[Snort-sigs] snort-rules update @ Wed Jan 12 11:15:52 2005

bmc at ...95... bmc at ...95...
Wed Jan 12 08:17:17 EST 2005


New rules:
3058 - IMAP copy literal overflow attempt (imap.rules, requires 2.1 or later)
3059 - WEB-MISC TLS1 Client_Hello via SSLv2 handshake request (web-misc.rules, requires 2.2 or later)
3060 - WEB-MISC TLS1 Client_Hello with pad via SSLv2 handshake request (web-misc.rules, requires 2.2 or later)
3061 - MISC distccd command execution attempt (misc.rules)
3062 - WEB-CGI NetScreen SA 5000 delhomepage.cgi access (web-cgi.rules)
3063 - BACKDOOR Vampire 1.2 connection request (backdoor.rules, requires 2.2 or later)
3064 - BACKDOOR Vampire 1.2 connection confirmation (backdoor.rules, requires 2.2 or later)
3065 - IMAP append literal overflow attempt (imap.rules, requires 2.1 or later)
3066 - IMAP append overflow attempt (imap.rules, requires 2.1 or later)
3067 - IMAP examine literal overflow attempt (imap.rules, requires 2.1 or later)
3068 - IMAP examine overflow attempt (imap.rules, requires 2.1 or later)
3069 - IMAP fetch literal overflow attempt (imap.rules, requires 2.1 or later)
3070 - IMAP fetch overflow attempt (imap.rules, requires 2.1 or later)
3071 - IMAP status literal overflow attempt (imap.rules, requires 2.1 or later)
3072 - IMAP status overflow attempt (imap.rules, requires 2.1 or later)
3073 - IMAP subscribe literal overflow attempt (imap.rules, requires 2.1 or later)
3074 - IMAP subscribe overflow attempt (imap.rules, requires 2.1 or later)
3075 - IMAP unsubscribe literal overflow attempt (imap.rules, requires 2.1 or later)
3076 - IMAP unsubscribe overflow attempt (imap.rules, requires 2.1 or later)
3077 - FTP RNFR overflow attempt (ftp.rules, requires 2.1 or later)
3078 - NNTP SEARCH pattern overflow attempt (nntp.rules, requires 2.1 or later)

Updated rules:
 112 - BACKDOOR BackOrifice access (deleted.rules)
 114 - BACKDOOR netbus active (deleted.rules)
 269 - DOS Land attack (deleted.rules)
 291 - NNTP Cassandra Overflow (deleted.rules)
 299 - IMAP EXPLOIT x86 linux overflow (deleted.rules)
 329 - FINGER cybercop redirection (deleted.rules)
 352 - FTP EXPLOIT x86 linux overflow (deleted.rules)
 513 - MISC Cisco Catalyst Remote Access (deleted.rules)
 542 - CHAT IRC nick change (chat.rules)
 559 - P2P Inbound GNUTella client request (deleted.rules)
 570 - RPC EXPLOIT ttdbserv solaris overflow (deleted.rules)
 571 - RPC EXPLOIT ttdbserv Solaris overflow (deleted.rules)
 615 - SCAN SOCKS Proxy attempt (deleted.rules)
 618 - SCAN Squid Proxy attempt (deleted.rules)
 620 - SCAN Proxy Port 8080 attempt (deleted.rules)
 628 - SCAN nmap TCP (deleted.rules)
 629 - SCAN nmap fingerprint attempt (deleted.rules)
 736 - Virus - Successful eurocalculator execution (deleted.rules)
 738 - Virus - Possible Pikachu Pokemon Virus (deleted.rules)
 970 - WEB-IIS multiple decode attempt (deleted.rules)
 981 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 982 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 983 - WEB-IIS unicode directory traversal attempt (deleted.rules)
1182 - WEB-MISC cgitest.exe attempt (deleted.rules)
1246 - WEB-FRONTPAGE rad overflow attempt (deleted.rules)
1247 - WEB-FRONTPAGE rad overflow attempt (deleted.rules)
1251 - INFO TELNET Bad Login (deleted.rules)
1328 - WEB-ATTACKS /bin/ps command attempt (deleted.rules)
1329 - WEB-ATTACKS ps command attempt (deleted.rules)
1330 - WEB-ATTACKS wget command attempt (deleted.rules)
1331 - WEB-ATTACKS uname -a command attempt (deleted.rules)
1332 - WEB-ATTACKS /usr/bin/id command attempt (deleted.rules)
1333 - WEB-ATTACKS id command attempt (deleted.rules)
1334 - WEB-ATTACKS echo command attempt (deleted.rules)
1335 - WEB-ATTACKS kill command attempt (deleted.rules)
1336 - WEB-ATTACKS chmod command attempt (deleted.rules)
1337 - WEB-ATTACKS chgrp command attempt (deleted.rules)
1338 - WEB-ATTACKS chown command attempt (deleted.rules)
1339 - WEB-ATTACKS chsh command attempt (deleted.rules)
1340 - WEB-ATTACKS tftp command attempt (deleted.rules)
1341 - WEB-ATTACKS /usr/bin/gcc command attempt (deleted.rules)
1342 - WEB-ATTACKS gcc command attempt (deleted.rules)
1343 - WEB-ATTACKS /usr/bin/cc command attempt (deleted.rules)
1344 - WEB-ATTACKS cc command attempt (deleted.rules)
1345 - WEB-ATTACKS /usr/bin/cpp command attempt (deleted.rules)
1346 - WEB-ATTACKS cpp command attempt (deleted.rules)
1347 - WEB-ATTACKS /usr/bin/g++ command attempt (deleted.rules)
1348 - WEB-ATTACKS g++ command attempt (deleted.rules)
1349 - WEB-ATTACKS bin/python access attempt (deleted.rules)
1350 - WEB-ATTACKS python access attempt (deleted.rules)
1351 - WEB-ATTACKS bin/tclsh execution attempt (deleted.rules)
1352 - WEB-ATTACKS tclsh execution attempt (deleted.rules)
1353 - WEB-ATTACKS bin/nasm command attempt (deleted.rules)
1354 - WEB-ATTACKS nasm command attempt (deleted.rules)
1355 - WEB-ATTACKS /usr/bin/perl execution attempt (deleted.rules)
1356 - WEB-ATTACKS perl execution attempt (deleted.rules)
1357 - WEB-ATTACKS nt admin addition attempt (deleted.rules)
1358 - WEB-ATTACKS traceroute command attempt (deleted.rules)
1359 - WEB-ATTACKS ping command attempt (deleted.rules)
1360 - WEB-ATTACKS netcat command attempt (deleted.rules)
1361 - WEB-ATTACKS nmap command attempt (deleted.rules)
1362 - WEB-ATTACKS xterm command attempt (deleted.rules)
1363 - WEB-ATTACKS X application to remote host attempt (deleted.rules)
1364 - WEB-ATTACKS lsof command attempt (deleted.rules)
1365 - WEB-ATTACKS rm command attempt (deleted.rules)
1366 - WEB-ATTACKS mail command attempt (deleted.rules)
1367 - WEB-ATTACKS mail command attempt (deleted.rules)
1368 - WEB-ATTACKS /bin/ls| command attempt (deleted.rules)
1369 - WEB-ATTACKS /bin/ls command attempt (deleted.rules)
1370 - WEB-ATTACKS /etc/inetd.conf access (deleted.rules)
1371 - WEB-ATTACKS /etc/motd access (deleted.rules)
1372 - WEB-ATTACKS /etc/shadow access (deleted.rules)
1373 - WEB-ATTACKS conf/httpd.conf attempt (deleted.rules)
1530 - FTP format string attempt (deleted.rules)
1553 - WEB-CGI /cart/cart.cgi access (deleted.rules)
1631 - CHAT AIM login (chat.rules)
1758 - WEB-MISC b2 access (deleted.rules)
1762 - WEB-CGI phf arbitrary command execution attempt (web-cgi.rules)
1780 - IMAP EXPLOIT partial body overflow attempt (deleted.rules)
1800 - VIRUS Klez Incoming (deleted.rules)
1945 - WEB-IIS unicode directory traversal attempt (deleted.rules)
2102 - NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt (deleted.rules)
2384 - NETBIOS SMB NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2385 - NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2498 - IMAP SSLv3 invalid timestamp attempt (deleted.rules)
2499 - MISC LDAP SSLv3 invalid timestamp attempt (deleted.rules)
2503 - SMTP SSLv3 invalid timestamp attempt (deleted.rules)
2506 - WEB-MISC SSLv3 invalid timestamp attempt (deleted.rules)
2570 - WEB-MISC Invalid HTTP Version String (web-misc.rules, requires 2.1 or later)
2600 - ORACLE add_grouped_column ordered sname/oname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2604 - ORACLE create_mview_repgroup ordered fname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2607 - ORACLE comment_on_repobject ordered type buffer overflow attempt (deleted.rules, requires 2.1 or later)
2610 - ORACLE cancel_statistics ordered sname/oname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2613 - ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt (deleted.rules, requires 2.1 or later)
2616 - ORACLE grant_surrogate_repcat ordered userid buffer overflow attempt (deleted.rules, requires 2.1 or later)
2618 - ORACLE alter_mview_propagation ordered gname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2620 - ORACLE alter_master_repobject ordered type buffer overflow attempt (deleted.rules, requires 2.1 or later)
2625 - ORACLE unregister_user_repgroup ordered privilege_type buffer overflow attempt (deleted.rules, requires 2.1 or later)
2628 - ORACLE repcat_import_check ordered gowner/gname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2630 - ORACLE register_user_repgroup ordered privilege_type buffer overflow attempt (deleted.rules, requires 2.1 or later)
2632 - ORACLE refresh_mview_repgroup ordered gowner buffer overflow attempt (deleted.rules, requires 2.1 or later)
2634 - ORACLE rectifier_diff ordered sname1 buffer overflow attempt (deleted.rules, requires 2.1 or later)
2636 - ORACLE snapshot.end_load ordered gname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2638 - ORACLE drop_master_repobject ordered type buffer overflow attempt (deleted.rules, requires 2.1 or later)
2640 - ORACLE drop_mview_repgroup ordered gowner/gname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2642 - ORACLE drop_site_instantiation ordered refresh_template_name buffer overflow attempt (deleted.rules, requires 2.1 or later)
2646 - ORACLE instantiate_offline ordered refresh_template_name buffer overflow attempt (deleted.rules, requires 2.1 or later)
2648 - ORACLE instantiate_online ordered refresh_template_name buffer overflow attempt (deleted.rules, requires 2.1 or later)
2653 - ORACLE og.begin_load ordered gname buffer overflow attempt (deleted.rules, requires 2.1 or later)
2671 - WEB-CLIENT bitmap BitmapOffset integer overflow attempt (web-client.rules, requires 2.1 or later)
2673 - WEB-CLIENT libpng tRNS overflow attempt (web-client.rules, requires 2.1 or later)
2923 - NETBIOS SMB repeated logon failure (netbios.rules, requires 2.1 or later)
2924 - NETBIOS SMB-DS repeated logon failure (netbios.rules, requires 2.1 or later)
2927 - NNTP XPAT pattern overflow attempt (nntp.rules, requires 2.1 or later)
3013 - BACKDOOR Asylum 0.1 connection request (backdoor.rules, requires 2.2 or later)
3014 - BACKDOOR Asylum 0.1 connection established (backdoor.rules, requires 2.2 or later)





More information about the Snort-sigs mailing list