[Snort-sigs] snort-rules update @ Wed Feb 9 20:15:50 2005

bmc at ...95... bmc at ...95...
Wed Feb 9 17:19:04 EST 2005


New rules:
3089 - DOS squid WCCP I_SEE_YOU message overflow attempt (dos.rules)
3090 - NETBIOS SMB llsrpc create tree attempt (netbios.rules, requires 2.2 or later)
3091 - NETBIOS SMB llsrpc unicode create tree attempt (netbios.rules, requires 2.2 or later)
3092 - NETBIOS SMB llsrpc andx create tree attempt (netbios.rules, requires 2.2 or later)
3093 - NETBIOS SMB llsrpc unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
3094 - NETBIOS SMB-DS llsrpc create tree attempt (netbios.rules, requires 2.2 or later)
3095 - NETBIOS SMB-DS llsrpc unicode create tree attempt (netbios.rules, requires 2.2 or later)
3096 - NETBIOS SMB-DS llsrpc andx create tree attempt (netbios.rules, requires 2.2 or later)
3097 - NETBIOS SMB-DS llsrpc unicode andx create tree attempt (netbios.rules, requires 2.2 or later)
3098 - NETBIOS SMB llsrpc bind attempt (netbios.rules, requires 2.2 or later)
3099 - NETBIOS SMB llsrpc little endian bind attempt (netbios.rules, requires 2.2 or later)
3100 - NETBIOS SMB llsrpc unicode bind attempt (netbios.rules, requires 2.2 or later)
3101 - NETBIOS SMB llsrpc unicode little endian bind attempt (netbios.rules, requires 2.2 or later)
3102 - NETBIOS SMB llsrpc andx bind attempt (netbios.rules, requires 2.2 or later)
3103 - NETBIOS SMB llsrpc little endian andx bind attempt (netbios.rules, requires 2.2 or later)
3104 - NETBIOS SMB llsrpc unicode andx bind attempt (netbios.rules, requires 2.2 or later)
3105 - NETBIOS SMB llsrpc unicode little endian andx bind attempt (netbios.rules, requires 2.2 or later)
3106 - NETBIOS SMB-DS llsrpc bind attempt (netbios.rules, requires 2.2 or later)
3107 - NETBIOS SMB-DS llsrpc little endian bind attempt (netbios.rules, requires 2.2 or later)
3108 - NETBIOS SMB-DS llsrpc unicode bind attempt (netbios.rules, requires 2.2 or later)
3109 - NETBIOS SMB-DS llsrpc unicode little endian bind attempt (netbios.rules, requires 2.2 or later)
3110 - NETBIOS SMB-DS llsrpc andx bind attempt (netbios.rules, requires 2.2 or later)
3111 - NETBIOS SMB-DS llsrpc little endian andx bind attempt (netbios.rules, requires 2.2 or later)
3112 - NETBIOS SMB-DS llsrpc unicode andx bind attempt (netbios.rules, requires 2.2 or later)
3113 - NETBIOS SMB-DS llsrpc unicode little endian andx bind attempt (netbios.rules, requires 2.2 or later)
3114 - NETBIOS SMB llsrconnect overflow attempt (netbios.rules, requires 2.2 or later)
3115 - NETBIOS SMB llsrconnect little endian overflow attempt (netbios.rules, requires 2.2 or later)
3116 - NETBIOS SMB llsrconnect unicode overflow attempt (netbios.rules, requires 2.2 or later)
3117 - NETBIOS SMB llsrconnect unicode little endian overflow attempt (netbios.rules, requires 2.2 or later)
3118 - NETBIOS SMB llsrconnect andx overflow attempt (netbios.rules, requires 2.2 or later)
3119 - NETBIOS SMB llsrconnect little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
3120 - NETBIOS SMB llsrconnect unicode andx overflow attempt (netbios.rules, requires 2.2 or later)
3121 - NETBIOS SMB llsrconnect unicode little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
3122 - NETBIOS SMB-DS llsrconnect overflow attempt (netbios.rules, requires 2.2 or later)
3123 - NETBIOS SMB-DS llsrconnect little endian overflow attempt (netbios.rules, requires 2.2 or later)
3124 - NETBIOS SMB-DS llsrconnect unicode overflow attempt (netbios.rules, requires 2.2 or later)
3125 - NETBIOS SMB-DS llsrconnect unicode little endian overflow attempt (netbios.rules, requires 2.2 or later)
3126 - NETBIOS SMB-DS llsrconnect andx overflow attempt (netbios.rules, requires 2.2 or later)
3127 - NETBIOS SMB-DS llsrconnect little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
3128 - NETBIOS SMB-DS llsrconnect unicode andx overflow attempt (netbios.rules, requires 2.2 or later)
3129 - NETBIOS SMB-DS llsrconnect unicode little endian andx overflow attempt (netbios.rules, requires 2.2 or later)
3130 - EXPLOIT MSN Messenger png overflow (exploit.rules)
3131 - WEB-CGI mailman directory traversal attempt (web-cgi.rules)

Updated rules:
 241 - DDOS shaft synflood (ddos.rules)
 275 - DOS NAPTHA (dos.rules)
 494 - ATTACK-RESPONSES command completed (attack-responses.rules)
 495 - ATTACK-RESPONSES command error (attack-responses.rules)
 497 - ATTACK-RESPONSES file copied ok (attack-responses.rules)
 526 - BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules)
 622 - SCAN ipEye SYN scan (scan.rules)
 630 - SCAN synscan portscan (scan.rules)
1104 - WEB-MISC whisker space splice attack (web-misc.rules)
1257 - DOS Winnuke attack (dos.rules)
1292 - ATTACK-RESPONSES directory listing (attack-responses.rules)
1641 - DOS DB2 dos attempt (dos.rules)
2123 - ATTACK-RESPONSES Microsoft cmd.exe banner (attack-responses.rules)
3017 - EXPLOIT WINS overflow attempt (exploit.rules, requires 2.1 or later)
3065 - IMAP append literal overflow attempt (imap.rules, requires 2.1 or later)
3066 - IMAP append overflow attempt (imap.rules, requires 2.1 or later)





More information about the Snort-sigs mailing list