Sourcefire VRT Rules Update

Date: 2012-12-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25017 <-> DISABLED <-> SERVER-WEBAPP httpdx tolog function format string code execution attempt (server-webapp.rules)
 * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Opachki variant connect to cnc-server attempt (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25054 <-> ENABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:25053 <-> ENABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules)
 * 1:25052 <-> ENABLED <-> EXPLOIT-KIT Redkit Exploit Kit Java Exploit requested - 3 digit (exploit-kit.rules)
 * 1:25049 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks outbound connection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:25051 <-> ENABLED <-> EXPLOIT-KIT Redkit landing page redirection (exploit-kit.rules)
 * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange landing page - specific structure (exploit-kit.rules)
 * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX Exploit Kit PDF Library exploit download (exploit-kit.rules)
 * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX Exploit Kit Java V6 exploit download (exploit-kit.rules)
 * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX Exploit Kit Java V7 exploit download (exploit-kit.rules)
 * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 url structure detected (exploit-kit.rules)
 * 1:25045 <-> ENABLED <-> EXPLOIT-KIT Cool Exploit Kit requesting payload (exploit-kit.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25042 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent downloading Portable Executable - Possible Exploit Kit (exploit-kit.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25018 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules)
 * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules)
 * 1:24897 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules)
 * 1:3409 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (os-windows.rules)
 * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules)
 * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules)
 * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules)
 * 1:1901 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules)
 * 1:18985 <-> ENABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:1900 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules)
 * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules)
 * 1:14615 <-> ENABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules)
 * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules)
 * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules)
 * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules)
 * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules)
 * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:23835 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules)
 * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23366 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM NFS v2 xdrdecodeString heap buffer overflow attempt (server-other.rules)
 * 1:23834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules)
 * 1:23364 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM v2 xdrdecodeString heap buffer overflow attempt (server-other.rules)
 * 1:23365 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM NFS v3 xdrdecodeString heap buffer overflow attempt (server-other.rules)
 * 1:23363 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM xdrdecodeString heap buffer overflow attempt (server-other.rules)
 * 1:23098 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23096 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules)
 * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules)
 * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (server-other.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules)
 * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (server-other.rules)
 * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules)
 * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules)
 * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules)
 * 1:17598 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules)
 * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules)
 * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules)
 * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules)
 * 1:16034 <-> ENABLED <-> SERVER-OTHER Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-other.rules)
 * 1:16001 <-> ENABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules)
 * 1:16196 <-> ENABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules)
 * 1:16058 <-> DISABLED <-> SERVER-OTHER Samba WINS Server Name Registration handling stack buffer overflow attempt (server-other.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules)
 * 1:15986 <-> DISABLED <-> SERVER-OTHER Samba unicode filename buffer overflow attempt (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15983 <-> DISABLED <-> SERVER-OTHER Samba arbitrary file access exploit attempt (server-other.rules)
 * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules)
 * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules)
 * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules)
 * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules)
 * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:16017 <-> ENABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules)
 * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules)
 * 1:15984 <-> DISABLED <-> SERVER-OTHER Samba Printer Change Notification Request DoS attempt (server-other.rules)
 * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules)
 * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules)
 * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules)
 * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules)
 * 1:19323 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules)
 * 1:23056 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher buffer overflow attempt (server-other.rules)
 * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules)
 * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules)
 * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules)
 * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules)
 * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules)
 * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules)
 * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules)
 * 1:19210 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules)
 * 1:19313 <-> DISABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules)
 * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules)
 * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules)
 * 1:19892 <-> ENABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Tracur variant outbound communication (malware-cnc.rules)
 * 1:24837 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange initial landing page (exploit-kit.rules)
 * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Tracur variant outbound communication (malware-cnc.rules)
 * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules)
 * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules)
 * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure (server-other.rules)
 * 1:2417 <-> DISABLED <-> PROTOCOL-FTP format string attempt (protocol-ftp.rules)
 * 1:8702 <-> DISABLED <-> SERVER-OTHER IceCast header buffer overflow attempt (server-other.rules)
 * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules)
 * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS DeleteReports stored procedure SQL injection (server-other.rules)
 * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)
 * 1:24738 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules)
 * 1:24446 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string attempt (server-other.rules)
 * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:13846 <-> ENABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules)
 * 1:8703 <-> DISABLED <-> SERVER-OTHER IceCast header buffer overflow attempt (server-other.rules)
 * 1:20250 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (server-other.rules)
 * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules)
 * 1:20620 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules)
 * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules)
 * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules)
 * 1:20255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules)
 * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules)
 * 1:3006 <-> DISABLED <-> SERVER-OTHER Volition Freespace 2 buffer overflow attempt (server-other.rules)
 * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (server-other.rules)
 * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules)
 * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules)
 * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules)
 * 1:21418 <-> ENABLED <-> MALWARE-CNC Trojan.FareIt outbound connection (malware-cnc.rules)
 * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:310 <-> DISABLED <-> SERVER-MAIL x86 windows MailMax overflow (server-mail.rules)
 * 1:25009 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - User-Agent User-Agent (blacklist.rules)
 * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules)
 * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Actionscript Stage3D null dereference attempt (file-flash.rules)
 * 1:17556 <-> ENABLED <-> SERVER-OTHER Firebird database invalid state memory corruption (server-other.rules)
 * 1:23978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:6469 <-> DISABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:17445 <-> ENABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules)
 * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow (server-other.rules)
 * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules)
 * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules)
 * 1:13902 <-> ENABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules)
 * 1:2129 <-> DISABLED <-> SERVER-IIS nsiislog.dll access (server-iis.rules)
 * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules)
 * 1:309 <-> DISABLED <-> SERVER-MAIL sniffit overflow (server-mail.rules)
 * 1:2584 <-> DISABLED <-> SERVER-OTHER eMule buffer overflow attempt (server-other.rules)
 * 1:6470 <-> DISABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules)
 * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules)
 * 1:20060 <-> ENABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules)
 * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules)
 * 1:17607 <-> ENABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules)
 * 1:17544 <-> ENABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules)
 * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules)
 * 1:17225 <-> ENABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user (server-other.rules)
 * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules)
 * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot outbound connection (malware-cnc.rules)