW
Dh4q0pXH7/o4EwSAnIdxZs8=
=36aq
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list