[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Thu Jun 29 10:28:11 EDT 2006

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000686-100000688. These rules cover a denial of service attack against the EnergyMech IRC Bot, as well as detection of AJAX Remote Desktop traffic, which may be a policy violation in your environment.

Sourcefire would like to thank the VeriSign MSS Operations Team for submitting SIDs 100000686-100000687. As a reminder, anyone who wishes to submit rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000686 || COMMUNITY DOS EnergyMech parse_notice vulnerability - inbound
100000687 || COMMUNITY DOS EnergyMech parse_notice vulnerability - outbound
100000688 || COMMUNITY POLICY Ajax Remote Desktop Connection

More information about the Snort-sigs mailing list